# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Mar 3 2020 14:14:30 # Log Creation Date: 01.04.2020 17:38:16.807 Process: id = "1" image_name = "Ключи активации на 365 дней.exe" filename = "c:\\users\\fd1hvy\\desktop\\Ключи активации на 365 дней.exe" page_root = "0x1863c000" os_pid = "0x1134" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x560" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.exe\" " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x1130 [0069.846] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x772d0000 [0069.848] GetProcAddress (hModule=0x772d0000, lpProcName="SetFileAttributesW") returned 0x7733f100 [0069.848] GetProcAddress (hModule=0x772d0000, lpProcName="GetFileType") returned 0x7733ef60 [0069.848] GetProcAddress (hModule=0x772d0000, lpProcName="QueryDosDeviceW") returned 0x7733f080 [0069.848] GetProcAddress (hModule=0x772d0000, lpProcName="GetACP") returned 0x772e4ca0 [0069.848] GetProcAddress (hModule=0x772d0000, lpProcName="CloseHandle") returned 0x7733eab0 [0069.848] GetProcAddress (hModule=0x772d0000, lpProcName="LocalFree") returned 0x772e5b40 [0069.848] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentProcessId") returned 0x7733ea20 [0069.848] GetProcAddress (hModule=0x772d0000, lpProcName="SizeofResource") returned 0x772e6740 [0069.849] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualProtect") returned 0x772e6a30 [0069.849] GetProcAddress (hModule=0x772d0000, lpProcName="QueryPerformanceFrequency") returned 0x772e5dc0 [0069.849] GetProcAddress (hModule=0x772d0000, lpProcName="IsDebuggerPresent") returned 0x772e5930 [0069.849] GetProcAddress (hModule=0x772d0000, lpProcName="FindNextFileW") returned 0x7733ee40 [0069.849] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualFree") returned 0x772e69d0 [0069.849] GetProcAddress (hModule=0x772d0000, lpProcName="GetFullPathNameW") returned 0x7733efa0 [0069.849] GetProcAddress (hModule=0x772d0000, lpProcName="ExitProcess") returned 0x772e3cb0 [0069.849] GetProcAddress (hModule=0x772d0000, lpProcName="HeapAlloc") returned 0x779b2dc0 [0069.849] GetProcAddress (hModule=0x772d0000, lpProcName="GetCPInfoExW") returned 0x772e4d30 [0069.850] GetProcAddress (hModule=0x772d0000, lpProcName="RtlUnwind") returned 0x772e7c10 [0069.850] GetProcAddress (hModule=0x772d0000, lpProcName="GetCPInfo") returned 0x772e4d10 [0069.850] GetProcAddress (hModule=0x772d0000, lpProcName="EnumSystemLocalesW") returned 0x772e49c0 [0069.850] GetProcAddress (hModule=0x772d0000, lpProcName="GetStdHandle") returned 0x772e5330 [0069.850] GetProcAddress (hModule=0x772d0000, lpProcName="GetTimeZoneInformation") returned 0x772e5650 [0069.850] GetProcAddress (hModule=0x772d0000, lpProcName="FileTimeToLocalFileTime") returned 0x7733ed60 [0069.850] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleHandleW") returned 0x772e50d0 [0069.850] GetProcAddress (hModule=0x772d0000, lpProcName="FreeLibrary") returned 0x772e4c40 [0069.851] GetProcAddress (hModule=0x772d0000, lpProcName="TryEnterCriticalSection") returned 0x779caae0 [0069.851] GetProcAddress (hModule=0x772d0000, lpProcName="HeapDestroy") returned 0x772e57d0 [0069.851] GetProcAddress (hModule=0x772d0000, lpProcName="FileTimeToDosDateTime") returned 0x77321eb0 [0069.851] GetProcAddress (hModule=0x772d0000, lpProcName="ReadFile") returned 0x7733f090 [0069.851] GetProcAddress (hModule=0x772d0000, lpProcName="HeapSize") returned 0x779ca790 [0069.851] GetProcAddress (hModule=0x772d0000, lpProcName="GetLastError") returned 0x772e5010 [0069.851] GetProcAddress (hModule=0x772d0000, lpProcName="GetModuleFileNameW") returned 0x772e5090 [0069.851] GetProcAddress (hModule=0x772d0000, lpProcName="SetLastError") returned 0x772e4f00 [0069.852] GetProcAddress (hModule=0x772d0000, lpProcName="FindResourceW") returned 0x772e4aa0 [0069.852] GetProcAddress (hModule=0x772d0000, lpProcName="CreateThread") returned 0x772e46b0 [0069.852] GetProcAddress (hModule=0x772d0000, lpProcName="CompareStringW") returned 0x772e4430 [0069.852] GetProcAddress (hModule=0x772d0000, lpProcName="CopyFileW") returned 0x7733f3b0 [0069.852] GetProcAddress (hModule=0x772d0000, lpProcName="MapViewOfFile") returned 0x772e5be0 [0069.852] GetProcAddress (hModule=0x772d0000, lpProcName="CreateMutexW") returned 0x7733eb70 [0069.852] GetProcAddress (hModule=0x772d0000, lpProcName="LoadLibraryA") returned 0x772e5a80 [0069.852] GetProcAddress (hModule=0x772d0000, lpProcName="ResetEvent") returned 0x7733ec40 [0069.852] GetProcAddress (hModule=0x772d0000, lpProcName="GetVolumeInformationW") returned 0x7733f020 [0069.853] GetProcAddress (hModule=0x772d0000, lpProcName="FreeResource") returned 0x772e4c80 [0069.853] GetProcAddress (hModule=0x772d0000, lpProcName="GetDriveTypeW") returned 0x7733eed0 [0069.853] GetProcAddress (hModule=0x772d0000, lpProcName="GetVersion") returned 0x772e56c0 [0069.853] GetProcAddress (hModule=0x772d0000, lpProcName="RaiseException") returned 0x772e5e20 [0069.853] GetProcAddress (hModule=0x772d0000, lpProcName="FormatMessageW") returned 0x772e4be0 [0069.853] GetProcAddress (hModule=0x772d0000, lpProcName="SwitchToThread") returned 0x772e6790 [0069.853] GetProcAddress (hModule=0x772d0000, lpProcName="GetExitCodeThread") returned 0x772e4ff0 [0069.853] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentThread") returned 0x772e8810 [0069.853] GetProcAddress (hModule=0x772d0000, lpProcName="LoadLibraryExW") returned 0x772e5ac0 [0069.853] GetProcAddress (hModule=0x772d0000, lpProcName="LockResource") returned 0x772e5bc0 [0069.853] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentThreadId") returned 0x772e8820 [0069.854] GetProcAddress (hModule=0x772d0000, lpProcName="UnhandledExceptionFilter") returned 0x772e68d0 [0069.854] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualQuery") returned 0x772e6a70 [0069.854] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualQueryEx") returned 0x772e6a90 [0069.854] GetProcAddress (hModule=0x772d0000, lpProcName="Sleep") returned 0x772e6760 [0069.854] GetProcAddress (hModule=0x772d0000, lpProcName="EnterCriticalSection") returned 0x779bb2d0 [0069.854] GetProcAddress (hModule=0x772d0000, lpProcName="SetFilePointer") returned 0x7733f120 [0069.854] GetProcAddress (hModule=0x772d0000, lpProcName="LoadResource") returned 0x772e5b00 [0069.854] GetProcAddress (hModule=0x772d0000, lpProcName="SuspendThread") returned 0x772e6770 [0069.854] GetProcAddress (hModule=0x772d0000, lpProcName="GetTickCount") returned 0x7733dd50 [0069.854] GetProcAddress (hModule=0x772d0000, lpProcName="GetFileSize") returned 0x7733ef30 [0069.854] GetProcAddress (hModule=0x772d0000, lpProcName="GetStartupInfoW") returned 0x772e5320 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="GetFileAttributesW") returned 0x7733ef10 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="InitializeCriticalSection") returned 0x779caf20 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="GetThreadPriority") returned 0x772e5610 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="GetCurrentProcess") returned 0x7733ea10 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="SetThreadPriority") returned 0x772e66c0 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="VirtualAlloc") returned 0x772e6970 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="GetCommandLineW") returned 0x772e4cc0 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="GetSystemInfo") returned 0x772e54d0 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="GetTempPathW") returned 0x7733eff0 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="LeaveCriticalSection") returned 0x779bb250 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="GetProcAddress") returned 0x772e51b0 [0069.855] GetProcAddress (hModule=0x772d0000, lpProcName="ResumeThread") returned 0x772e6380 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="GetLogicalDriveStringsW") returned 0x7733efb0 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="GetVersionExW") returned 0x772e56f0 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="VerifyVersionInfoW") returned 0x773226c0 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="HeapCreate") returned 0x772e57b0 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="GetDiskFreeSpaceW") returned 0x7733eeb0 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="VerSetConditionMask") returned 0x779d48b0 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="FindFirstFileW") returned 0x7733edf0 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="GetUserDefaultUILanguage") returned 0x772e56b0 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="GetConsoleOutputCP") returned 0x7733f460 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="UnmapViewOfFile") returned 0x772e68f0 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="GetConsoleCP") returned 0x7733f440 [0069.856] GetProcAddress (hModule=0x772d0000, lpProcName="lstrlenW") returned 0x772e6c70 [0069.857] GetProcAddress (hModule=0x772d0000, lpProcName="SetEndOfFile") returned 0x7733f0e0 [0069.857] GetProcAddress (hModule=0x772d0000, lpProcName="QueryPerformanceCounter") returned 0x772e5da0 [0069.857] GetProcAddress (hModule=0x772d0000, lpProcName="HeapFree") returned 0x772e57f0 [0069.857] GetProcAddress (hModule=0x772d0000, lpProcName="WideCharToMultiByte") returned 0x772e6b10 [0069.857] GetProcAddress (hModule=0x772d0000, lpProcName="FindClose") returned 0x7733ed70 [0069.857] GetProcAddress (hModule=0x772d0000, lpProcName="MultiByteToWideChar") returned 0x772e5c40 [0069.857] GetProcAddress (hModule=0x772d0000, lpProcName="LoadLibraryW") returned 0x772e5ae0 [0069.857] GetProcAddress (hModule=0x772d0000, lpProcName="SetEvent") returned 0x7733ec50 [0069.857] GetProcAddress (hModule=0x772d0000, lpProcName="GetLocaleInfoW") returned 0x772e5040 [0069.857] GetProcAddress (hModule=0x772d0000, lpProcName="CreateFileW") returned 0x7733ed10 [0069.857] GetProcAddress (hModule=0x772d0000, lpProcName="DeleteFileW") returned 0x7733ed40 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="IsDBCSLeadByteEx") returned 0x772e5910 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="GetEnvironmentVariableW") returned 0x772e4fb0 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="GetLocalTime") returned 0x772e5060 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="WaitForSingleObject") returned 0x7733eca0 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="WriteFile") returned 0x7733f180 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="CreateFileMappingW") returned 0x772e44b0 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="ExitThread") returned 0x779d6390 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="DeleteCriticalSection") returned 0x7799fb90 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="GetDateFormatW") returned 0x772e7740 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="TlsGetValue") returned 0x772e6850 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="SetErrorMode") returned 0x772e6500 [0069.858] GetProcAddress (hModule=0x772d0000, lpProcName="IsValidLocale") returned 0x772e5a00 [0069.859] GetProcAddress (hModule=0x772d0000, lpProcName="TlsSetValue") returned 0x772e6870 [0069.859] GetProcAddress (hModule=0x772d0000, lpProcName="GetSystemDefaultUILanguage") returned 0x772e53f0 [0069.859] GetProcAddress (hModule=0x772d0000, lpProcName="EnumCalendarInfoW") returned 0x772e4800 [0069.859] GetProcAddress (hModule=0x772d0000, lpProcName="LocalAlloc") returned 0x772e5b20 [0069.859] GetProcAddress (hModule=0x772d0000, lpProcName="RemoveDirectoryW") returned 0x7733f0d0 [0069.859] GetProcAddress (hModule=0x772d0000, lpProcName="CreateEventW") returned 0x7733eb30 [0069.859] GetProcAddress (hModule=0x772d0000, lpProcName="SetThreadLocale") returned 0x772e6fc0 [0069.859] GetProcAddress (hModule=0x772d0000, lpProcName="GetThreadLocale") returned 0x772e5600 [0069.859] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x756e0000 [0069.859] GetProcAddress (hModule=0x756e0000, lpProcName="RegSetValueExW") returned 0x756ff530 [0069.860] GetProcAddress (hModule=0x756e0000, lpProcName="InitializeAcl") returned 0x756ff850 [0069.860] GetProcAddress (hModule=0x756e0000, lpProcName="RegQueryValueExW") returned 0x756fe5a0 [0069.860] GetProcAddress (hModule=0x756e0000, lpProcName="SetKernelObjectSecurity") returned 0x75700980 [0069.861] GetProcAddress (hModule=0x756e0000, lpProcName="InitializeSecurityDescriptor") returned 0x756ff870 [0069.861] GetProcAddress (hModule=0x756e0000, lpProcName="RegCloseKey") returned 0x756fed60 [0069.861] GetProcAddress (hModule=0x756e0000, lpProcName="RegCreateKeyExW") returned 0x756ff4f0 [0069.861] GetProcAddress (hModule=0x756e0000, lpProcName="SetSecurityDescriptorDacl") returned 0x756ff6c0 [0069.861] GetProcAddress (hModule=0x756e0000, lpProcName="RegOpenKeyExW") returned 0x756fe580 [0069.861] LoadLibraryA (lpLibFileName="netapi32.dll") returned 0x73fe0000 [0069.861] GetProcAddress (hModule=0x73fe0000, lpProcName="NetWkstaGetInfo") returned 0x73fe1b10 [0069.861] GetProcAddress (hModule=0x73fe0000, lpProcName="NetApiBufferFree") returned 0x73fd17c0 [0070.438] LoadLibraryA (lpLibFileName="oleaut32.dll") returned 0x77440000 [0070.438] GetProcAddress (hModule=0x77440000, lpProcName="SysAllocStringLen") returned 0x7745b7e0 [0070.439] GetProcAddress (hModule=0x77440000, lpProcName="SafeArrayPtrOfIndex") returned 0x77466670 [0070.439] GetProcAddress (hModule=0x77440000, lpProcName="VariantCopy") returned 0x77479dc0 [0070.439] GetProcAddress (hModule=0x77440000, lpProcName="SafeArrayGetLBound") returned 0x77465ea0 [0070.439] GetProcAddress (hModule=0x77440000, lpProcName="SafeArrayGetUBound") returned 0x77465460 [0070.439] GetProcAddress (hModule=0x77440000, lpProcName="VariantInit") returned 0x77479de0 [0070.439] GetProcAddress (hModule=0x77440000, lpProcName="VariantClear") returned 0x77479db0 [0070.439] GetProcAddress (hModule=0x77440000, lpProcName="SysFreeString") returned 0x7745b920 [0070.439] GetProcAddress (hModule=0x77440000, lpProcName="SysReAllocStringLen") returned 0x77461500 [0070.439] GetProcAddress (hModule=0x77440000, lpProcName="VariantChangeType") returned 0x7745a5e0 [0070.439] GetProcAddress (hModule=0x77440000, lpProcName="SafeArrayCreate") returned 0x77460340 [0070.439] LoadLibraryA (lpLibFileName="user32.dll") returned 0x750c0000 [0070.439] GetProcAddress (hModule=0x750c0000, lpProcName="CharUpperBuffW") returned 0x75137670 [0070.440] GetProcAddress (hModule=0x750c0000, lpProcName="CharNextW") returned 0x750f1130 [0070.440] GetProcAddress (hModule=0x750c0000, lpProcName="MsgWaitForMultipleObjects") returned 0x750eeca0 [0070.440] GetProcAddress (hModule=0x750c0000, lpProcName="CharLowerBuffW") returned 0x750e34a0 [0070.440] GetProcAddress (hModule=0x750c0000, lpProcName="LoadStringW") returned 0x750f0480 [0070.440] GetProcAddress (hModule=0x750c0000, lpProcName="CharUpperW") returned 0x750f0f70 [0070.440] GetProcAddress (hModule=0x750c0000, lpProcName="PeekMessageW") returned 0x750ed180 [0070.440] GetProcAddress (hModule=0x750c0000, lpProcName="SystemParametersInfoW") returned 0x750ef210 [0070.440] GetProcAddress (hModule=0x750c0000, lpProcName="GetSystemMetrics") returned 0x750eddc0 [0070.440] GetProcAddress (hModule=0x750c0000, lpProcName="MessageBoxW") returned 0x7512db70 [0070.440] LoadLibraryA (lpLibFileName="version.dll") returned 0x742d0000 [0070.440] GetProcAddress (hModule=0x742d0000, lpProcName="GetFileVersionInfoSizeW") returned 0x742d1570 [0070.441] GetProcAddress (hModule=0x742d0000, lpProcName="VerQueryValueW") returned 0x742d1510 [0070.441] GetProcAddress (hModule=0x742d0000, lpProcName="GetFileVersionInfoW") returned 0x742d1590 [0070.441] LoadLibraryA (lpLibFileName="wininet.dll") returned 0x74000000 [0070.441] GetProcAddress (hModule=0x74000000, lpProcName="InternetCloseHandle") returned 0x7410d000 [0070.441] GetProcAddress (hModule=0x74000000, lpProcName="InternetOpenW") returned 0x7411e9e0 [0070.441] GetProcAddress (hModule=0x74000000, lpProcName="InternetOpenUrlW") returned 0x741ff3b0 [0070.441] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x2) returned 1 [0070.441] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19ff60 | out: lpflOldProtect=0x19ff60*=0x4) returned 1 [0070.506] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0070.939] SetThreadLocale (Locale=0x400) returned 1 [0071.342] GetVersion () returned 0x23f00206 [0071.364] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x772d0000 [0071.365] GetProcAddress (hModule=0x772d0000, lpProcName="GetThreadPreferredUILanguages") returned 0x772e7250 [0071.365] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x772d0000 [0071.365] GetProcAddress (hModule=0x772d0000, lpProcName="SetThreadPreferredUILanguages") returned 0x772e4f10 [0071.365] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x772d0000 [0071.365] GetProcAddress (hModule=0x772d0000, lpProcName="GetThreadUILanguage") returned 0x772e7290 [0071.441] GetSystemInfo (in: lpSystemInfo=0x19fc64 | out: lpSystemInfo=0x19fc64*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0071.899] GetCommandLineW () returned="\"C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.exe\" " [0071.899] GetStartupInfoW (in: lpStartupInfo=0x19fc40 | out: lpStartupInfo=0x19fc40*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0071.899] GetACP () returned 0x4e4 [0071.899] GetCurrentThreadId () returned 0x1130 [0071.899] GetVersion () returned 0x23f00206 [0071.916] GetVersionExW (in: lpVersionInformation=0x19fb84*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x772e7290, dwBuildNumber=0x40d0a0, dwPlatformId=0x19fbd0, szCSDVersion="") | out: lpVersionInformation=0x19fb84*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0072.103] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x19da44, nSize=0x20a | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\Ключи активации на 365 дней.exe")) returned 0x37 [0072.103] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19d82e, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\Ключи активации на 365 дней.exe")) returned 0x37 [0072.164] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x2410000 [0072.498] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d7a8 | out: phkResult=0x19d7a8*=0x0) returned 0x2 [0072.499] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d7a8 | out: phkResult=0x19d7a8*=0x0) returned 0x2 [0072.499] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d7a8 | out: phkResult=0x19d7a8*=0x0) returned 0x2 [0072.499] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d7a8 | out: phkResult=0x19d7a8*=0x0) returned 0x2 [0072.499] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d7a8 | out: phkResult=0x19d7a8*=0x0) returned 0x2 [0072.499] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19d7a8 | out: phkResult=0x19d7a8*=0x0) returned 0x2 [0072.499] GetUserDefaultUILanguage () returned 0x409 [0072.500] IsValidLocale (Locale=0x409, dwFlags=0x2) returned 1 [0072.500] GetThreadUILanguage () returned 0x190409 [0072.500] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x19d784, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x19d7ac | out: pulNumLanguages=0x19d784, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x19d7ac) returned 1 [0072.500] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x19d784, pwszLanguagesBuffer=0x25419b0, pcchLanguagesBuffer=0x19d7ac | out: pulNumLanguages=0x19d784, pwszLanguagesBuffer=0x25419b0, pcchLanguagesBuffer=0x19d7ac) returned 1 [0072.501] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.en-US", lpFindFileData=0x19d54c | out: lpFindFileData=0x19d54c*(dwFileAttributes=0x779e9fd0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x101fffe, ftLastAccessTime.dwLowDateTime=0x1e00001e, ftLastAccessTime.dwHighDateTime=0x90e968, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x911ed0, nFileSizeHigh=0x900000, nFileSizeLow=0xc0000000, dwReserved0=0x911cf0, dwReserved1=0x0, cFileName="\x17", cAlternateFileName="㍜ɓ늀@4")) returned 0xffffffff [0072.989] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.en", lpFindFileData=0x19d54c | out: lpFindFileData=0x19d54c*(dwFileAttributes=0x779e9fd0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x101fffe, ftLastAccessTime.dwLowDateTime=0x1e00001e, ftLastAccessTime.dwHighDateTime=0x90e968, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x911ed0, nFileSizeHigh=0x900000, nFileSizeLow=0xc0000000, dwReserved0=0x911cf0, dwReserved1=0x0, cFileName="\x17", cAlternateFileName="蹬ɔ늀@4")) returned 0xffffffff [0072.989] GetUserDefaultUILanguage () returned 0x409 [0072.989] GetLocaleInfoW (in: Locale=0x409, LCType=0x3, lpLCData=0x19d7c8, cchData=4 | out: lpLCData="ENU") returned 4 [0072.989] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.ENU", lpFindFileData=0x19d554 | out: lpFindFileData=0x19d554*(dwFileAttributes=0x101fffe, ftCreationTime.dwLowDateTime=0x1e00001e, ftCreationTime.dwHighDateTime=0x90e968, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x911ed0, ftLastWriteTime.dwLowDateTime=0x900000, ftLastWriteTime.dwHighDateTime=0xc0000000, nFileSizeHigh=0x911cf0, nFileSizeLow=0x0, dwReserved0=0x17, dwReserved1=0x779b2dfe, cFileName="\x09Ā\x17", cAlternateFileName="蹬ɔ늀@4")) returned 0xffffffff [0072.990] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.EN", lpFindFileData=0x19d554 | out: lpFindFileData=0x19d554*(dwFileAttributes=0x101fffe, ftCreationTime.dwLowDateTime=0x1e00001e, ftCreationTime.dwHighDateTime=0x90e968, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x911ed0, ftLastWriteTime.dwLowDateTime=0x900000, ftLastWriteTime.dwHighDateTime=0xc0000000, nFileSizeHigh=0x911cf0, nFileSizeLow=0x0, dwReserved0=0x17, dwReserved1=0x779b2dfe, cFileName="\x09Ā\x17", cAlternateFileName="蹬ɔ늀@4")) returned 0xffffffff [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffcf, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Method called on disposed object") returned 0x20 [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffce, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Feature not implemented") returned 0x17 [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffcd, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Monitor support function not initialized") returned 0x28 [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffcc, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Object lock not owned") returned 0x15 [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffcb, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Exception in safecall method") returned 0x1c [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffca, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Interface not supported") returned 0x17 [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffc8, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="External exception %x") returned 0x15 [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffc9, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Assertion failed") returned 0x10 [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffd7, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffc4, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Invalid argument") returned 0x10 [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffd6, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffd0, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0072.990] LoadStringW (in: hInstance=0x400000, uID=0xffda, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Invalid variant operation") returned 0x19 [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffd9, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffe9, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Stack overflow") returned 0xe [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffea, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Control-C hit") returned 0xd [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffeb, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Privileged instruction") returned 0x16 [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffe8, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Access violation") returned 0x10 [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffe6, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Invalid class typecast") returned 0x16 [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffe4, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Floating point underflow") returned 0x18 [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffe3, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Floating point overflow") returned 0x17 [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffe2, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Floating point division by zero") returned 0x1f [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffe1, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffe0, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Integer overflow") returned 0x10 [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xffff, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Range check error") returned 0x11 [0072.991] LoadStringW (in: hInstance=0x400000, uID=0xfffe, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Division by zero") returned 0x10 [0073.028] LoadStringW (in: hInstance=0x400000, uID=0xfff5, lpBuffer=0x19dc6c, cchBufferMax=4096 | out: lpBuffer="Out of memory") returned 0xd [0073.028] LoadStringW (in: hInstance=0x400000, uID=0xffe5, lpBuffer=0x19dc6c, cchBufferMax=4096 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0073.028] GetVersionExW (in: lpVersionInformation=0x19fb80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x19fb80*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0073.063] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x772d0000 [0073.063] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x915490 [0073.063] GetProcAddress (hModule=0x772d0000, lpProcName="GetNativeSystemInfo") returned 0x772e5130 [0073.063] GetNativeSystemInfo (in: lpSystemInfo=0x19fb5c | out: lpSystemInfo=0x19fb5c*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0073.365] GetFileVersionInfoSizeW (in: lptstrFilename="kernel32.dll", lpdwHandle=0x19fb38 | out: lpdwHandle=0x19fb38) returned 0x72c [0073.375] GetFileVersionInfoW (in: lptstrFilename="kernel32.dll", dwHandle=0x0, dwLen=0x72c, lpData=0x24f8800 | out: lpData=0x24f8800) returned 1 [0073.375] VerQueryValueW (in: pBlock=0x24f8800, lpSubBlock="\\", lplpBuffer=0x19fb30, puLen=0x19fb2c | out: lplpBuffer=0x19fb30*=0x24f8828, puLen=0x19fb2c) returned 1 [0073.375] LoadStringW (in: hInstance=0x400000, uID=0xff4f, lpBuffer=0x19db44, cchBufferMax=4096 | out: lpBuffer="Windows") returned 0x7 [0073.375] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x80) returned 0x200000 [0073.375] VerifyVersionInfoW (in: lpVersionInformation=0x19fa24, dwTypeMask=0x80, dwlConditionMask=0x200000 | out: lpVersionInformation=0x19fa24) returned 1 [0073.375] LoadStringW (in: hInstance=0x400000, uID=0xff3d, lpBuffer=0x19db44, cchBufferMax=4096 | out: lpBuffer="Windows 10") returned 0xa [0073.375] LoadStringW (in: hInstance=0x400000, uID=0xfffd, lpBuffer=0x19dc64, cchBufferMax=4096 | out: lpBuffer="Invalid numeric input") returned 0x15 [0073.375] LoadStringW (in: hInstance=0x400000, uID=0xfffc, lpBuffer=0x19dc64, cchBufferMax=4096 | out: lpBuffer="Disk full") returned 0x9 [0073.375] LoadStringW (in: hInstance=0x400000, uID=0xfffb, lpBuffer=0x19dc64, cchBufferMax=4096 | out: lpBuffer="Read beyond end of file") returned 0x17 [0073.376] LoadStringW (in: hInstance=0x400000, uID=0xfffa, lpBuffer=0x19dc64, cchBufferMax=4096 | out: lpBuffer="File access denied") returned 0x12 [0073.376] LoadStringW (in: hInstance=0x400000, uID=0xfff9, lpBuffer=0x19dc64, cchBufferMax=4096 | out: lpBuffer="Too many open files") returned 0x13 [0073.376] LoadStringW (in: hInstance=0x400000, uID=0xfff8, lpBuffer=0x19dc64, cchBufferMax=4096 | out: lpBuffer="Invalid filename") returned 0x10 [0073.376] LoadStringW (in: hInstance=0x400000, uID=0xfff7, lpBuffer=0x19dc64, cchBufferMax=4096 | out: lpBuffer="File not found") returned 0xe [0073.376] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19fa4a, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\Ключи активации на 365 дней.exe")) returned 0x37 [0073.376] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fc58 | out: phkResult=0x19fc58*=0x0) returned 0x2 [0073.376] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Embarcadero\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fc58 | out: phkResult=0x19fc58*=0x0) returned 0x2 [0073.376] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fc58 | out: phkResult=0x19fc58*=0x0) returned 0x2 [0073.376] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\CodeGear\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fc58 | out: phkResult=0x19fc58*=0x0) returned 0x2 [0073.376] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fc58 | out: phkResult=0x19fc58*=0x0) returned 0x2 [0073.376] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x19fc58 | out: phkResult=0x19fc58*=0x0) returned 0x2 [0073.435] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x772d0000 [0073.435] GetProcAddress (hModule=0x772d0000, lpProcName="GetLogicalProcessorInformation") returned 0x772e71b0 [0073.435] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x772d0000 [0073.435] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x9154a0 [0073.436] GetProcAddress (hModule=0x772d0000, lpProcName="GetLogicalProcessorInformation") returned 0x772e71b0 [0073.436] GetLogicalProcessorInformation (in: Buffer=0x0, ReturnedLength=0x19fc3c | out: Buffer=0x0, ReturnedLength=0x19fc3c) returned 0 [0073.667] GetLastError () returned 0x7a [0073.668] GetLogicalProcessorInformation (in: Buffer=0x24f14d0, ReturnedLength=0x19fc3c | out: Buffer=0x24f14d0, ReturnedLength=0x19fc3c) returned 1 [0073.668] GetCurrentThreadId () returned 0x1130 [0073.668] GetCurrentThreadId () returned 0x1130 [0073.668] GetVersionExW (in: lpVersionInformation=0x19fb4c*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x90b0e0, dwMinorVersion=0x89ea9c7f, dwBuildNumber=0x19fb8c, dwPlatformId=0x74ca9861, szCSDVersion="") | out: lpVersionInformation=0x19fb4c*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0073.668] GetCurrentThreadId () returned 0x1130 [0073.668] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x772d0000 [0073.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CompareStringOrdinal", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0073.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CompareStringOrdinal", cchWideChar=20, lpMultiByteStr=0x25080dc, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareStringOrdinal", lpUsedDefaultChar=0x0) returned 20 [0073.668] GetProcAddress (hModule=0x772d0000, lpProcName="CompareStringOrdinal") returned 0x772e7070 [0073.668] GetThreadLocale () returned 0x409 [0073.668] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x19fb90 | out: lpCPInfo=0x19fb90) returned 1 [0073.701] IsValidLocale (Locale=0x409, dwFlags=0x1) returned 1 [0073.701] GetCurrentThreadId () returned 0x1130 [0073.701] GetCurrentThreadId () returned 0x1130 [0073.701] GetLocaleInfoW (in: Locale=0x409, LCType=0x100b, lpLCData=0x19f90c, cchData=256 | out: lpLCData="2") returned 2 [0073.757] GetThreadLocale () returned 0x409 [0073.757] EnumCalendarInfoW (lpCalInfoEnumProc=0x427e50, Locale=0x409, Calendar=0x2, CalType=0x4) returned 1 [0073.758] GetThreadLocale () returned 0x409 [0073.758] EnumCalendarInfoW (lpCalInfoEnumProc=0x427ee8, Locale=0x409, Calendar=0x2, CalType=0x3) returned 1 [0073.758] GetCurrentThreadId () returned 0x1130 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Sun") returned 4 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x30, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Sunday") returned 7 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Mon") returned 4 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x2a, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Monday") returned 7 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Tue") returned 4 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x2b, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Tuesday") returned 8 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Wed") returned 4 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x2c, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Wednesday") returned 10 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Thu") returned 4 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x2d, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Thursday") returned 9 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Fri") returned 4 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x2e, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Friday") returned 7 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Sat") returned 4 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x2f, lpLCData=0x19f8f4, cchData=256 | out: lpLCData="Saturday") returned 9 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x44, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="Jan") returned 4 [0073.759] GetLocaleInfoW (in: Locale=0x409, LCType=0x38, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="January") returned 8 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x45, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="Feb") returned 4 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x39, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="February") returned 9 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x46, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="Mar") returned 4 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x3a, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="March") returned 6 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x47, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="Apr") returned 4 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x3b, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="April") returned 6 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x48, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="May") returned 4 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x3c, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="May") returned 4 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x49, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="Jun") returned 4 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x3d, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="June") returned 5 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x4a, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="Jul") returned 4 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x3e, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="July") returned 5 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x4b, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="Aug") returned 4 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x3f, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="August") returned 7 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x4c, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="Sep") returned 4 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x40, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="September") returned 10 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x4d, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="Oct") returned 4 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x41, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="October") returned 8 [0073.760] GetLocaleInfoW (in: Locale=0x409, LCType=0x4e, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="Nov") returned 4 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x42, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="November") returned 9 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x4f, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="Dec") returned 4 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x43, lpLCData=0x19f8f8, cchData=256 | out: lpLCData="December") returned 9 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x14, lpLCData=0x19f948, cchData=256 | out: lpLCData="$") returned 2 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x1b, lpLCData=0x19f948, cchData=256 | out: lpLCData="0") returned 2 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x1c, lpLCData=0x19f948, cchData=256 | out: lpLCData="0") returned 2 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x19fb40, cchData=2 | out: lpLCData=",") returned 2 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x19fb40, cchData=2 | out: lpLCData=".") returned 2 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x19, lpLCData=0x19f948, cchData=256 | out: lpLCData="2") returned 2 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x19fb40, cchData=2 | out: lpLCData="/") returned 2 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x1f, lpLCData=0x19f904, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x19f904, cchData=256 | out: lpLCData="1") returned 2 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x20, lpLCData=0x19f904, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x1009, lpLCData=0x19f904, cchData=256 | out: lpLCData="1") returned 2 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x19fb40, cchData=2 | out: lpLCData=":") returned 2 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x28, lpLCData=0x19f948, cchData=256 | out: lpLCData="AM") returned 3 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x29, lpLCData=0x19f948, cchData=256 | out: lpLCData="PM") returned 3 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x25, lpLCData=0x19f948, cchData=256 | out: lpLCData="0") returned 2 [0073.761] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x19f948, cchData=256 | out: lpLCData="0") returned 2 [0073.762] GetLocaleInfoW (in: Locale=0x409, LCType=0x1005, lpLCData=0x19f948, cchData=256 | out: lpLCData="0") returned 2 [0073.762] GetLocaleInfoW (in: Locale=0x409, LCType=0xc, lpLCData=0x19fb40, cchData=2 | out: lpLCData=",") returned 2 [0073.785] GetModuleHandleW (lpModuleName="oleaut32.dll") returned 0x77440000 [0073.786] GetProcAddress (hModule=0x77440000, lpProcName="VariantChangeTypeEx") returned 0x7745a610 [0073.786] GetProcAddress (hModule=0x77440000, lpProcName="VarNeg") returned 0x774a52c0 [0073.786] GetProcAddress (hModule=0x77440000, lpProcName="VarNot") returned 0x774a6560 [0073.786] GetProcAddress (hModule=0x77440000, lpProcName="VarAdd") returned 0x7747d610 [0073.786] GetProcAddress (hModule=0x77440000, lpProcName="VarSub") returned 0x7747e3e0 [0073.786] GetProcAddress (hModule=0x77440000, lpProcName="VarMul") returned 0x7747db10 [0073.786] GetProcAddress (hModule=0x77440000, lpProcName="VarDiv") returned 0x774a5800 [0073.786] GetProcAddress (hModule=0x77440000, lpProcName="VarIdiv") returned 0x774a61a0 [0073.787] GetProcAddress (hModule=0x77440000, lpProcName="VarMod") returned 0x774a6400 [0073.787] GetProcAddress (hModule=0x77440000, lpProcName="VarAnd") returned 0x77473200 [0073.787] GetProcAddress (hModule=0x77440000, lpProcName="VarOr") returned 0x774a6610 [0073.787] GetProcAddress (hModule=0x77440000, lpProcName="VarXor") returned 0x774a67b0 [0073.787] GetProcAddress (hModule=0x77440000, lpProcName="VarCmp") returned 0x774660b0 [0073.787] GetProcAddress (hModule=0x77440000, lpProcName="VarI4FromStr") returned 0x77466ec0 [0073.787] GetProcAddress (hModule=0x77440000, lpProcName="VarR4FromStr") returned 0x77473010 [0073.787] GetProcAddress (hModule=0x77440000, lpProcName="VarR8FromStr") returned 0x77473630 [0073.788] GetProcAddress (hModule=0x77440000, lpProcName="VarDateFromStr") returned 0x77468b90 [0073.788] GetProcAddress (hModule=0x77440000, lpProcName="VarCyFromStr") returned 0x77452d90 [0073.788] GetProcAddress (hModule=0x77440000, lpProcName="VarBoolFromStr") returned 0x774648f0 [0073.788] GetProcAddress (hModule=0x77440000, lpProcName="VarBstrFromCy") returned 0x77467f50 [0073.788] GetProcAddress (hModule=0x77440000, lpProcName="VarBstrFromDate") returned 0x774689c0 [0073.788] GetProcAddress (hModule=0x77440000, lpProcName="VarBstrFromBool") returned 0x774648a0 [0073.818] VarBstrFromBool (in: boolIn=0, lcid=0x400, dwFlags=0x0, pbstrOut=0x19fc80 | out: pbstrOut=0x19fc80*="False") returned 0x0 [0073.854] CharLowerBuffW (in: lpsz="False", cchLength=0x5 | out: lpsz="false") returned 0x5 [0073.856] CharUpperBuffW (in: lpsz="False", cchLength=0x5 | out: lpsz="FALSE") returned 0x5 [0073.856] VarBstrFromBool (in: boolIn=1, lcid=0x400, dwFlags=0x0, pbstrOut=0x19fc80 | out: pbstrOut=0x19fc80*="True") returned 0x0 [0073.856] CharLowerBuffW (in: lpsz="True", cchLength=0x4 | out: lpsz="true") returned 0x4 [0073.856] CharUpperBuffW (in: lpsz="True", cchLength=0x4 | out: lpsz="TRUE") returned 0x4 [0074.100] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x158 [0074.170] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x15c [0074.170] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x160 [0074.353] LoadStringW (in: hInstance=0x400000, uID=0xff25, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Invalid time Offset string: %s") returned 0x1e [0074.353] LoadStringW (in: hInstance=0x400000, uID=0xff24, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Invalid time string: %s") returned 0x17 [0074.353] LoadStringW (in: hInstance=0x400000, uID=0xff23, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Invalid date string: %s") returned 0x17 [0074.353] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc70 | out: lpPerformanceCount=0x19fc70*=16941348145) returned 1 [0074.560] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x772d0000 [0074.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0074.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="InitializeConditionVariable", cchWideChar=27, lpMultiByteStr=0x250f4ec, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeConditionVariable", lpUsedDefaultChar=0x0) returned 27 [0074.560] GetProcAddress (hModule=0x772d0000, lpProcName="InitializeConditionVariable") returned 0x779d3a00 [0074.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0074.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeConditionVariable", cchWideChar=21, lpMultiByteStr=0x2508244, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeConditionVariable", lpUsedDefaultChar=0x0) returned 21 [0074.560] GetProcAddress (hModule=0x772d0000, lpProcName="WakeConditionVariable") returned 0x77a48c50 [0074.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0074.560] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="WakeAllConditionVariable", cchWideChar=24, lpMultiByteStr=0x250f4ec, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WakeAllConditionVariable", lpUsedDefaultChar=0x0) returned 24 [0074.561] GetProcAddress (hModule=0x772d0000, lpProcName="WakeAllConditionVariable") returned 0x779d8a90 [0074.561] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0074.561] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SleepConditionVariableCS", cchWideChar=24, lpMultiByteStr=0x250f4ec, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SleepConditionVariableCS", lpUsedDefaultChar=0x0) returned 24 [0074.561] GetProcAddress (hModule=0x772d0000, lpProcName="SleepConditionVariableCS") returned 0x74d2fca0 [0074.630] GetModuleHandleW (lpModuleName="Kernel32.dll") returned 0x772d0000 [0074.630] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileSizeEx", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0074.630] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="GetFileSizeEx", cchWideChar=13, lpMultiByteStr=0x24ea82c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetFileSizeEx", lpUsedDefaultChar=0x0) returned 13 [0074.630] GetProcAddress (hModule=0x772d0000, lpProcName="GetFileSizeEx") returned 0x7733ef40 [0074.677] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x860000 [0075.103] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x24e2e7c | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\") returned 0x23 [0075.297] GetACP () returned 0x4e4 [0075.318] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19fc40 | out: lpCPInfo=0x19fc40) returned 1 [0075.318] LoadStringW (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0075.318] LoadStringW (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0075.318] LoadStringW (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0075.318] LoadStringW (in: hInstance=0x400000, uID=0xff16, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="%s") returned 0x2 [0075.318] LoadStringW (in: hInstance=0x400000, uID=0xff15, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Disconnected.") returned 0xd [0075.318] LoadStringW (in: hInstance=0x400000, uID=0xff14, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Disconnecting.") returned 0xe [0075.318] LoadStringW (in: hInstance=0x400000, uID=0xff13, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Connected.") returned 0xa [0075.318] LoadStringW (in: hInstance=0x400000, uID=0xff12, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Connecting to %s.") returned 0x11 [0075.318] LoadStringW (in: hInstance=0x400000, uID=0xff11, lpBuffer=0x19dc74, cchBufferMax=4096 | out: lpBuffer="Resolving hostname %s.") returned 0x16 [0076.440] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=1, lpName="8976453606432") returned 0x164 [0076.677] GetLastError () returned 0x0 [0076.677] IsDebuggerPresent () returned 0 [0076.999] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20019, phkResult=0x19fc90 | out: phkResult=0x19fc90*=0x168) returned 0x0 [0077.000] RegQueryValueExW (in: hKey=0x168, lpValueName="pora", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x2 [0077.000] RegCloseKey (hKey=0x168) returned 0x0 [0077.306] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20006, lpSecurityAttributes=0x0, phkResult=0x19fc58, lpdwDisposition=0x19fc5c | out: phkResult=0x19fc58*=0x168, lpdwDisposition=0x19fc5c*=0x2) returned 0x0 [0077.307] RegSetValueExW (in: hKey=0x168, lpValueName="pora", Reserved=0x0, dwType=0x1, lpData="123", cbData=0x8 | out: lpData="123") returned 0x0 [0077.311] RegCloseKey (hKey=0x168) returned 0x0 [0077.311] GetEnvironmentVariableW (in: lpName="USERNAME", lpBuffer=0x19e19c, nSize=0x400 | out: lpBuffer="FD1HVy") returned 0x6 [0077.311] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\keys.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\keys.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0077.314] GetFileType (hFile=0x168) returned 0x1 [0077.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CWBD-XX9N-BBT3-35UJ-5TS2", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CWBD-XX9N-BBT3-35UJ-5TS2", cchWideChar=24, lpMultiByteStr=0x250f60c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CWBD-XX9N-BBT3-35UJ-5TS2", lpUsedDefaultChar=0x0) returned 24 [0077.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="E43T-XKCJ-674F-92TA-CGEU", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="E43T-XKCJ-674F-92TA-CGEU", cchWideChar=24, lpMultiByteStr=0x250f60c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="E43T-XKCJ-674F-92TA-CGEU", lpUsedDefaultChar=0x0) returned 24 [0077.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="5WJC-X348-JESP-UTHS-XMMM", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="5WJC-X348-JESP-UTHS-XMMM", cchWideChar=24, lpMultiByteStr=0x250f60c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5WJC-X348-JESP-UTHS-XMMM", lpUsedDefaultChar=0x0) returned 24 [0077.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="9CEB-X9DV-58TC-GPDT-235E", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0077.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="9CEB-X9DV-58TC-GPDT-235E", cchWideChar=24, lpMultiByteStr=0x250f60c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9CEB-X9DV-58TC-GPDT-235E", lpUsedDefaultChar=0x0) returned 24 [0077.314] WriteFile (in: hFile=0x168, lpBuffer=0x19fc28*, nNumberOfBytesToWrite=0x68, lpNumberOfBytesWritten=0x19e998, lpOverlapped=0x0 | out: lpBuffer=0x19fc28*, lpNumberOfBytesWritten=0x19e998*=0x68, lpOverlapped=0x0) returned 1 [0077.316] CloseHandle (hObject=0x168) returned 1 [0077.317] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19e9d6, nSize=0x1002 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\Ключи активации на 365 дней.exe")) returned 0x37 [0077.318] LoadLibraryW (lpLibFileName="shell32.dll") returned 0x75760000 [0090.105] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ShellExecuteW", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0090.125] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="ShellExecuteW", cchWideChar=13, lpMultiByteStr=0x24ea92c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExecuteW", lpUsedDefaultChar=0x0) returned 13 [0090.125] GetProcAddress (hModule=0x75760000, lpProcName="ShellExecuteW") returned 0x758c42e0 [0090.125] ShellExecuteW (hwnd=0x0, lpOperation=0x0, lpFile="cmd", lpParameters="/c %temp%\\keys.txt", lpDirectory=0x0, nShowCmd=0) returned 0x2a [0122.238] GetCurrentProcess () returned 0xffffffff [0122.238] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x19f8a0, dwRevision=0x1 | out: pSecurityDescriptor=0x19f8a0) returned 1 [0122.255] InitializeAcl (in: pAcl=0x19f8b4, nAclLength=0x400, dwAclRevision=0x2 | out: pAcl=0x19f8b4) returned 1 [0122.255] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x19f8a0, bDaclPresent=1, pDacl=0x19f8b4, bDaclDefaulted=0 | out: pSecurityDescriptor=0x19f8a0) returned 1 [0122.256] SetKernelObjectSecurity (Handle=0xffffffff, SecurityInformation=0x4, SecurityDescriptor=0x19f8a0) returned 1 [0122.256] GetCurrentThread () returned 0xfffffffe [0122.256] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x19f8a0, dwRevision=0x1 | out: pSecurityDescriptor=0x19f8a0) returned 1 [0122.256] InitializeAcl (in: pAcl=0x19f8b4, nAclLength=0x400, dwAclRevision=0x2 | out: pAcl=0x19f8b4) returned 1 [0122.256] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x19f8a0, bDaclPresent=1, pDacl=0x19f8b4, bDaclDefaulted=0 | out: pSecurityDescriptor=0x19f8a0) returned 1 [0122.256] SetKernelObjectSecurity (Handle=0xfffffffe, SecurityInformation=0x4, SecurityDescriptor=0x19f8a0) returned 1 [0122.256] QueryPerformanceFrequency (in: lpFrequency=0x5727e8 | out: lpFrequency=0x5727e8*=100000000) returned 1 [0122.256] QueryPerformanceCounter (in: lpPerformanceCount=0x5727f0 | out: lpPerformanceCount=0x5727f0*=21923244600) returned 1 [0124.326] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19faa8, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\Ключи активации на 365 дней.exe")) returned 0x37 [0125.305] FindResourceW (hModule=0x400000, lpName="dll", lpType="EXEFILE") returned 0x7250c0 [0125.306] LoadResource (hModule=0x400000, hResInfo=0x7250c0) returned 0x59b904 [0125.306] SizeofResource (hModule=0x400000, hResInfo=0x7250c0) returned 0x120000 [0125.306] LockResource (hResData=0x59b904) returned 0x59b904 [0125.545] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\libeay32.dll" (normalized: "c:\\users\\fd1hvy\\desktop\\libeay32.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0128.094] WriteFile (in: hFile=0x224, lpBuffer=0x59b904*, nNumberOfBytesToWrite=0x120000, lpNumberOfBytesWritten=0x19fc44, lpOverlapped=0x0 | out: lpBuffer=0x59b904*, lpNumberOfBytesWritten=0x19fc44*=0x120000, lpOverlapped=0x0) returned 1 [0128.240] CloseHandle (hObject=0x224) returned 1 [0129.422] FreeResource (hResData=0x59b904) returned 0 [0129.422] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19faa8, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\Ключи активации на 365 дней.exe")) returned 0x37 [0129.422] FindResourceW (hModule=0x400000, lpName="dll2", lpType="EXEFILE") returned 0x7250e8 [0129.422] LoadResource (hModule=0x400000, hResInfo=0x7250e8) returned 0x6bb904 [0129.422] SizeofResource (hModule=0x400000, hResInfo=0x7250e8) returned 0x43000 [0129.422] LockResource (hResData=0x6bb904) returned 0x6bb904 [0129.422] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\ssleay32.dll" (normalized: "c:\\users\\fd1hvy\\desktop\\ssleay32.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0129.517] WriteFile (in: hFile=0x224, lpBuffer=0x6bb904*, nNumberOfBytesToWrite=0x43000, lpNumberOfBytesWritten=0x19fc44, lpOverlapped=0x0 | out: lpBuffer=0x6bb904*, lpNumberOfBytesWritten=0x19fc44*=0x43000, lpOverlapped=0x0) returned 1 [0129.529] CloseHandle (hObject=0x224) returned 1 [0129.959] FreeResource (hResData=0x6bb904) returned 0 [0129.959] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=22486526910) returned 1 [0129.976] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f4b0, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0129.976] FindResourceW (hModule=0x400000, lpName="pb3", lpType="EXEFILE") returned 0x725188 [0129.976] LoadResource (hModule=0x400000, hResInfo=0x725188) returned 0x71a618 [0129.976] SizeofResource (hModule=0x400000, hResInfo=0x725188) returned 0x8a [0129.977] LockResource (hResData=0x71a618) returned 0x71a618 [0129.977] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0130.841] WriteFile (in: hFile=0x224, lpBuffer=0x71a618*, nNumberOfBytesToWrite=0x8a, lpNumberOfBytesWritten=0x19fc44, lpOverlapped=0x0 | out: lpBuffer=0x71a618*, lpNumberOfBytesWritten=0x19fc44*=0x8a, lpOverlapped=0x0) returned 1 [0130.843] CloseHandle (hObject=0x224) returned 1 [0130.849] FreeResource (hResData=0x71a618) returned 0 [0130.849] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19faa8, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\Ключи активации на 365 дней.exe")) returned 0x37 [0130.849] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\libeay32.dll" (normalized: "c:\\users\\fd1hvy\\desktop\\libeay32.dll")) returned 0x20 [0130.849] SetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\libeay32.dll", dwFileAttributes=0x3) returned 1 [0130.850] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x19faa8, nSize=0x105 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\Ключи активации на 365 дней.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\Ключи активации на 365 дней.exe")) returned 0x37 [0130.850] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\ssleay32.dll" (normalized: "c:\\users\\fd1hvy\\desktop\\ssleay32.dll")) returned 0x20 [0130.850] SetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\ssleay32.dll", dwFileAttributes=0x3) returned 1 [0131.590] SetLastError (dwErrCode=0x0) [0131.590] GetLogicalDriveStringsW (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x5 [0131.590] GetLogicalDriveStringsW (in: nBufferLength=0x5, lpBuffer=0x24f3a54 | out: lpBuffer="C:\\") returned 0x4 [0131.608] SetLastError (dwErrCode=0x0) [0131.608] GetFullPathNameW (in: lpFileName="C:\\Users\\", nBufferLength=0x104, lpBuffer=0x19fa3c, lpFilePart=0x19fa38 | out: lpBuffer="C:\\Users\\", lpFilePart=0x19fa38*=0x0) returned 0x9 [0131.608] GetLastError () returned 0x0 [0131.904] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\", cchCount2=8) returned 1 [0131.904] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\", cchCount2=4) returned 1 [0131.904] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\", cchCount2=8) returned 1 [0131.904] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\", cchCount2=4) returned 1 [0131.904] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\", cchCount2=8) returned 1 [0131.904] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\", cchCount2=4) returned 1 [0131.904] GetFileAttributesW (lpFileName="C:\\Users\\" (normalized: "c:\\users")) returned 0x11 [0132.384] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x19fa04 | out: lpFindFileData=0x19fa04*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0x475bb883, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x475bb883, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2a8 [0132.384] FileTimeToLocalFileTime (in: lpFileTime=0x19fa18, lpLocalFileTime=0x19f98c | out: lpLocalFileTime=0x19f98c) returned 1 [0132.384] FileTimeToDosDateTime (in: lpFileTime=0x19f98c, lpFatDate=0x19f9e6, lpFatTime=0x19f9e4 | out: lpFatDate=0x19f9e6, lpFatTime=0x19f9e4) returned 1 [0132.384] FindNextFileW (in: hFindFile=0x94d2a8, lpFindFileData=0x19fa04 | out: lpFindFileData=0x19fa04*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0x475bb883, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x475bb883, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.384] FileTimeToLocalFileTime (in: lpFileTime=0x19fa18, lpLocalFileTime=0x19f988 | out: lpLocalFileTime=0x19f988) returned 1 [0132.384] FileTimeToDosDateTime (in: lpFileTime=0x19f988, lpFatDate=0x19f9e6, lpFatTime=0x19f9e4 | out: lpFatDate=0x19f9e6, lpFatTime=0x19f9e4) returned 1 [0132.384] FindNextFileW (in: hFindFile=0x94d2a8, lpFindFileData=0x19fa04 | out: lpFindFileData=0x19fa04*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0xd7b844b1, ftCreationTime.dwHighDateTime=0x1d2a02f, ftLastAccessTime.dwLowDateTime=0xd7b844b1, ftLastAccessTime.dwHighDateTime=0x1d2a02f, ftLastWriteTime.dwLowDateTime=0xd7b844b1, ftLastWriteTime.dwHighDateTime=0x1d2a02f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0132.384] FileTimeToLocalFileTime (in: lpFileTime=0x19fa18, lpLocalFileTime=0x19f988 | out: lpLocalFileTime=0x19f988) returned 1 [0132.384] FileTimeToDosDateTime (in: lpFileTime=0x19f988, lpFatDate=0x19f9e6, lpFatTime=0x19f9e4 | out: lpFatDate=0x19f9e6, lpFatTime=0x19f9e4) returned 1 [0132.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="All Users", cchCount2=8) returned 1 [0132.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="All Users", cchCount2=4) returned 1 [0132.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="All Users", cchCount2=8) returned 1 [0132.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="All Users", cchCount2=4) returned 1 [0132.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="All Users", cchCount2=8) returned 1 [0132.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="All Users", cchCount2=4) returned 1 [0132.385] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*", lpFindFileData=0x19f750 | out: lpFindFileData=0x19f750*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x450f4738, ftLastAccessTime.dwHighDateTime=0x1d327cd, ftLastWriteTime.dwLowDateTime=0x450f4738, ftLastWriteTime.dwHighDateTime=0x1d327cd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d1a8 [0132.385] FileTimeToLocalFileTime (in: lpFileTime=0x19f764, lpLocalFileTime=0x19f6d8 | out: lpLocalFileTime=0x19f6d8) returned 1 [0132.385] FileTimeToDosDateTime (in: lpFileTime=0x19f6d8, lpFatDate=0x19f732, lpFatTime=0x19f730 | out: lpFatDate=0x19f732, lpFatTime=0x19f730) returned 1 [0132.385] FindNextFileW (in: hFindFile=0x94d1a8, lpFindFileData=0x19f750 | out: lpFindFileData=0x19f750*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x450f4738, ftLastAccessTime.dwHighDateTime=0x1d327cd, ftLastWriteTime.dwLowDateTime=0x450f4738, ftLastWriteTime.dwHighDateTime=0x1d327cd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.385] FileTimeToLocalFileTime (in: lpFileTime=0x19f764, lpLocalFileTime=0x19f6d4 | out: lpLocalFileTime=0x19f6d4) returned 1 [0132.386] FileTimeToDosDateTime (in: lpFileTime=0x19f6d4, lpFatDate=0x19f732, lpFatTime=0x19f730 | out: lpFatDate=0x19f732, lpFatTime=0x19f730) returned 1 [0132.386] FindNextFileW (in: hFindFile=0x94d1a8, lpFindFileData=0x19f750 | out: lpFindFileData=0x19f750*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x450f4738, ftCreationTime.dwHighDateTime=0x1d327cd, ftLastAccessTime.dwLowDateTime=0x4511a9a6, ftLastAccessTime.dwHighDateTime=0x1d327cd, ftLastWriteTime.dwLowDateTime=0x4511a9a6, ftLastWriteTime.dwHighDateTime=0x1d327cd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0132.386] FileTimeToLocalFileTime (in: lpFileTime=0x19f764, lpLocalFileTime=0x19f6d4 | out: lpLocalFileTime=0x19f6d4) returned 1 [0132.386] FileTimeToDosDateTime (in: lpFileTime=0x19f6d4, lpFatDate=0x19f732, lpFatTime=0x19f730 | out: lpFatDate=0x19f732, lpFatTime=0x19f730) returned 1 [0132.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Adobe", cchCount2=4) returned 1 [0132.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Adobe", cchCount2=4) returned 1 [0132.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Adobe", cchCount2=4) returned 1 [0132.386] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\*", lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x450f4738, ftCreationTime.dwHighDateTime=0x1d327cd, ftLastAccessTime.dwLowDateTime=0x4511a9a6, ftLastAccessTime.dwHighDateTime=0x1d327cd, ftLastWriteTime.dwLowDateTime=0x4511a9a6, ftLastWriteTime.dwHighDateTime=0x1d327cd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0132.386] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f424 | out: lpLocalFileTime=0x19f424) returned 1 [0132.386] FileTimeToDosDateTime (in: lpFileTime=0x19f424, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0132.386] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x450f4738, ftCreationTime.dwHighDateTime=0x1d327cd, ftLastAccessTime.dwLowDateTime=0x4511a9a6, ftLastAccessTime.dwHighDateTime=0x1d327cd, ftLastWriteTime.dwLowDateTime=0x4511a9a6, ftLastWriteTime.dwHighDateTime=0x1d327cd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.387] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0132.387] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0132.387] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4511a9a6, ftCreationTime.dwHighDateTime=0x1d327cd, ftLastAccessTime.dwLowDateTime=0x28e82a8b, ftLastAccessTime.dwHighDateTime=0x1d39f5e, ftLastWriteTime.dwLowDateTime=0x28e82a8b, ftLastWriteTime.dwHighDateTime=0x1d39f5e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 1 [0132.387] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0132.387] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0132.387] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4511a9a6, ftCreationTime.dwHighDateTime=0x1d327cd, ftLastAccessTime.dwLowDateTime=0x28e82a8b, ftLastAccessTime.dwHighDateTime=0x1d39f5e, ftLastWriteTime.dwLowDateTime=0x28e82a8b, ftLastWriteTime.dwHighDateTime=0x1d39f5e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2000002, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0132.389] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0132.389] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0132.389] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4511a9a6, ftCreationTime.dwHighDateTime=0x1d327cd, ftLastAccessTime.dwLowDateTime=0x28e82a8b, ftLastAccessTime.dwHighDateTime=0x1d39f5e, ftLastWriteTime.dwLowDateTime=0x28e82a8b, ftLastWriteTime.dwHighDateTime=0x1d39f5e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2000002, cFileName="..", cAlternateFileName="")) returned 1 [0132.389] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0132.389] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0132.389] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53050818, ftCreationTime.dwHighDateTime=0x1d35e02, ftLastAccessTime.dwLowDateTime=0xfb2ddff7, ftLastAccessTime.dwHighDateTime=0x1d35e02, ftLastWriteTime.dwLowDateTime=0x3268450e, ftLastWriteTime.dwHighDateTime=0x1d35e03, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2000002, cFileName="Reader_15.007.20033", cAlternateFileName="READER~1.200")) returned 1 [0132.389] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0132.389] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0132.389] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Reader_15.007.20033", cchCount2=8) returned 1 [0132.389] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Reader_15.007.20033", cchCount2=4) returned 1 [0132.390] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Reader_15.007.20033", cchCount2=8) returned 1 [0132.390] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Reader_15.007.20033", cchCount2=4) returned 1 [0132.390] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Reader_15.007.20033", cchCount2=8) returned 1 [0132.390] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Reader_15.007.20033", cchCount2=4) returned 1 [0132.390] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_15.007.20033\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53050818, ftCreationTime.dwHighDateTime=0x1d35e02, ftLastAccessTime.dwLowDateTime=0xfb2ddff7, ftLastAccessTime.dwHighDateTime=0x1d35e02, ftLastWriteTime.dwLowDateTime=0x3268450e, ftLastWriteTime.dwHighDateTime=0x1d35e03, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d3a8 [0132.392] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0132.392] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0132.392] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53050818, ftCreationTime.dwHighDateTime=0x1d35e02, ftLastAccessTime.dwLowDateTime=0xfb2ddff7, ftLastAccessTime.dwHighDateTime=0x1d35e02, ftLastWriteTime.dwLowDateTime=0x3268450e, ftLastWriteTime.dwHighDateTime=0x1d35e03, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.392] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0132.392] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0132.392] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x53050818, ftCreationTime.dwHighDateTime=0x1d35e02, ftLastAccessTime.dwLowDateTime=0xfb2ddff7, ftLastAccessTime.dwHighDateTime=0x1d35e02, ftLastWriteTime.dwLowDateTime=0x3268450e, ftLastWriteTime.dwHighDateTime=0x1d35e03, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0132.392] GetLastError () returned 0x12 [0132.392] FindClose (in: hFindFile=0x94d3a8 | out: hFindFile=0x94d3a8) returned 1 [0132.392] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8d2868f, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xa7140105, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0xa7140105, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2000002, cFileName="Reader_15.023.20070", cAlternateFileName="READER~2.200")) returned 1 [0132.392] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0132.392] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0132.392] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Reader_15.023.20070", cchCount2=8) returned 1 [0132.392] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Reader_15.023.20070", cchCount2=4) returned 1 [0132.392] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Reader_15.023.20070", cchCount2=8) returned 1 [0132.392] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Reader_15.023.20070", cchCount2=4) returned 1 [0132.392] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Reader_15.023.20070", cchCount2=8) returned 1 [0132.392] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Reader_15.023.20070", cchCount2=4) returned 1 [0132.393] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\Reader_15.023.20070\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8d2868f, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xa7140105, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x2797fc81, ftLastWriteTime.dwHighDateTime=0x1d39f5e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0132.393] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0132.393] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0132.393] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8d2868f, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xa7140105, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x2797fc81, ftLastWriteTime.dwHighDateTime=0x1d39f5e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.393] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0132.393] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0132.393] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8d2868f, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xa7140105, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x2797fc81, ftLastWriteTime.dwHighDateTime=0x1d39f5e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0132.393] GetLastError () returned 0x12 [0132.393] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0132.393] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xdcb711fb, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0x3c33d412, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x4b9b7315, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2000002, cFileName="S", cAlternateFileName="")) returned 1 [0132.393] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0132.393] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0132.393] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Adobe\\ARM\\S\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xdcb711fb, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0x3c33d412, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x4b9b7315, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d3a8 [0132.394] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0132.394] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0132.394] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xdcb711fb, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0x3c33d412, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x4b9b7315, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.394] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0132.394] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0132.394] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xdcb711fb, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0x3c33d412, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x4b9b7315, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0132.394] GetLastError () returned 0x12 [0132.394] FindClose (in: hFindFile=0x94d3a8 | out: hFindFile=0x94d3a8) returned 1 [0132.394] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xdcb711fb, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0x3c33d412, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x4b9b7315, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2000002, cFileName="S", cAlternateFileName="")) returned 0 [0132.394] GetLastError () returned 0x12 [0132.394] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0132.394] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4511a9a6, ftCreationTime.dwHighDateTime=0x1d327cd, ftLastAccessTime.dwLowDateTime=0x28e82a8b, ftLastAccessTime.dwHighDateTime=0x1d39f5e, ftLastWriteTime.dwLowDateTime=0x28e82a8b, ftLastWriteTime.dwHighDateTime=0x1d39f5e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARM", cAlternateFileName="")) returned 0 [0132.394] GetLastError () returned 0x12 [0132.395] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0132.395] FindNextFileW (in: hFindFile=0x94d1a8, lpFindFileData=0x19f750 | out: lpFindFileData=0x19f750*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x78624286, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x78624286, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x78624286, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0132.395] FileTimeToLocalFileTime (in: lpFileTime=0x19f764, lpLocalFileTime=0x19f6d4 | out: lpLocalFileTime=0x19f6d4) returned 1 [0132.395] FileTimeToDosDateTime (in: lpFileTime=0x19f6d4, lpFatDate=0x19f732, lpFatTime=0x19f730 | out: lpFatDate=0x19f732, lpFatTime=0x19f730) returned 1 [0132.395] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Application Data", cchCount2=8) returned 1 [0132.395] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Application Data", cchCount2=4) returned 1 [0132.395] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Application Data", cchCount2=8) returned 1 [0132.395] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Application Data", cchCount2=4) returned 1 [0132.395] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Application Data", cchCount2=8) returned 1 [0132.395] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Application Data", cchCount2=4) returned 1 [0132.395] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Application Data\\*", lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x19f564, ftCreationTime.dwHighDateTime=0x773051f4, ftLastAccessTime.dwLowDateTime=0x2525044, ftLastAccessTime.dwHighDateTime=0x77304f40, ftLastWriteTime.dwLowDateTime=0x77305218, ftLastWriteTime.dwHighDateTime=0x4, nFileSizeHigh=0x4, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="缠\x91", cAlternateFileName="唬OᤸV놴Ɏ")) returned 0xffffffff [0132.395] GetLastError () returned 0x5 [0132.396] FindNextFileW (in: hFindFile=0x94d1a8, lpFindFileData=0x19f750 | out: lpFindFileData=0x19f750*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbcb1c5f2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcb9c8f, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Comms", cAlternateFileName="")) returned 1 [0132.396] FileTimeToLocalFileTime (in: lpFileTime=0x19f764, lpLocalFileTime=0x19f6d4 | out: lpLocalFileTime=0x19f6d4) returned 1 [0132.396] FileTimeToDosDateTime (in: lpFileTime=0x19f6d4, lpFatDate=0x19f732, lpFatTime=0x19f730 | out: lpFatDate=0x19f732, lpFatTime=0x19f730) returned 1 [0132.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Comms", cchCount2=4) returned 1 [0132.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Comms", cchCount2=4) returned 1 [0132.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Comms", cchCount2=4) returned 1 [0132.396] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Comms\\*", lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbcb1c5f2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcb9c8f, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0132.397] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f424 | out: lpLocalFileTime=0x19f424) returned 1 [0132.397] FileTimeToDosDateTime (in: lpFileTime=0x19f424, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0132.397] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbcb1c5f2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcb9c8f, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.397] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0132.397] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0132.397] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbcb1c5f2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcb9c8f, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0132.397] GetLastError () returned 0x12 [0132.397] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0132.397] FindNextFileW (in: hFindFile=0x94d1a8, lpFindFileData=0x19f750 | out: lpFindFileData=0x19f750*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x78624286, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x78624286, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x78624286, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0132.397] FileTimeToLocalFileTime (in: lpFileTime=0x19f764, lpLocalFileTime=0x19f6d4 | out: lpLocalFileTime=0x19f6d4) returned 1 [0132.397] FileTimeToDosDateTime (in: lpFileTime=0x19f6d4, lpFatDate=0x19f732, lpFatTime=0x19f730 | out: lpFatDate=0x19f732, lpFatTime=0x19f730) returned 1 [0132.397] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Desktop", cchCount2=4) returned 1 [0132.397] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Desktop", cchCount2=4) returned 1 [0132.398] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Desktop", cchCount2=4) returned 1 [0132.398] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Desktop\\*", lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x19f564, ftCreationTime.dwHighDateTime=0x773051f4, ftLastAccessTime.dwLowDateTime=0x24eb1ec, ftLastAccessTime.dwHighDateTime=0x77304f40, ftLastWriteTime.dwLowDateTime=0x77305218, ftLastWriteTime.dwHighDateTime=0x4, nFileSizeHigh=0x4, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="缠\x91", cAlternateFileName="唬OᤸV놴Ɏ")) returned 0xffffffff [0132.398] GetLastError () returned 0x5 [0132.398] FindNextFileW (in: hFindFile=0x94d1a8, lpFindFileData=0x19f750 | out: lpFindFileData=0x19f750*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x78624286, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x78624286, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x78624286, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0132.398] FileTimeToLocalFileTime (in: lpFileTime=0x19f764, lpLocalFileTime=0x19f6d4 | out: lpLocalFileTime=0x19f6d4) returned 1 [0132.398] FileTimeToDosDateTime (in: lpFileTime=0x19f6d4, lpFatDate=0x19f732, lpFatTime=0x19f730 | out: lpFatDate=0x19f732, lpFatTime=0x19f730) returned 1 [0132.398] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Documents", cchCount2=8) returned 1 [0132.398] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Documents", cchCount2=4) returned 1 [0132.398] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Documents", cchCount2=8) returned 1 [0132.398] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Documents", cchCount2=4) returned 1 [0132.398] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Documents", cchCount2=8) returned 1 [0132.398] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Documents", cchCount2=4) returned 1 [0132.398] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Documents\\*", lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x19f564, ftCreationTime.dwHighDateTime=0x773051f4, ftLastAccessTime.dwLowDateTime=0x2508474, ftLastAccessTime.dwHighDateTime=0x77304f40, ftLastWriteTime.dwLowDateTime=0x77305218, ftLastWriteTime.dwHighDateTime=0x4, nFileSizeHigh=0x4, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="缠\x91", cAlternateFileName="唬OᤸV놴Ɏ")) returned 0xffffffff [0132.398] GetLastError () returned 0x5 [0132.398] FindNextFileW (in: hFindFile=0x94d1a8, lpFindFileData=0x19f750 | out: lpFindFileData=0x19f750*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc93dc4da, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xc93dc4da, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0132.399] FileTimeToLocalFileTime (in: lpFileTime=0x19f764, lpLocalFileTime=0x19f6d4 | out: lpLocalFileTime=0x19f6d4) returned 1 [0132.399] FileTimeToDosDateTime (in: lpFileTime=0x19f6d4, lpFatDate=0x19f732, lpFatTime=0x19f730 | out: lpFatDate=0x19f732, lpFatTime=0x19f730) returned 1 [0132.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft", cchCount2=8) returned 1 [0132.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft", cchCount2=4) returned 1 [0132.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft", cchCount2=8) returned 1 [0132.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft", cchCount2=4) returned 1 [0132.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft", cchCount2=8) returned 1 [0132.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft", cchCount2=4) returned 1 [0132.399] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\*", lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc93dc4da, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xc93dc4da, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d3a8 [0132.399] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f424 | out: lpLocalFileTime=0x19f424) returned 1 [0132.399] FileTimeToDosDateTime (in: lpFileTime=0x19f424, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0132.399] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc93dc4da, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xc93dc4da, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.399] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0132.399] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0132.399] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbcb1d3d3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppV", cAlternateFileName="")) returned 1 [0132.399] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0132.400] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0132.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AppV", cchCount2=4) returned 1 [0132.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AppV", cchCount2=4) returned 1 [0132.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AppV", cchCount2=4) returned 1 [0132.400] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\AppV\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbcb1d3d3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d728 [0132.400] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0132.400] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0132.400] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbcb1d3d3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.400] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0132.400] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0132.400] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbcb1d9bc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe825779a, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup", cAlternateFileName="")) returned 1 [0132.400] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0132.400] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0132.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Setup", cchCount2=4) returned 1 [0132.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Setup", cchCount2=4) returned 1 [0132.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Setup", cchCount2=4) returned 1 [0132.401] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\AppV\\Setup\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbcb1d9bc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe825779a, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0132.401] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0132.401] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0132.402] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbcb1d9bc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe825779a, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.402] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0132.402] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0132.402] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799dd27b, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xe2889e45, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xe2889e45, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x1368, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeIntegrator.ps1", cAlternateFileName="")) returned 1 [0132.402] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0132.402] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0132.691] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799dd27b, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0xe2889e45, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xe2889e45, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x1368, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeIntegrator.ps1", cAlternateFileName="")) returned 0 [0132.692] GetLastError () returned 0x12 [0132.692] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0133.674] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbcb1d9bc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe825779a, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup", cAlternateFileName="")) returned 0 [0133.674] GetLastError () returned 0x12 [0133.674] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0133.674] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc1c2b2f4, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xfa011b19, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xfa011b19, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ClickToRun", cAlternateFileName="CLICKT~1")) returned 1 [0133.674] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0133.674] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0133.674] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ClickToRun", cchCount2=8) returned 1 [0133.674] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ClickToRun", cchCount2=4) returned 1 [0133.674] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ClickToRun", cchCount2=8) returned 1 [0133.674] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ClickToRun", cchCount2=4) returned 1 [0133.674] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ClickToRun", cchCount2=8) returned 1 [0133.674] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ClickToRun", cchCount2=4) returned 1 [0133.674] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc1c2b2f4, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x3c4413a9, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3c4413a9, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0133.675] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0133.675] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0133.675] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc1c2b2f4, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x3c4413a9, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3c4413a9, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.675] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0133.675] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0133.676] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe68ff039, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a7c64d, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xe6a7c64d, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4", cAlternateFileName="0D0D4E~1")) returned 1 [0133.676] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0133.676] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0133.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4", cchCount2=8) returned 1 [0133.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4", cchCount2=4) returned 1 [0133.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4", cchCount2=8) returned 1 [0133.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4", cchCount2=4) returned 1 [0133.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4", cchCount2=8) returned 1 [0133.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4", cchCount2=4) returned 1 [0133.676] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe68ff039, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a7c64d, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xe6a7c64d, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0133.677] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0133.677] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0133.677] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe68ff039, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a7c64d, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xe6a7c64d, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.677] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0133.677] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0133.677] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6a5650a, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a7c64d, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xe6a7c64d, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-us.16", cAlternateFileName="")) returned 1 [0133.677] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0133.677] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0133.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0133.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0133.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0133.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0133.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0133.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0133.678] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6a5650a, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a7c64d, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xe6a7c64d, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0133.681] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0133.681] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0133.681] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6a5650a, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a7c64d, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xe6a7c64d, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.681] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0133.681] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0133.681] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6a5650a, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a5650a, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x39768000, ftLastWriteTime.dwHighDateTime=0x1d0d7ee, nFileSizeHigh=0x0, nFileSizeLow=0x564f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MasterDescriptor.en-us.xml", cAlternateFileName="MASTER~1.XML")) returned 1 [0133.681] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0133.681] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0133.682] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6a5650a, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a5650a, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x6035b600, ftLastWriteTime.dwHighDateTime=0x1d0d7f0, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="s641033.hash", cAlternateFileName="S64103~1.HAS")) returned 1 [0133.682] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0133.682] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0133.682] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6a5650a, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a5650a, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x3e87ff00, ftLastWriteTime.dwHighDateTime=0x1d0d7ef, nFileSizeHigh=0x0, nFileSizeLow=0xd77c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.en-us.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0133.682] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0133.682] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0133.682] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0133.682] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6a5650a, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a5650a, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x3e87ff00, ftLastWriteTime.dwHighDateTime=0x1d0d7ef, nFileSizeHigh=0x0, nFileSizeLow=0xd77c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.en-us.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0133.683] GetLastError () returned 0x12 [0133.683] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0133.684] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe68ff039, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a5650a, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xe6a5650a, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x-none.16", cAlternateFileName="")) returned 1 [0133.684] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0133.684] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0133.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0133.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0133.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0133.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0133.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0133.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0133.684] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe68ff039, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a5650a, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xe6a5650a, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0133.688] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0133.688] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0133.688] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe68ff039, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a5650a, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xe6a5650a, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.688] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0133.688] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0133.688] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6a09ff9, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a09ff9, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x37142600, ftLastWriteTime.dwHighDateTime=0x1d0d7ee, nFileSizeHigh=0x0, nFileSizeLow=0x5211, dwReserved0=0x0, dwReserved1=0x0, cFileName="MasterDescriptor.x-none.xml", cAlternateFileName="MASTER~1.XML")) returned 1 [0133.688] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0133.688] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0133.688] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0133.689] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0133.689] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0133.689] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0133.689] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0133.689] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0133.689] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6a302bd, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a302bd, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x6035b600, ftLastWriteTime.dwHighDateTime=0x1d0d7f0, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="s640.hash", cAlternateFileName="S640~1.HAS")) returned 1 [0133.689] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0133.689] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0133.689] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6a302bd, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a302bd, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x6035b600, ftLastWriteTime.dwHighDateTime=0x1d0d7f0, nFileSizeHigh=0x0, nFileSizeLow=0x38480a, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.x-none.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0133.689] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0133.689] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0133.689] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0133.689] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0133.689] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0133.689] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0133.689] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0133.689] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0133.689] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6a302bd, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a302bd, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x6035b600, ftLastWriteTime.dwHighDateTime=0x1d0d7f0, nFileSizeHigh=0x0, nFileSizeLow=0x38480a, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.x-none.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0133.690] GetLastError () returned 0x12 [0133.690] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0133.691] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe68ff039, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xe6a5650a, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xe6a5650a, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x-none.16", cAlternateFileName="")) returned 0 [0133.691] GetLastError () returned 0x12 [0133.692] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0133.692] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d43d48, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ee74e6, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x96ee74e6, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="19B11135-37BD-4FA1-A78E-C20CA2BDA1C0", cAlternateFileName="19B111~1")) returned 1 [0133.692] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0133.692] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0133.692] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="19B11135-37BD-4FA1-A78E-C20CA2BDA1C0", cchCount2=8) returned 1 [0133.692] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="19B11135-37BD-4FA1-A78E-C20CA2BDA1C0", cchCount2=4) returned 1 [0133.692] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="19B11135-37BD-4FA1-A78E-C20CA2BDA1C0", cchCount2=8) returned 1 [0133.692] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="19B11135-37BD-4FA1-A78E-C20CA2BDA1C0", cchCount2=4) returned 1 [0133.692] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="19B11135-37BD-4FA1-A78E-C20CA2BDA1C0", cchCount2=8) returned 1 [0133.692] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="19B11135-37BD-4FA1-A78E-C20CA2BDA1C0", cchCount2=4) returned 1 [0133.692] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d43d48, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ee74e6, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x96ee74e6, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0133.825] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0133.825] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0133.825] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d43d48, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ee74e6, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x96ee74e6, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0133.825] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0133.825] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0133.825] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96ec13b1, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ee74e6, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x96ee74e6, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-us.16", cAlternateFileName="")) returned 1 [0133.825] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0133.825] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0133.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0133.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0133.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0133.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0133.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0133.826] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0133.826] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96ec13b1, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ee74e6, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x96ee74e6, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0133.898] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0133.898] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0134.279] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96ec13b1, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ee74e6, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x96ee74e6, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.280] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0134.280] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0134.280] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96ec13b1, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ec13b1, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x39768000, ftLastWriteTime.dwHighDateTime=0x1d0d7ee, nFileSizeHigh=0x0, nFileSizeLow=0x564f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MasterDescriptor.en-us.xml", cAlternateFileName="MASTER~1.XML")) returned 1 [0134.280] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0134.280] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0134.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0134.982] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0134.982] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0134.982] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0134.982] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0134.982] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0134.982] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96ec13b1, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ec13b1, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x6035b600, ftLastWriteTime.dwHighDateTime=0x1d0d7f0, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="s641033.hash", cAlternateFileName="S64103~1.HAS")) returned 1 [0134.982] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0134.982] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0134.982] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96ec13b1, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ec13b1, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x3e87ff00, ftLastWriteTime.dwHighDateTime=0x1d0d7ef, nFileSizeHigh=0x0, nFileSizeLow=0xd77c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.en-us.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0134.982] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0134.982] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0134.983] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0134.983] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0134.983] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0134.983] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0134.983] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0134.983] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0134.983] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96ec13b1, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ec13b1, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x3e87ff00, ftLastWriteTime.dwHighDateTime=0x1d0d7ef, nFileSizeHigh=0x0, nFileSizeLow=0xd77c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.en-us.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0134.983] GetLastError () returned 0x12 [0134.983] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0135.919] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d43d48, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ec13b1, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x96ec13b1, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x-none.16", cAlternateFileName="")) returned 1 [0135.919] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0135.919] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0136.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0136.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0136.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0136.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0136.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0136.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0136.158] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d43d48, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ec13b1, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x96ec13b1, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0136.670] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0136.670] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.670] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d43d48, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ec13b1, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x96ec13b1, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.670] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.670] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.670] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96e74e13, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96e74e13, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x37142600, ftLastWriteTime.dwHighDateTime=0x1d0d7ee, nFileSizeHigh=0x0, nFileSizeLow=0x5211, dwReserved0=0x0, dwReserved1=0x0, cFileName="MasterDescriptor.x-none.xml", cAlternateFileName="MASTER~1.XML")) returned 1 [0136.670] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.670] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.926] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0136.926] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0136.926] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0136.926] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0136.926] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0136.926] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0136.926] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96e74e13, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96e74e13, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x6035b600, ftLastWriteTime.dwHighDateTime=0x1d0d7f0, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="s640.hash", cAlternateFileName="S640~1.HAS")) returned 1 [0136.926] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.926] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.926] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96e74e13, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96e74e13, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x6035b600, ftLastWriteTime.dwHighDateTime=0x1d0d7f0, nFileSizeHigh=0x0, nFileSizeLow=0x38480a, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.x-none.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0136.926] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.926] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.926] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0136.926] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0136.926] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0136.926] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0136.927] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0136.927] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0136.927] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96e74e13, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96e74e13, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x6035b600, ftLastWriteTime.dwHighDateTime=0x1d0d7f0, nFileSizeHigh=0x0, nFileSizeLow=0x38480a, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.x-none.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0136.927] GetLastError () returned 0x12 [0136.927] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0136.928] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d43d48, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x96ec13b1, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x96ec13b1, ftLastWriteTime.dwHighDateTime=0x1d47c31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x-none.16", cAlternateFileName="")) returned 0 [0136.928] GetLastError () returned 0x12 [0136.928] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0136.928] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82f016ef, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x8300c739, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8300c739, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="201EB7DF-C721-4B8B-9C81-A09DE7F931E6", cAlternateFileName="201EB7~1")) returned 1 [0136.928] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0136.928] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0136.928] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="201EB7DF-C721-4B8B-9C81-A09DE7F931E6", cchCount2=8) returned 1 [0136.928] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="201EB7DF-C721-4B8B-9C81-A09DE7F931E6", cchCount2=4) returned 1 [0136.928] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="201EB7DF-C721-4B8B-9C81-A09DE7F931E6", cchCount2=8) returned 1 [0136.928] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="201EB7DF-C721-4B8B-9C81-A09DE7F931E6", cchCount2=4) returned 1 [0136.929] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="201EB7DF-C721-4B8B-9C81-A09DE7F931E6", cchCount2=8) returned 1 [0136.929] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="201EB7DF-C721-4B8B-9C81-A09DE7F931E6", cchCount2=4) returned 1 [0136.929] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82f016ef, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x8300c739, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8300c739, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6a8 [0136.936] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0136.936] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0136.936] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82f016ef, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x8300c739, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8300c739, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.937] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0136.937] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0136.937] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82f016ef, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x82f9a029, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x82f9a029, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-us.16", cAlternateFileName="")) returned 1 [0136.937] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0136.937] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0136.937] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0136.937] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0136.937] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0136.937] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0136.937] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0136.937] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0136.937] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\\en-us.16\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82f016ef, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x82f9a029, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x82f9a029, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0136.940] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0136.940] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.941] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82f016ef, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x82f9a029, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x82f9a029, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.941] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.941] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.941] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82f73dd4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x82f73dd4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd7b21800, ftLastWriteTime.dwHighDateTime=0x1d0d7e5, nFileSizeHigh=0x0, nFileSizeLow=0x564f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MasterDescriptor.en-us.xml", cAlternateFileName="MASTER~1.XML")) returned 1 [0136.941] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.941] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.941] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0136.941] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0136.941] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0136.941] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0136.941] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0136.941] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0136.941] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82f73dd4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x82f73dd4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfe714e00, ftLastWriteTime.dwHighDateTime=0x1d0d7e7, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="s641033.hash", cAlternateFileName="S64103~1.HAS")) returned 1 [0136.941] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.941] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.941] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82f73dd4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x82f73dd4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xdcc39700, ftLastWriteTime.dwHighDateTime=0x1d0d7e6, nFileSizeHigh=0x0, nFileSizeLow=0xd77c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.en-us.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0136.941] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.941] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.942] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0136.942] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0136.942] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0136.942] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0136.942] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0136.942] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0136.942] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82f73dd4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x82f73dd4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xdcc39700, ftLastWriteTime.dwHighDateTime=0x1d0d7e6, nFileSizeHigh=0x0, nFileSizeLow=0xd77c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.en-us.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0136.942] GetLastError () returned 0x12 [0136.942] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0136.943] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82f9a029, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x8300c739, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8300c739, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x-none.16", cAlternateFileName="")) returned 1 [0136.943] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0136.943] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0136.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0136.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0136.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0136.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0136.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0136.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0136.945] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\\x-none.16\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82f9a029, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x8300c739, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8300c739, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0136.953] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0136.953] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.953] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82f9a029, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x8300c739, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8300c739, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.953] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.953] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.953] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82fc026f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x82fc026f, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd54fbe00, ftLastWriteTime.dwHighDateTime=0x1d0d7e5, nFileSizeHigh=0x0, nFileSizeLow=0x5211, dwReserved0=0x0, dwReserved1=0x0, cFileName="MasterDescriptor.x-none.xml", cAlternateFileName="MASTER~1.XML")) returned 1 [0136.953] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.953] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.953] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0136.953] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0136.953] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0136.953] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0136.953] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0136.953] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0136.953] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82fc026f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x82fc026f, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfe714e00, ftLastWriteTime.dwHighDateTime=0x1d0d7e7, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="s640.hash", cAlternateFileName="S640~1.HAS")) returned 1 [0136.954] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.954] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.954] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82fc026f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x82fc026f, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfe714e00, ftLastWriteTime.dwHighDateTime=0x1d0d7e7, nFileSizeHigh=0x0, nFileSizeLow=0x38480a, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.x-none.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0136.954] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.954] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0136.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0136.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0136.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0136.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0136.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0136.954] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82fc026f, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x82fc026f, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xfe714e00, ftLastWriteTime.dwHighDateTime=0x1d0d7e7, nFileSizeHigh=0x0, nFileSizeLow=0x38480a, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x64.x-none.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0136.954] GetLastError () returned 0x12 [0136.954] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0136.955] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82f9a029, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x8300c739, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8300c739, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x-none.16", cAlternateFileName="")) returned 0 [0136.955] GetLastError () returned 0x12 [0136.955] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0136.956] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3dbb3c9, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8512127a, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8512127a, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x7b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeploymentConfig.0.xml", cAlternateFileName="DEPLOY~1.XML")) returned 1 [0136.956] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0136.956] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0136.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfig.0.xml", cchCount2=8) returned 1 [0136.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfig.0.xml", cchCount2=4) returned 1 [0136.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfig.0.xml", cchCount2=8) returned 1 [0136.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfig.0.xml", cchCount2=4) returned 1 [0136.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfig.0.xml", cchCount2=8) returned 1 [0136.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfig.0.xml", cchCount2=4) returned 1 [0136.956] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b22dc95, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfa011b19, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xfa011b19, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x7b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeploymentConfig.1.xml", cAlternateFileName="DEPLOY~3.XML")) returned 1 [0136.956] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0136.956] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0136.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfig.1.xml", cchCount2=8) returned 1 [0136.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfig.1.xml", cchCount2=4) returned 1 [0136.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfig.1.xml", cchCount2=8) returned 1 [0136.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfig.1.xml", cchCount2=4) returned 1 [0136.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfig.1.xml", cchCount2=8) returned 1 [0136.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfig.1.xml", cchCount2=4) returned 1 [0136.957] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x534ee362, ftCreationTime.dwHighDateTime=0x1d32745, ftLastAccessTime.dwLowDateTime=0x3c4413a9, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3c4413a9, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x566, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeploymentConfig.2.xml", cAlternateFileName="DEPLOY~2.XML")) returned 1 [0136.957] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0136.957] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0136.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfig.2.xml", cchCount2=8) returned 1 [0136.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfig.2.xml", cchCount2=4) returned 1 [0136.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfig.2.xml", cchCount2=8) returned 1 [0136.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfig.2.xml", cchCount2=4) returned 1 [0136.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfig.2.xml", cchCount2=8) returned 1 [0136.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfig.2.xml", cchCount2=4) returned 1 [0136.957] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845f41a7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineData", cAlternateFileName="MACHIN~1")) returned 1 [0136.957] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0136.957] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0136.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MachineData", cchCount2=8) returned 1 [0136.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MachineData", cchCount2=4) returned 1 [0136.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MachineData", cchCount2=8) returned 1 [0136.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MachineData", cchCount2=4) returned 1 [0136.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MachineData", cchCount2=8) returned 1 [0136.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MachineData", cchCount2=4) returned 1 [0136.958] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\MachineData\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845f41a7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0136.958] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0136.958] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0136.958] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845f41a7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.958] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0136.959] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0136.959] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85953409, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Catalog", cAlternateFileName="")) returned 1 [0136.959] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0136.959] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0136.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Catalog", cchCount2=4) returned 1 [0136.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Catalog", cchCount2=4) returned 1 [0136.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Catalog", cchCount2=4) returned 1 [0136.959] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\MachineData\\Catalog\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85953409, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d728 [0136.959] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0136.959] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.959] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85953409, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.960] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.960] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.960] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85953409, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Packages", cAlternateFileName="")) returned 1 [0136.960] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.960] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.960] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Packages", cchCount2=8) returned 1 [0136.960] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Packages", cchCount2=4) returned 1 [0136.960] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Packages", cchCount2=8) returned 1 [0136.960] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Packages", cchCount2=4) returned 1 [0136.960] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Packages", cchCount2=8) returned 1 [0136.960] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Packages", cchCount2=4) returned 1 [0136.960] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\MachineData\\Catalog\\Packages\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85953409, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0136.961] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0136.961] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0136.961] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85953409, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.961] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0136.961] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0136.961] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85953409, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{9AC08E99-230B-47E8-9721-4577B7F124EA}", cAlternateFileName="{9AC08~1")) returned 1 [0136.961] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0136.961] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0136.961] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{9AC08E99-230B-47E8-9721-4577B7F124EA}", cchCount2=8) returned 1 [0136.961] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{9AC08E99-230B-47E8-9721-4577B7F124EA}", cchCount2=4) returned 1 [0136.961] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{9AC08E99-230B-47E8-9721-4577B7F124EA}", cchCount2=8) returned 1 [0136.961] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{9AC08E99-230B-47E8-9721-4577B7F124EA}", cchCount2=4) returned 1 [0136.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{9AC08E99-230B-47E8-9721-4577B7F124EA}", cchCount2=8) returned 1 [0136.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{9AC08E99-230B-47E8-9721-4577B7F124EA}", cchCount2=4) returned 1 [0136.962] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\MachineData\\Catalog\\Packages\\{9AC08E99-230B-47E8-9721-4577B7F124EA}\\*", lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85953409, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6a8 [0136.962] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e6a0 | out: lpLocalFileTime=0x19e6a0) returned 1 [0136.962] FileTimeToDosDateTime (in: lpFileTime=0x19e6a0, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0136.962] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85953409, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.963] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0136.963] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0136.963] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x3cb8e906, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3cb8e906, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{1A8308C7-90D1-4200-B16E-646F163A08E8}", cAlternateFileName="{1A830~1")) returned 1 [0136.963] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0136.963] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0136.963] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{1A8308C7-90D1-4200-B16E-646F163A08E8}", cchCount2=8) returned 1 [0136.963] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{1A8308C7-90D1-4200-B16E-646F163A08E8}", cchCount2=4) returned 1 [0136.963] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{1A8308C7-90D1-4200-B16E-646F163A08E8}", cchCount2=8) returned 1 [0136.963] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{1A8308C7-90D1-4200-B16E-646F163A08E8}", cchCount2=4) returned 1 [0136.963] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{1A8308C7-90D1-4200-B16E-646F163A08E8}", cchCount2=8) returned 1 [0136.963] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{1A8308C7-90D1-4200-B16E-646F163A08E8}", cchCount2=4) returned 1 [0136.964] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\MachineData\\Catalog\\Packages\\{9AC08E99-230B-47E8-9721-4577B7F124EA}\\{1A8308C7-90D1-4200-B16E-646F163A08E8}\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x3cb8e906, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3cb8e906, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d768 [0136.965] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0136.965] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0136.965] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x3cb8e906, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3cb8e906, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.965] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0136.965] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0136.965] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x3c4670e0, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x266, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeploymentConfiguration.xml", cAlternateFileName="DEPLOY~1.XML")) returned 1 [0136.965] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0136.965] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0136.965] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfiguration.xml", cchCount2=8) returned 1 [0136.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfiguration.xml", cchCount2=4) returned 1 [0136.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfiguration.xml", cchCount2=8) returned 1 [0136.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfiguration.xml", cchCount2=4) returned 1 [0136.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeploymentConfiguration.xml", cchCount2=8) returned 1 [0136.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeploymentConfiguration.xml", cchCount2=4) returned 1 [0136.966] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84d6778e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf9dfb986, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xf9e9425d, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x5ab2f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Manifest.xml", cAlternateFileName="")) returned 1 [0136.966] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0136.966] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0136.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Manifest.xml", cchCount2=8) returned 1 [0136.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Manifest.xml", cchCount2=4) returned 1 [0136.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Manifest.xml", cchCount2=8) returned 1 [0136.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Manifest.xml", cchCount2=4) returned 1 [0136.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Manifest.xml", cchCount2=8) returned 1 [0136.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Manifest.xml", cchCount2=4) returned 1 [0136.967] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8639b81c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf39b2ab6, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x3c4670e0, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x266, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserDeploymentConfiguration.xml", cAlternateFileName="USERDE~1.XML")) returned 1 [0136.967] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0136.967] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="UserDeploymentConfiguration.xml", cchCount2=8) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="UserDeploymentConfiguration.xml", cchCount2=4) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="UserDeploymentConfiguration.xml", cchCount2=8) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="UserDeploymentConfiguration.xml", cchCount2=4) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="UserDeploymentConfiguration.xml", cchCount2=8) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="UserDeploymentConfiguration.xml", cchCount2=4) returned 1 [0136.967] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85eb08ee, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf36dde8c, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x42b5f096, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x38e9a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserManifest.xml", cAlternateFileName="USERMA~1.XML")) returned 1 [0136.967] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0136.967] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="UserManifest.xml", cchCount2=8) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="UserManifest.xml", cchCount2=4) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="UserManifest.xml", cchCount2=8) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="UserManifest.xml", cchCount2=4) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="UserManifest.xml", cchCount2=8) returned 1 [0136.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="UserManifest.xml", cchCount2=4) returned 1 [0136.968] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85eb08ee, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf36dde8c, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x42b5f096, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x38e9a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserManifest.xml", cAlternateFileName="USERMA~1.XML")) returned 0 [0136.968] GetLastError () returned 0x12 [0136.968] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0136.969] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x3cb8e906, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3cb8e906, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{1A8308C7-90D1-4200-B16E-646F163A08E8}", cAlternateFileName="{1A830~1")) returned 0 [0136.969] GetLastError () returned 0x12 [0136.969] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0136.969] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85953409, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{9AC08E99-230B-47E8-9721-4577B7F124EA}", cAlternateFileName="{9AC08~1")) returned 0 [0136.969] GetLastError () returned 0x12 [0136.969] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0136.969] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85953409, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85953409, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85953409, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Packages", cAlternateFileName="")) returned 0 [0136.969] GetLastError () returned 0x12 [0136.969] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0136.969] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85eb08ee, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85eb08ee, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Integration", cAlternateFileName="INTEGR~1")) returned 1 [0136.969] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0136.969] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0136.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Integration", cchCount2=8) returned 1 [0136.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Integration", cchCount2=4) returned 1 [0136.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Integration", cchCount2=8) returned 1 [0136.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Integration", cchCount2=4) returned 1 [0136.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Integration", cchCount2=8) returned 1 [0136.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Integration", cchCount2=4) returned 1 [0136.970] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\MachineData\\Integration\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85eb08ee, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85eb08ee, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0136.970] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0136.970] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.971] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85eb08ee, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85eb08ee, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.971] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.971] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.971] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85eb08ee, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85eb08ee, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShortcutBackups", cAlternateFileName="SHORTC~1")) returned 1 [0136.971] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0136.971] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0136.971] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ShortcutBackups", cchCount2=8) returned 1 [0136.971] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ShortcutBackups", cchCount2=4) returned 1 [0136.971] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ShortcutBackups", cchCount2=8) returned 1 [0136.971] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ShortcutBackups", cchCount2=4) returned 1 [0136.971] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ShortcutBackups", cchCount2=8) returned 1 [0136.971] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ShortcutBackups", cchCount2=4) returned 1 [0136.971] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\MachineData\\Integration\\ShortcutBackups\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85eb08ee, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85eb08ee, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d728 [0136.971] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0136.971] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0136.972] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85eb08ee, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85eb08ee, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.972] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0136.972] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0136.972] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85eb08ee, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85eb08ee, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0136.972] GetLastError () returned 0x12 [0136.972] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0136.972] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85eb08ee, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85eb08ee, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShortcutBackups", cAlternateFileName="SHORTC~1")) returned 0 [0136.972] GetLastError () returned 0x12 [0136.972] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0136.972] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85eb08ee, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x85eb08ee, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x85eb08ee, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Integration", cAlternateFileName="INTEGR~1")) returned 0 [0136.972] GetLastError () returned 0x12 [0136.972] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0136.972] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8826bb5f, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0x683c4eba, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x683c4eba, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProductReleases", cAlternateFileName="PRODUC~1")) returned 1 [0136.972] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0136.972] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0136.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ProductReleases", cchCount2=8) returned 1 [0136.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ProductReleases", cchCount2=4) returned 1 [0136.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ProductReleases", cchCount2=8) returned 1 [0136.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ProductReleases", cchCount2=4) returned 1 [0136.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ProductReleases", cchCount2=8) returned 1 [0136.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ProductReleases", cchCount2=4) returned 1 [0136.973] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8826bb5f, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0x683c4eba, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x683c4eba, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0137.126] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0137.126] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.215] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8826bb5f, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0x683c4eba, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x683c4eba, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.215] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.215] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.215] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19bad881, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a320d06, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x1a320d06, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5A65C4D7-3CDF-4BE4-8560-F036D300C13F", cAlternateFileName="5A65C4~1")) returned 1 [0137.215] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.215] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="5A65C4D7-3CDF-4BE4-8560-F036D300C13F", cchCount2=8) returned 1 [0137.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="5A65C4D7-3CDF-4BE4-8560-F036D300C13F", cchCount2=4) returned 1 [0137.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="5A65C4D7-3CDF-4BE4-8560-F036D300C13F", cchCount2=8) returned 1 [0137.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="5A65C4D7-3CDF-4BE4-8560-F036D300C13F", cchCount2=4) returned 1 [0137.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="5A65C4D7-3CDF-4BE4-8560-F036D300C13F", cchCount2=8) returned 1 [0137.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="5A65C4D7-3CDF-4BE4-8560-F036D300C13F", cchCount2=4) returned 1 [0137.216] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19bad881, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a320d06, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x1a320d06, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0137.650] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0137.650] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.650] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19bad881, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a320d06, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x1a320d06, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.650] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.651] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.651] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a320d06, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a49e573, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x1a49e573, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-us.16", cAlternateFileName="")) returned 1 [0137.651] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.651] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0137.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0137.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0137.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0137.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0137.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0137.652] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\\en-us.16\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a320d06, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a49e573, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x1a49e573, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0137.655] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0137.655] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.655] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a320d06, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a49e573, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x1a49e573, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.656] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.656] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.656] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a346f8d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a346f8d, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd19cd600, ftLastWriteTime.dwHighDateTime=0x1d32052, nFileSizeHigh=0x0, nFileSizeLow=0x5bec, dwReserved0=0x0, dwReserved1=0x0, cFileName="MasterDescriptor.en-us.xml", cAlternateFileName="MASTER~1.XML")) returned 1 [0137.656] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.656] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0137.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0137.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0137.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0137.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0137.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0137.656] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a36d2e4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a36d2e4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x918a2300, ftLastWriteTime.dwHighDateTime=0x1d32053, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="s321033.hash", cAlternateFileName="S32103~1.HAS")) returned 1 [0137.656] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.656] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.657] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a36d2e4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a36d2e4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x918a2300, ftLastWriteTime.dwHighDateTime=0x1d32053, nFileSizeHigh=0x0, nFileSizeLow=0x1dff67, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.Platform.Culture.man.xml", cAlternateFileName="STREAM~1.XML")) returned 1 [0137.657] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.657] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.657] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.Platform.Culture.man.xml", cchCount2=8) returned 1 [0137.657] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.Platform.Culture.man.xml", cchCount2=4) returned 1 [0137.657] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.Platform.Culture.man.xml", cchCount2=8) returned 1 [0137.657] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.Platform.Culture.man.xml", cchCount2=4) returned 1 [0137.657] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.Platform.Culture.man.xml", cchCount2=8) returned 1 [0137.657] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.Platform.Culture.man.xml", cchCount2=4) returned 1 [0137.657] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a49e573, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a49e573, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8f27c900, ftLastWriteTime.dwHighDateTime=0x1d32053, nFileSizeHigh=0x0, nFileSizeLow=0x80, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x86.en-us.hash", cAlternateFileName="STREAM~1.HAS")) returned 1 [0137.657] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.657] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.658] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a49e573, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a49e573, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8f27c900, ftLastWriteTime.dwHighDateTime=0x1d32053, nFileSizeHigh=0x0, nFileSizeLow=0x108693, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x86.en-us.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0137.658] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.658] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.658] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.en-us.man.dat", cchCount2=8) returned 1 [0137.658] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.en-us.man.dat", cchCount2=4) returned 1 [0137.658] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.en-us.man.dat", cchCount2=8) returned 1 [0137.658] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.en-us.man.dat", cchCount2=4) returned 1 [0137.658] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.en-us.man.dat", cchCount2=8) returned 1 [0137.658] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.en-us.man.dat", cchCount2=4) returned 1 [0137.658] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a49e573, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a49e573, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x8f27c900, ftLastWriteTime.dwHighDateTime=0x1d32053, nFileSizeHigh=0x0, nFileSizeLow=0x108693, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x86.en-us.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0137.658] GetLastError () returned 0x12 [0137.658] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0137.659] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19bd39c1, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a025ed3, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x1a025ed3, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x-none.16", cAlternateFileName="")) returned 1 [0137.659] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.659] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.659] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0137.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0137.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0137.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0137.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0137.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0137.660] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\5A65C4D7-3CDF-4BE4-8560-F036D300C13F\\x-none.16\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19bd39c1, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a025ed3, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x1a025ed3, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d768 [0137.701] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0137.701] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.701] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19bd39c1, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a025ed3, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x1a025ed3, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.701] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.701] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.701] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19bd39c1, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x19bd39c1, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xdd889800, ftLastWriteTime.dwHighDateTime=0x1d32052, nFileSizeHigh=0x0, nFileSizeLow=0x5b31, dwReserved0=0x0, dwReserved1=0x0, cFileName="MasterDescriptor.x-none.xml", cAlternateFileName="MASTER~1.XML")) returned 1 [0137.701] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.701] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.701] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0137.701] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0137.701] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0137.701] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0137.701] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0137.701] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0137.701] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19bf9d35, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x19bf9d35, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x6aa2800, ftLastWriteTime.dwHighDateTime=0x1d32055, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="s320.hash", cAlternateFileName="S320~1.HAS")) returned 1 [0137.701] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.701] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.702] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19bf9d35, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x19bf9d35, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x6aa2800, ftLastWriteTime.dwHighDateTime=0x1d32055, nFileSizeHigh=0x0, nFileSizeLow=0x7e0a5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.Platform.x-none.man.xml", cAlternateFileName="STREAM~1.XML")) returned 1 [0137.702] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.702] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.Platform.x-none.man.xml", cchCount2=8) returned 1 [0137.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.Platform.x-none.man.xml", cchCount2=4) returned 1 [0137.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.Platform.x-none.man.xml", cchCount2=8) returned 1 [0137.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.Platform.x-none.man.xml", cchCount2=4) returned 1 [0137.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.Platform.x-none.man.xml", cchCount2=8) returned 1 [0137.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.Platform.x-none.man.xml", cchCount2=4) returned 1 [0137.702] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19fffcc2, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x19fffcc2, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x316a100, ftLastWriteTime.dwHighDateTime=0x1d32055, nFileSizeHigh=0x0, nFileSizeLow=0x80, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x86.x-none.hash", cAlternateFileName="STREAM~1.HAS")) returned 1 [0137.702] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.702] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.702] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19fffcc2, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x19fffcc2, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x447ce00, ftLastWriteTime.dwHighDateTime=0x1d32055, nFileSizeHigh=0x0, nFileSizeLow=0x460b47, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x86.x-none.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0137.702] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.702] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.x-none.man.dat", cchCount2=8) returned 1 [0137.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.x-none.man.dat", cchCount2=4) returned 1 [0137.703] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.x-none.man.dat", cchCount2=8) returned 1 [0137.703] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.x-none.man.dat", cchCount2=4) returned 1 [0137.703] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.x-none.man.dat", cchCount2=8) returned 1 [0137.703] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.x-none.man.dat", cchCount2=4) returned 1 [0137.703] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19fffcc2, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x19fffcc2, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x447ce00, ftLastWriteTime.dwHighDateTime=0x1d32055, nFileSizeHigh=0x0, nFileSizeLow=0x460b47, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x86.x-none.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0137.703] GetLastError () returned 0x12 [0137.703] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0137.704] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19bd39c1, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x1a025ed3, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x1a025ed3, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x-none.16", cAlternateFileName="")) returned 0 [0137.704] GetLastError () returned 0x12 [0137.704] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0137.704] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x106db4bf, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x1141e67e, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x1141e67e, ftLastWriteTime.dwHighDateTime=0x1d327ce, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="A6A87302-92AE-41F2-AC52-73F5EE18259F", cAlternateFileName="A6A873~1")) returned 1 [0137.704] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.704] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.704] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="A6A87302-92AE-41F2-AC52-73F5EE18259F", cchCount2=8) returned 1 [0137.704] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="A6A87302-92AE-41F2-AC52-73F5EE18259F", cchCount2=4) returned 1 [0137.705] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="A6A87302-92AE-41F2-AC52-73F5EE18259F", cchCount2=8) returned 1 [0137.705] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="A6A87302-92AE-41F2-AC52-73F5EE18259F", cchCount2=4) returned 1 [0137.705] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="A6A87302-92AE-41F2-AC52-73F5EE18259F", cchCount2=8) returned 1 [0137.705] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="A6A87302-92AE-41F2-AC52-73F5EE18259F", cchCount2=4) returned 1 [0137.705] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\A6A87302-92AE-41F2-AC52-73F5EE18259F\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x106db4bf, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x1141e67e, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x1141e67e, ftLastWriteTime.dwHighDateTime=0x1d327ce, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0137.707] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0137.707] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.707] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x106db4bf, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x1141e67e, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x1141e67e, ftLastWriteTime.dwHighDateTime=0x1d327ce, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.707] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.707] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.707] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x110186f1, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x66b4e849, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x66b4e849, ftLastWriteTime.dwHighDateTime=0x1d327ce, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-us.16", cAlternateFileName="")) returned 1 [0137.707] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.707] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.707] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0137.708] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0137.708] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0137.708] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0137.708] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="en-us.16", cchCount2=8) returned 1 [0137.708] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-us.16", cchCount2=4) returned 1 [0137.708] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\A6A87302-92AE-41F2-AC52-73F5EE18259F\\en-us.16\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x110186f1, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x66b4e849, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x66b4e849, ftLastWriteTime.dwHighDateTime=0x1d327ce, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0137.713] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0137.713] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.713] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x110186f1, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x66b4e849, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x66b4e849, ftLastWriteTime.dwHighDateTime=0x1d327ce, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.713] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.713] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.713] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x113f8423, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x113f8423, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x8f27c900, ftLastWriteTime.dwHighDateTime=0x1d32053, nFileSizeHigh=0x0, nFileSizeLow=0x108693, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x86.en-us.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0137.713] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.713] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.713] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.en-us.man.dat", cchCount2=8) returned 1 [0137.713] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.en-us.man.dat", cchCount2=4) returned 1 [0137.713] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.en-us.man.dat", cchCount2=8) returned 1 [0137.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.en-us.man.dat", cchCount2=4) returned 1 [0137.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.en-us.man.dat", cchCount2=8) returned 1 [0137.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.en-us.man.dat", cchCount2=4) returned 1 [0137.714] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x113f8423, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x113f8423, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x8f27c900, ftLastWriteTime.dwHighDateTime=0x1d32053, nFileSizeHigh=0x0, nFileSizeLow=0x108693, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x86.en-us.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0137.714] GetLastError () returned 0x12 [0137.714] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0137.715] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x106db4bf, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x66b4e849, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x66b4e849, ftLastWriteTime.dwHighDateTime=0x1d327ce, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x-none.16", cAlternateFileName="")) returned 1 [0137.715] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.715] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.715] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0137.715] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0137.715] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0137.715] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0137.715] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="x-none.16", cchCount2=8) returned 1 [0137.715] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="x-none.16", cchCount2=4) returned 1 [0137.715] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\ProductReleases\\A6A87302-92AE-41F2-AC52-73F5EE18259F\\x-none.16\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x106db4bf, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x66b4e849, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x66b4e849, ftLastWriteTime.dwHighDateTime=0x1d327ce, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6a8 [0137.717] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0137.717] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.717] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x106db4bf, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x66b4e849, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x66b4e849, ftLastWriteTime.dwHighDateTime=0x1d327ce, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.717] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.717] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.717] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x10ff2492, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x10ff2492, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x447ce00, ftLastWriteTime.dwHighDateTime=0x1d32055, nFileSizeHigh=0x0, nFileSizeLow=0x460b47, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x86.x-none.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0137.718] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.718] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.718] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.x-none.man.dat", cchCount2=8) returned 1 [0137.718] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.x-none.man.dat", cchCount2=4) returned 1 [0137.718] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.x-none.man.dat", cchCount2=8) returned 1 [0137.718] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.x-none.man.dat", cchCount2=4) returned 1 [0137.718] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="stream.x86.x-none.man.dat", cchCount2=8) returned 1 [0137.718] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="stream.x86.x-none.man.dat", cchCount2=4) returned 1 [0137.718] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x10ff2492, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x10ff2492, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x447ce00, ftLastWriteTime.dwHighDateTime=0x1d32055, nFileSizeHigh=0x0, nFileSizeLow=0x460b47, dwReserved0=0x0, dwReserved1=0x0, cFileName="stream.x86.x-none.man.dat", cAlternateFileName="STREAM~1.DAT")) returned 0 [0137.718] GetLastError () returned 0x12 [0137.718] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0137.719] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x106db4bf, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x66b4e849, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x66b4e849, ftLastWriteTime.dwHighDateTime=0x1d327ce, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x-none.16", cAlternateFileName="")) returned 0 [0137.719] GetLastError () returned 0x12 [0137.719] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0137.719] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x106db4bf, ftCreationTime.dwHighDateTime=0x1d327ce, ftLastAccessTime.dwLowDateTime=0x1141e67e, ftLastAccessTime.dwHighDateTime=0x1d327ce, ftLastWriteTime.dwLowDateTime=0x1141e67e, ftLastWriteTime.dwHighDateTime=0x1d327ce, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="A6A87302-92AE-41F2-AC52-73F5EE18259F", cAlternateFileName="A6A873~1")) returned 0 [0137.719] GetLastError () returned 0x12 [0137.719] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0137.719] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845f41a7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x845f41a7, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x845f41a7, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0137.719] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.720] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.720] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="UserData", cchCount2=8) returned 1 [0137.720] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="UserData", cchCount2=4) returned 1 [0137.720] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="UserData", cchCount2=8) returned 1 [0137.720] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="UserData", cchCount2=4) returned 1 [0137.720] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="UserData", cchCount2=8) returned 1 [0137.720] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="UserData", cchCount2=4) returned 1 [0137.720] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\UserData\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845f41a7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x845f41a7, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x845f41a7, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0137.720] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0137.720] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845f41a7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x845f41a7, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x845f41a7, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.720] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.720] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.720] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x845f41a7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0x845f41a7, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0x845f41a7, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0137.721] GetLastError () returned 0x12 [0137.721] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0137.721] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49bee514, ftCreationTime.dwHighDateTime=0x1d32745, ftLastAccessTime.dwLowDateTime=0x3b87bb60, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b87bb60, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{9AC08E99-230B-47e8-9721-4577B7F124EA}", cAlternateFileName="{9AC08~1")) returned 1 [0137.721] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.721] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.721] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{9AC08E99-230B-47e8-9721-4577B7F124EA}", cchCount2=8) returned 1 [0137.721] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{9AC08E99-230B-47e8-9721-4577B7F124EA}", cchCount2=4) returned 1 [0137.721] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{9AC08E99-230B-47e8-9721-4577B7F124EA}", cchCount2=8) returned 1 [0137.721] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{9AC08E99-230B-47e8-9721-4577B7F124EA}", cchCount2=4) returned 1 [0137.721] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{9AC08E99-230B-47e8-9721-4577B7F124EA}", cchCount2=8) returned 1 [0137.721] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{9AC08E99-230B-47e8-9721-4577B7F124EA}", cchCount2=4) returned 1 [0137.721] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49bee514, ftCreationTime.dwHighDateTime=0x1d32745, ftLastAccessTime.dwLowDateTime=0x3b87bb60, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b87bb60, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0137.725] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0137.725] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.725] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49bee514, ftCreationTime.dwHighDateTime=0x1d32745, ftLastAccessTime.dwLowDateTime=0x3b87bb60, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b87bb60, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.726] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.726] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.726] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437adb83, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x437adb83, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x247ecc35, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x44e23, dwReserved0=0x0, dwReserved1=0x0, cFileName="AirSpace.Etw.man", cAlternateFileName="AIRSPA~1.MAN")) returned 1 [0137.726] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.726] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.726] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed71c4aa, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed71c4aa, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd2686ce0, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x91f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Access.Access.x-none.msi.16.x-none.xml", cAlternateFileName="C25A45~1.XML")) returned 1 [0137.726] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.726] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Access.Access.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Access.Access.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Access.Access.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Access.Access.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Access.Access.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Access.Access.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.727] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed71c4aa, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed71c4aa, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd356d87a, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0xe71c, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.accessmui.msi.16.en-us.xml", cAlternateFileName="C222C2~1.XML")) returned 1 [0137.727] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.727] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.accessmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.accessmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.accessmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.accessmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.accessmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.accessmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.727] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed71c4aa, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed71c4aa, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd31d9ff6, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x7fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.accessmuiset.msi.16.en-us.xml", cAlternateFileName="C2FB2E~1.XML")) returned 1 [0137.727] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.727] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.accessmuiset.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.accessmuiset.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.accessmuiset.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.accessmuiset.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.accessmuiset.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.accessmuiset.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed6f62ed, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed6f62ed, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd26f9444, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x3f14, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml", cAlternateFileName="C210C4~1.XML")) returned 1 [0137.728] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.728] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.729] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed6f62ed, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed6f62ed, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd31415cd, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x265a, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.dcfmui.msi.16.en-us.xml", cAlternateFileName="C206B0~1.XML")) returned 1 [0137.729] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.729] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.dcfmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.dcfmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.dcfmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.dcfmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.dcfmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.dcfmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.729] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed611426, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed611426, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd252f7b4, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x39d9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml", cAlternateFileName="C21578~1.XML")) returned 1 [0137.729] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.729] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.729] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed5c4f9a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed5c4f9a, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd330b2e9, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x8f70, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.excelmui.msi.16.en-us.xml", cAlternateFileName="C2D2CD~1.XML")) returned 1 [0137.729] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.730] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.excelmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.excelmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.excelmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.excelmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.excelmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.excelmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed59ed2c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed59ed2c, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd23fe538, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x8f8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml", cAlternateFileName="C233DB~1.XML")) returned 1 [0137.730] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.730] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.730] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed59ed2c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed59ed2c, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd3298bbd, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x180e, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.groovemui.msi.16.en-us.xml", cAlternateFileName="C26024~1.XML")) returned 1 [0137.731] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.731] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.groovemui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.groovemui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.groovemui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.groovemui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.groovemui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.groovemui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.731] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed59ed2c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed59ed2c, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd257bc65, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x1979c, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml", cAlternateFileName="C25956~1.XML")) returned 1 [0137.731] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.731] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.732] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed578aca, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed578aca, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd32bedda, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x5b94, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.lyncmui.msi.16.en-us.xml", cAlternateFileName="C2FCD6~1.XML")) returned 1 [0137.732] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.732] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.lyncmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.lyncmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.lyncmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.lyncmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.lyncmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.lyncmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.732] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed5063b1, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed5063b1, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd3593a88, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x6b4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.office32mui.msi.16.en-us.xml", cAlternateFileName="C2BADD~1.XML")) returned 1 [0137.732] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.732] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.office32mui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.office32mui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.office32mui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.office32mui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.office32mui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.office32mui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.733] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed3d50b2, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed3d50b2, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd2cc8f5f, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x4f3f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.office32ww.msi.16.x-none.xml", cAlternateFileName="C2EBFE~1.XML")) returned 1 [0137.733] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.733] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.office32ww.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.office32ww.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.office32ww.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.office32ww.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.office32ww.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.office32ww.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.733] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed31650e, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed31650e, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd36c4db5, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x19870, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.officemui.msi.16.en-us.xml", cAlternateFileName="C29059~1.XML")) returned 1 [0137.733] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.733] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.officemui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.officemui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.officemui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.officemui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.officemui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.officemui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.734] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed2f02a6, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed2f02a6, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd38424c0, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x7fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.officemuiset.msi.16.en-us.xml", cAlternateFileName="C2467F~1.XML")) returned 1 [0137.734] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.734] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.officemuiset.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.officemuiset.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.officemuiset.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.officemuiset.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.officemuiset.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.officemuiset.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.734] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed2f02a6, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed2f02a6, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd295b9b9, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x17b3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml", cAlternateFileName="C21839~1.XML")) returned 1 [0137.734] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.734] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.735] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed2ca0b4, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed2ca0b4, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd375d6d3, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x4a4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.onenotemui.msi.16.en-us.xml", cAlternateFileName="C24C3D~1.XML")) returned 1 [0137.735] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.735] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.onenotemui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.onenotemui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.onenotemui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.onenotemui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.onenotemui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.onenotemui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.735] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed2a3e81, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed2a3e81, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd29a7ddb, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x5f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml", cAlternateFileName="C24EFF~1.XML")) returned 1 [0137.735] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.735] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.735] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed2a3e81, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed2a3e81, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd3678904, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x2b28, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.osmmui.msi.16.en-us.xml", cAlternateFileName="C25F09~1.XML")) returned 1 [0137.736] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.736] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.osmmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.osmmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.osmmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.osmmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.osmmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.osmmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.736] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed25796c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed25796c, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd28c2fa3, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x906, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml", cAlternateFileName="C22C6F~1.XML")) returned 1 [0137.736] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.736] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.737] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed25796c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed25796c, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd362c40f, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x2b8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.osmuxmui.msi.16.en-us.xml", cAlternateFileName="C21C45~1.XML")) returned 1 [0137.737] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.737] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.osmuxmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.osmuxmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.osmuxmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.osmuxmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.osmuxmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.osmuxmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.737] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed25796c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed25796c, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd276bb03, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x17194, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml", cAlternateFileName="C29151~1.XML")) returned 1 [0137.865] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.865] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.865] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed20b499, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed20b499, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd3783951, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x17984, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.outlookmui.msi.16.en-us.xml", cAlternateFileName="C2C4E2~1.XML")) returned 1 [0137.865] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.865] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.outlookmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.outlookmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.outlookmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.outlookmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.outlookmui.msi.16.en-us.xml", cchCount2=8) returned 1 [0137.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.outlookmui.msi.16.en-us.xml", cchCount2=4) returned 1 [0137.866] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed1e5243, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed1e5243, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd27de170, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0xafddc, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml", cAlternateFileName="C280EB~1.XML")) returned 1 [0137.866] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.866] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.866] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed12666a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed12666a, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd290f4ec, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x195a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml", cAlternateFileName="C222CA~1.XML")) returned 1 [0137.867] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.867] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.867] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.867] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml", cchCount2=4) returned 1 [0137.867] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml", cchCount2=8) returned 1 [0137.867] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed0da264, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed0da264, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd35dffce, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x689e, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.powerpointmui.msi.16.en-us.xml", cAlternateFileName="C27FF4~1.XML")) returned 1 [0137.867] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.867] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.867] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b87bb60, ftCreationTime.dwHighDateTime=0x1d47c34, ftLastAccessTime.dwLowDateTime=0x3b87bb60, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b1a0d3d, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x7446, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Project.Project.x-none.msi.16.x-none.xml", cAlternateFileName="C2E87B~1.XML")) returned 1 [0137.868] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.868] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.868] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b87bb60, ftCreationTime.dwHighDateTime=0x1d47c34, ftLastAccessTime.dwLowDateTime=0x3b87bb60, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b2d20ad, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x809e, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.projectmui.msi.16.en-us.xml", cAlternateFileName="C26005~1.XML")) returned 1 [0137.868] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.868] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.868] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed08dd97, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed08dd97, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd397382c, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x63ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Proof.Culture.msi.16.en-us.xml", cAlternateFileName="C2B3EB~1.XML")) returned 1 [0137.868] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.868] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.868] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed08dd97, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed08dd97, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd37a9bb2, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x5fee, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Proof.Culture.msi.16.es-es.xml", cAlternateFileName="C23127~1.XML")) returned 1 [0137.868] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.868] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.869] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed067a9a, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed067a9a, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd3999a72, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x5fee, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Proof.Culture.msi.16.fr-fr.xml", cAlternateFileName="C2BAB3~1.XML")) returned 1 [0137.869] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.869] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.869] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed041918, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed041918, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd37f6035, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x7fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.proofing.msi.16.en-us.xml", cAlternateFileName="C24618~1.XML")) returned 1 [0137.869] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.869] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.869] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed041918, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed041918, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd2b97d2d, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x12e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml", cAlternateFileName="C2C6D1~1.XML")) returned 1 [0137.869] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.869] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.869] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed041918, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed041918, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd37374c5, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x3734, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.publishermui.msi.16.en-us.xml", cAlternateFileName="C2RMAN~4.XML")) returned 1 [0137.869] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.870] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.870] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed01b5ef, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xed01b5ef, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd29ce0e8, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0xb27ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.shared.Office.x-none.msi.16.x-none.xml", cAlternateFileName="C2RMAN~3.XML")) returned 1 [0137.870] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.870] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.870] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a705a3, ftCreationTime.dwHighDateTime=0x1d47c32, ftLastAccessTime.dwLowDateTime=0x1a705a3, ftLastAccessTime.dwHighDateTime=0x1d47c32, ftLastWriteTime.dwLowDateTime=0x11cbd0e, ftLastWriteTime.dwHighDateTime=0x1d47c32, nFileSizeHigh=0x0, nFileSizeLow=0x2aafe, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml", cAlternateFileName="C2668D~1.XML")) returned 1 [0137.870] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.870] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.870] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a4a3b4, ftCreationTime.dwHighDateTime=0x1d47c32, ftLastAccessTime.dwLowDateTime=0x1a4a3b4, ftLastAccessTime.dwHighDateTime=0x1d47c32, ftLastWriteTime.dwLowDateTime=0x1218203, ftLastWriteTime.dwHighDateTime=0x1d47c32, nFileSizeHigh=0x0, nFileSizeLow=0xf0cb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.visiomui.msi.16.en-us.xml", cAlternateFileName="C2A712~1.XML")) returned 1 [0137.870] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.870] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.870] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecf5ca1c, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xecf5ca1c, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd2dd401b, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x1536e, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.Word.Word.x-none.msi.16.x-none.xml", cAlternateFileName="C2RMAN~2.XML")) returned 1 [0137.870] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.870] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.871] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecf3682d, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xecf3682d, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xd3a7e818, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x130fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2RManifest.wordmui.msi.16.en-us.xml", cAlternateFileName="C2RMAN~1.XML")) returned 1 [0137.871] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.871] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.871] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49bee514, ftCreationTime.dwHighDateTime=0x1d32745, ftLastAccessTime.dwLowDateTime=0x49bee514, ftLastAccessTime.dwHighDateTime=0x1d32745, ftLastWriteTime.dwLowDateTime=0xd2dfa2a2, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x12c470, dwReserved0=0x0, dwReserved1=0x0, cFileName="integrator.exe", cAlternateFileName="INTEGR~1.EXE")) returned 1 [0137.871] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.871] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.871] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f3481a2, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x3f3481a2, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0xf427d4ce, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0xce8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml", cAlternateFileName="MICROS~2.XML")) returned 1 [0137.871] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.871] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.871] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f0e5bdc, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x3f0e5bdc, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0xf40d9aa3, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0xca6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cAlternateFileName="MICROS~1.XML")) returned 1 [0137.886] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.886] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.886] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x433f4072, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x433f4072, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x1bd7df5e, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x1b826, dwReserved0=0x0, dwReserved1=0x0, cFileName="msoutilstat.etw.man", cAlternateFileName="MSOUTI~1.MAN")) returned 1 [0137.886] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.886] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.886] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42b4f7c0, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x42b4f7c0, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x244f1ded, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x9bddd, dwReserved0=0x0, dwReserved1=0x0, cFileName="wordEtw.man", cAlternateFileName="")) returned 1 [0137.887] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.887] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.887] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42b4f7c0, ftCreationTime.dwHighDateTime=0x1d327e9, ftLastAccessTime.dwLowDateTime=0x42b4f7c0, ftLastAccessTime.dwHighDateTime=0x1d327e9, ftLastWriteTime.dwLowDateTime=0x244f1ded, ftLastWriteTime.dwHighDateTime=0x1d327e8, nFileSizeHigh=0x0, nFileSizeLow=0x9bddd, dwReserved0=0x0, dwReserved1=0x0, cFileName="wordEtw.man", cAlternateFileName="")) returned 0 [0137.887] GetLastError () returned 0x12 [0137.887] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0137.888] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49bee514, ftCreationTime.dwHighDateTime=0x1d32745, ftLastAccessTime.dwLowDateTime=0x3b87bb60, ftLastAccessTime.dwHighDateTime=0x1d47c34, ftLastWriteTime.dwLowDateTime=0x3b87bb60, ftLastWriteTime.dwHighDateTime=0x1d47c34, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{9AC08E99-230B-47e8-9721-4577B7F124EA}", cAlternateFileName="{9AC08~1")) returned 0 [0137.889] GetLastError () returned 0x12 [0137.889] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0137.889] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x77356b64, ftLastAccessTime.dwHighDateTime=0x1d32793, ftLastWriteTime.dwLowDateTime=0x77356b64, ftLastWriteTime.dwHighDateTime=0x1d32793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0137.889] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0137.889] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0137.889] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x77356b64, ftLastAccessTime.dwHighDateTime=0x1d32793, ftLastWriteTime.dwLowDateTime=0x77356b64, ftLastWriteTime.dwHighDateTime=0x1d32793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0137.890] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0137.890] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.890] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x77356b64, ftLastAccessTime.dwHighDateTime=0x1d32793, ftLastWriteTime.dwLowDateTime=0x77356b64, ftLastWriteTime.dwHighDateTime=0x1d32793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.890] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.890] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.890] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x42e812c9, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x42e812c9, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DSS", cAlternateFileName="")) returned 1 [0137.890] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.890] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.890] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x42e812c9, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x42e812c9, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffff8a8, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0137.891] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0137.891] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.891] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x42e812c9, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x42e812c9, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffff8a8, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.891] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.891] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.891] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd330d8b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffff8a8, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0137.891] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.891] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.891] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\DSS\\MachineKeys\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd330d8b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0137.893] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0137.893] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.893] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd330d8b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.893] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.893] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.893] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd330d8b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0137.893] GetLastError () returned 0x12 [0137.893] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0137.906] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd330d8b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffff8a8, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 0 [0137.906] GetLastError () returned 0x12 [0137.906] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0137.906] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd33178c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Keys", cAlternateFileName="")) returned 1 [0137.906] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.906] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.906] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\Keys\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd33178c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0137.908] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0137.908] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.909] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd33178c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.909] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.909] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.909] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd33178c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0137.909] GetLastError () returned 0x12 [0137.909] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0137.909] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x416372c8, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x416372c8, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PCPKSP", cAlternateFileName="")) returned 1 [0137.909] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.909] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.909] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\PCPKSP\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x416372c8, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x416372c8, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0137.910] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0137.910] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.910] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x416372c8, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x416372c8, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.910] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.910] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.910] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd332abc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsAIK", cAlternateFileName="WINDOW~1")) returned 1 [0137.910] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.910] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.910] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\PCPKSP\\WindowsAIK\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd332abc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0137.911] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0137.911] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.911] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd332abc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.911] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.911] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.911] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd332abc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0137.911] GetLastError () returned 0x12 [0137.911] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0137.911] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd332abc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcdfeea, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsAIK", cAlternateFileName="WINDOW~1")) returned 0 [0137.911] GetLastError () returned 0x12 [0137.911] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0137.911] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x17c6f037, ftLastAccessTime.dwHighDateTime=0x1d2a02b, ftLastWriteTime.dwLowDateTime=0x17c6f037, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0137.911] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.911] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.911] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x17c6f037, ftLastAccessTime.dwHighDateTime=0x1d2a02b, ftLastWriteTime.dwLowDateTime=0x77356b64, ftLastWriteTime.dwHighDateTime=0x1d32793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0137.912] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0137.912] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.912] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x17c6f037, ftLastAccessTime.dwHighDateTime=0x1d2a02b, ftLastWriteTime.dwLowDateTime=0x77356b64, ftLastWriteTime.dwHighDateTime=0x1d32793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.912] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.912] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.912] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd40a02b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x955a3652, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MachineKeys", cAlternateFileName="MACHIN~1")) returned 1 [0137.912] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.912] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.912] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\MachineKeys\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd40a02b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x955a3652, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0137.913] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0137.913] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.913] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd40a02b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x955a3652, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.913] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.913] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.914] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0xcb806263, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcb806263, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xcbbe5f7c, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x8b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="f686aace6942fb7f7ceb231212eef4a4_e8d761b7-8a68-4187-8c95-75a3788ac267", cAlternateFileName="F686AA~1")) returned 1 [0137.914] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.914] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.914] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0xcb806263, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcb806263, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xcbbe5f7c, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x8b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="f686aace6942fb7f7ceb231212eef4a4_e8d761b7-8a68-4187-8c95-75a3788ac267", cAlternateFileName="F686AA~1")) returned 0 [0137.914] GetLastError () returned 0x12 [0137.914] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0137.914] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x4c150294, ftCreationTime.dwHighDateTime=0x1d32723, ftLastAccessTime.dwLowDateTime=0x4c150294, ftLastAccessTime.dwHighDateTime=0x1d32723, ftLastWriteTime.dwLowDateTime=0x4c150294, ftLastWriteTime.dwHighDateTime=0x1d32723, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0137.914] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.914] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.914] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\RSA\\S-1-5-18\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x4c150294, ftCreationTime.dwHighDateTime=0x1d32723, ftLastAccessTime.dwLowDateTime=0x4c150294, ftLastAccessTime.dwHighDateTime=0x1d32723, ftLastWriteTime.dwLowDateTime=0x77356b64, ftLastWriteTime.dwHighDateTime=0x1d32793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0137.915] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0137.915] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.915] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x4c150294, ftCreationTime.dwHighDateTime=0x1d32723, ftLastAccessTime.dwLowDateTime=0x4c150294, ftLastAccessTime.dwHighDateTime=0x1d32723, ftLastWriteTime.dwLowDateTime=0x77356b64, ftLastWriteTime.dwHighDateTime=0x1d32793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.915] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.915] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.915] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x4c150294, ftCreationTime.dwHighDateTime=0x1d32723, ftLastAccessTime.dwLowDateTime=0x4c150294, ftLastAccessTime.dwHighDateTime=0x1d32723, ftLastWriteTime.dwLowDateTime=0x4c150294, ftLastWriteTime.dwHighDateTime=0x1d32723, nFileSizeHigh=0x0, nFileSizeLow=0x38, dwReserved0=0x0, dwReserved1=0x0, cFileName="4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71", cAlternateFileName="4ECCD1~1")) returned 1 [0137.915] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.915] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.915] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x4c150294, ftCreationTime.dwHighDateTime=0x1d32723, ftLastAccessTime.dwLowDateTime=0x4c150294, ftLastAccessTime.dwHighDateTime=0x1d32723, ftLastWriteTime.dwLowDateTime=0x4c150294, ftLastWriteTime.dwHighDateTime=0x1d32723, nFileSizeHigh=0x0, nFileSizeLow=0x38, dwReserved0=0x0, dwReserved1=0x0, cFileName="4eccd106f69e31c1b12304e5463bb71d_33d770d0-06bc-47c5-8714-222cdac43a71", cAlternateFileName="4ECCD1~1")) returned 0 [0137.915] GetLastError () returned 0x12 [0137.915] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0137.915] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x4c150294, ftCreationTime.dwHighDateTime=0x1d32723, ftLastAccessTime.dwLowDateTime=0x4c150294, ftLastAccessTime.dwHighDateTime=0x1d32723, ftLastWriteTime.dwLowDateTime=0x4c150294, ftLastWriteTime.dwHighDateTime=0x1d32723, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 0 [0137.916] GetLastError () returned 0x12 [0137.916] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0137.916] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcc3cbc1c, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcc3cbc1c, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xfe648d52, ftLastWriteTime.dwHighDateTime=0x1d32770, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemKeys", cAlternateFileName="SYSTEM~1")) returned 1 [0137.916] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.916] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.916] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Crypto\\SystemKeys\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcc3cbc1c, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcc3cbc1c, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x7737cd02, ftLastWriteTime.dwHighDateTime=0x1d32793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6a8 [0137.919] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0137.919] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.919] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcc3cbc1c, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcc3cbc1c, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0x7737cd02, ftLastWriteTime.dwHighDateTime=0x1d32793, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.919] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.919] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.919] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0xcc3cbc1c, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcc3cbc1c, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xcc464582, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0x0, dwReserved1=0x0, cFileName="7092289d2be9a3ebf1065d0f1c678ab6_e8d761b7-8a68-4187-8c95-75a3788ac267", cAlternateFileName="709228~1")) returned 1 [0137.919] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.919] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.920] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x1b8875cb, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x1b8875cb, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x1b8875cb, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0x0, dwReserved1=0x0, cFileName="d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71", cAlternateFileName="D20D9E~1")) returned 1 [0137.920] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.920] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.920] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x1b8875cb, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x1b8875cb, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x1b8875cb, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0x0, dwReserved1=0x0, cFileName="d20d9e7d1dcddc105a0d5e00d5e1ad30_33d770d0-06bc-47c5-8714-222cdac43a71", cAlternateFileName="D20D9E~1")) returned 0 [0137.920] GetLastError () returned 0x12 [0137.920] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0137.921] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcc3cbc1c, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xcc3cbc1c, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xfe648d52, ftLastWriteTime.dwHighDateTime=0x1d32770, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemKeys", cAlternateFileName="SYSTEM~1")) returned 0 [0137.921] GetLastError () returned 0x12 [0137.921] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0137.921] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4badec, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c6f037, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DataMart", cAlternateFileName="")) returned 1 [0137.921] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0137.922] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0137.922] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DataMart\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4badec, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c6f037, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0137.922] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0137.922] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.923] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4badec, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c6f037, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.923] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.923] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.923] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4bb986, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c6f037, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PaidWiFi", cAlternateFileName="")) returned 1 [0137.923] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.923] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.923] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DataMart\\PaidWiFi\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4bb986, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c6f037, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0137.923] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0137.923] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.923] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4bb986, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c6f037, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.923] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.923] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.923] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4bb986, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c6f037, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0137.923] GetLastError () returned 0x12 [0137.923] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0137.923] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4bb986, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c6f037, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PaidWiFi", cAlternateFileName="")) returned 0 [0137.923] GetLastError () returned 0x12 [0137.924] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0137.924] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4bc8c7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device Stage", cAlternateFileName="DEVICE~1")) returned 1 [0137.924] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0137.924] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0137.924] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4bc8c7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0137.924] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0137.924] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.924] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4bc8c7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.924] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.924] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.924] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4bd6f2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device", cAlternateFileName="")) returned 1 [0137.924] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.924] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.924] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4bd6f2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0137.925] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0137.925] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.925] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c6f037, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd4bd6f2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.925] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.925] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.926] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd55373b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a8653f0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{113527a4-45d4-4b6f-b567-97838f1b04b0}", cAlternateFileName="{11352~1")) returned 1 [0137.926] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.926] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.926] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd55373b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a8653f0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0137.980] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0137.980] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.981] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd55373b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a8653f0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.981] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.981] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.981] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62062b13, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62062b13, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62062b13, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0137.981] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.981] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.981] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62062b13, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62062b13, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62062b13, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xb61, dwReserved0=0x0, dwReserved1=0x0, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0137.981] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.981] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.981] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62062b13, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62062b13, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62062b13, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xadc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="device.png", cAlternateFileName="")) returned 1 [0137.981] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.981] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.981] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62088d76, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62088d76, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62088d76, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="overlay.png", cAlternateFileName="")) returned 1 [0137.981] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.981] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.981] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62062b13, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62062b13, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62062b13, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="superbar.png", cAlternateFileName="")) returned 1 [0137.981] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.981] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.981] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62062b13, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62062b13, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62062b13, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x99d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="superbar.png", cAlternateFileName="")) returned 0 [0137.982] GetLastError () returned 0x12 [0137.982] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0137.982] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd554496, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a8653f0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 1 [0137.982] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.982] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.983] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd554496, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a8653f0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0137.983] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0137.983] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.983] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd554496, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a8653f0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.983] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.983] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.983] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4933c6a8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4933c6a8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1fad1, dwReserved0=0x0, dwReserved1=0x0, cFileName="background.png", cAlternateFileName="")) returned 1 [0137.983] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.983] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.983] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4933c6a8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4933c6a8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x6cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="behavior.xml", cAlternateFileName="")) returned 1 [0137.983] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.983] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.983] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4933c6a8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4933c6a8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="watermark.png", cAlternateFileName="")) returned 1 [0137.983] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.983] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.983] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4933c6a8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4933c6a8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x70c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="watermark.png", cAlternateFileName="")) returned 0 [0137.984] GetLastError () returned 0x12 [0137.984] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0137.984] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd554496, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a8653f0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8702d817-5aad-4674-9ef3-4d3decd87120}", cAlternateFileName="{8702D~1")) returned 0 [0137.984] GetLastError () returned 0x12 [0137.984] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0137.984] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd555071, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Task", cAlternateFileName="")) returned 1 [0137.984] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0137.984] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0137.984] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd555071, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0137.984] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0137.984] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.984] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd555071, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.984] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.984] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.984] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd5f4a5c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b27bb25, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}", cAlternateFileName="{07DEB~1")) returned 1 [0137.984] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.984] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.985] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd5f4a5c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b27bb25, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0137.987] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0137.987] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.987] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd5f4a5c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b27bb25, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.987] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.988] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.988] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b27bb25, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbd5f5c36, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b27bb25, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0137.988] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.988] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.988] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0137.988] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0137.988] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0137.988] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\\en-US\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b27bb25, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbd5f5c36, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b27bb25, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0137.988] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0137.988] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.988] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b27bb25, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbd5f5c36, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b27bb25, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.988] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.988] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.988] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3de910b4, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x755f99d9, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x11db3100, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0137.988] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.988] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.988] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="resource.xml", cchCount2=8) returned 1 [0137.988] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="resource.xml", cchCount2=4) returned 1 [0137.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="resource.xml", cchCount2=8) returned 1 [0137.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="resource.xml", cchCount2=4) returned 1 [0137.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="resource.xml", cchCount2=8) returned 1 [0137.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="resource.xml", cchCount2=4) returned 1 [0137.989] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3de910b4, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x755f99d9, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x11db3100, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0137.989] GetLastError () returned 0x12 [0137.989] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0137.989] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49316445, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x49316445, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x49316445, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0137.989] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.989] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.989] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49316445, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x49316445, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x72ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="netfol.ico", cAlternateFileName="")) returned 1 [0137.989] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.989] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.989] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4933c6a8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4933c6a8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x14668, dwReserved0=0x0, dwReserved1=0x0, cFileName="pictures.ico", cAlternateFileName="")) returned 1 [0137.989] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.989] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.989] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49362917, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x49362917, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x49362917, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x536, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0137.989] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.989] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="resource.xml", cchCount2=8) returned 1 [0137.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="resource.xml", cchCount2=4) returned 1 [0137.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="resource.xml", cchCount2=8) returned 1 [0137.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="resource.xml", cchCount2=4) returned 1 [0137.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="resource.xml", cchCount2=8) returned 1 [0137.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="resource.xml", cchCount2=4) returned 1 [0137.990] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4933c6a8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4933c6a8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xcaa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="ringtones.ico", cAlternateFileName="")) returned 1 [0137.990] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.990] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.990] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4933c6a8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4933c6a8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x10850, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.ico", cAlternateFileName="")) returned 1 [0137.990] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.990] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.990] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4933c6a8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4933c6a8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xc04b, dwReserved0=0x0, dwReserved1=0x0, cFileName="sync.ico", cAlternateFileName="")) returned 1 [0137.990] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.990] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.990] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49316445, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x49316445, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x49316445, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x2aff, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0137.990] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.990] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="tasks.xml", cchCount2=8) returned 1 [0137.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="tasks.xml", cchCount2=4) returned 1 [0137.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="tasks.xml", cchCount2=8) returned 1 [0137.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="tasks.xml", cchCount2=4) returned 1 [0137.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="tasks.xml", cchCount2=8) returned 1 [0137.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="tasks.xml", cchCount2=4) returned 1 [0137.990] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4933c6a8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4933c6a8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmp.ico", cAlternateFileName="")) returned 1 [0137.990] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.990] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.991] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4933c6a8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4933c6a8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1b9f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="wmp.ico", cAlternateFileName="")) returned 0 [0137.991] GetLastError () returned 0x12 [0137.991] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0137.991] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd64a757, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 1 [0137.991] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0137.991] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0137.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cchCount2=8) returned 1 [0137.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cchCount2=4) returned 1 [0137.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cchCount2=8) returned 1 [0137.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cchCount2=4) returned 1 [0137.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cchCount2=8) returned 1 [0137.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cchCount2=4) returned 1 [0137.991] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd64a757, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0137.993] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0137.993] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.993] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd64a757, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.994] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.994] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.994] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b2a1d79, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbd64b86a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0137.994] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.994] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.994] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0137.994] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0137.994] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0137.994] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Task\\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\\en-US\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b2a1d79, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbd64b86a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0137.994] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0137.995] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.995] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b2a1d79, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xbd64b86a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.995] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.995] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.995] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bf64479, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x781a2192, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x549d0900, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 1 [0137.995] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0137.995] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0137.995] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="resource.xml", cchCount2=8) returned 1 [0137.995] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="resource.xml", cchCount2=4) returned 1 [0137.995] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="resource.xml", cchCount2=8) returned 1 [0137.995] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="resource.xml", cchCount2=4) returned 1 [0137.995] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="resource.xml", cchCount2=8) returned 1 [0137.995] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="resource.xml", cchCount2=4) returned 1 [0137.995] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bf64479, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x781a2192, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x549d0900, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x5e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="resource.xml", cAlternateFileName="")) returned 0 [0137.995] GetLastError () returned 0x12 [0137.996] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0137.996] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62062b13, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62062b13, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62062b13, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xd0a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0137.996] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.996] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.996] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62088d76, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62088d76, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62088d76, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xe3c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_pref.ico", cAlternateFileName="")) returned 1 [0137.996] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.996] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.996] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62062b13, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62062b13, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62062b13, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xebb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_property.ico", cAlternateFileName="")) returned 1 [0137.996] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.996] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.996] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62088d76, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62088d76, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62088d76, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xdff5, dwReserved0=0x0, dwReserved1=0x0, cFileName="print_queue.ico", cAlternateFileName="")) returned 1 [0137.996] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.996] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.997] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62088d76, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62088d76, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62088d76, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xec75, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_.ico", cAlternateFileName="")) returned 1 [0137.997] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.997] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.997] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62088d76, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62088d76, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62088d76, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x10654, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_property.ico", cAlternateFileName="")) returned 1 [0137.997] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.997] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.997] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62062b13, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62062b13, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62062b13, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xf8c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="scan_settings.ico", cAlternateFileName="")) returned 1 [0137.997] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.997] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.997] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62062b13, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62062b13, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62062b13, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 1 [0137.997] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0137.997] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0137.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="tasks.xml", cchCount2=8) returned 1 [0137.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="tasks.xml", cchCount2=4) returned 1 [0137.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="tasks.xml", cchCount2=8) returned 1 [0137.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="tasks.xml", cchCount2=4) returned 1 [0137.998] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="tasks.xml", cchCount2=8) returned 1 [0137.998] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="tasks.xml", cchCount2=4) returned 1 [0137.998] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62062b13, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62062b13, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62062b13, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x2c64, dwReserved0=0x0, dwReserved1=0x0, cFileName="tasks.xml", cAlternateFileName="")) returned 0 [0137.998] GetLastError () returned 0x12 [0137.998] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0137.998] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd64a757, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{e35be42d-f742-4d96-a50a-1775fb1a7a42}", cAlternateFileName="{E35BE~1")) returned 0 [0137.998] GetLastError () returned 0x12 [0137.998] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0137.998] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd555071, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Task", cAlternateFileName="")) returned 0 [0137.998] GetLastError () returned 0x12 [0137.998] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0137.998] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd64c64e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeviceSync", cAlternateFileName="DEVICE~2")) returned 1 [0137.998] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0137.998] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0137.998] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeviceSync", cchCount2=8) returned 1 [0137.999] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeviceSync", cchCount2=4) returned 1 [0137.999] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeviceSync", cchCount2=8) returned 1 [0137.999] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeviceSync", cchCount2=4) returned 1 [0137.999] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DeviceSync", cchCount2=8) returned 1 [0137.999] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DeviceSync", cchCount2=4) returned 1 [0137.999] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DeviceSync\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd64c64e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0138.001] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0138.001] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.001] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd64c64e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.001] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.001] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.001] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd64c64e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0138.001] GetLastError () returned 0x12 [0138.001] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.001] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb85cc8d2, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb85cc8d2, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Diagnosis", cAlternateFileName="DIAGNO~1")) returned 1 [0138.001] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0138.001] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0138.002] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Diagnosis", cchCount2=8) returned 1 [0138.002] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Diagnosis", cchCount2=4) returned 1 [0138.002] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Diagnosis", cchCount2=8) returned 1 [0138.002] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Diagnosis", cchCount2=4) returned 1 [0138.002] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Diagnosis", cchCount2=8) returned 1 [0138.002] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Diagnosis", cchCount2=4) returned 1 [0138.002] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb85cc8d2, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb85cc8d2, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0138.004] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0138.004] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.004] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb85cc8d2, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb85cc8d2, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.005] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.005] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.005] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd69d545, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AsimovUploader", cAlternateFileName="ASIMOV~1")) returned 1 [0138.005] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.005] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.005] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="AsimovUploader", cchCount2=8) returned 1 [0138.005] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AsimovUploader", cchCount2=4) returned 1 [0138.005] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="AsimovUploader", cchCount2=8) returned 1 [0138.005] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AsimovUploader", cchCount2=4) returned 1 [0138.005] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="AsimovUploader", cchCount2=8) returned 1 [0138.005] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AsimovUploader", cchCount2=4) returned 1 [0138.005] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\AsimovUploader\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd69d545, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0138.005] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0138.005] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.005] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd69d545, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.005] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.006] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.006] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd69d545, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0138.006] GetLastError () returned 0x12 [0138.006] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.006] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd69d9a4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a88b65e, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DownloadedScenarios", cAlternateFileName="DOWNLO~1")) returned 1 [0138.006] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.006] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.006] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DownloadedScenarios", cchCount2=8) returned 1 [0138.006] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DownloadedScenarios", cchCount2=4) returned 1 [0138.006] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DownloadedScenarios", cchCount2=8) returned 1 [0138.006] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DownloadedScenarios", cchCount2=4) returned 1 [0138.006] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DownloadedScenarios", cchCount2=8) returned 1 [0138.006] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DownloadedScenarios", cchCount2=4) returned 1 [0138.006] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedScenarios\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd69d9a4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a88b65e, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0138.006] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0138.007] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.007] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd69d9a4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a88b65e, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.007] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.007] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.007] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a88b65e, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc5eab1ff, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0xc5eab1ff, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x9d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="windows.uif_ondemand.xml.inbox", cAlternateFileName="WINDOW~1.INB")) returned 1 [0138.007] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.007] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.007] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a88b65e, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc5eab1ff, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0xc5eab1ff, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x9d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="windows.uif_ondemand.xml.inbox", cAlternateFileName="WINDOW~1.INB")) returned 0 [0138.007] GetLastError () returned 0x12 [0138.007] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.007] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x4d8e7d9f, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x4d8e7d9f, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DownloadedSettings", cAlternateFileName="DOWNLO~2")) returned 1 [0138.007] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.007] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.007] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DownloadedSettings", cchCount2=8) returned 1 [0138.007] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DownloadedSettings", cchCount2=4) returned 1 [0138.007] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DownloadedSettings", cchCount2=8) returned 1 [0138.007] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DownloadedSettings", cchCount2=4) returned 1 [0138.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DownloadedSettings", cchCount2=8) returned 1 [0138.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DownloadedSettings", cchCount2=4) returned 1 [0138.008] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\DownloadedSettings\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x4d8e7d9f, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x4d8e7d9f, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0138.011] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0138.011] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.011] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x4d8e7d9f, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x4d8e7d9f, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.011] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.011] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.011] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x69d9f6fd, ftCreationTime.dwHighDateTime=0x1d336d8, ftLastAccessTime.dwLowDateTime=0x69d9f6fd, ftLastAccessTime.dwHighDateTime=0x1d336d8, ftLastWriteTime.dwLowDateTime=0x69e5dfd5, ftLastWriteTime.dwHighDateTime=0x1d336d8, nFileSizeHigh=0x0, nFileSizeLow=0x623b, dwReserved0=0x0, dwReserved1=0x0, cFileName="telemetry.ASM-WindowsDefault.json", cAlternateFileName="TELEME~1.JSO")) returned 1 [0138.011] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.011] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.011] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a8b18c4, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc5eab1ff, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0xc5eab1ff, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x44f, dwReserved0=0x0, dwReserved1=0x0, cFileName="telemetry.ASM-WindowsDefault.json.bk", cAlternateFileName="TELEME~1.BK")) returned 1 [0138.011] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.012] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.012] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0xb0c71bce, ftCreationTime.dwHighDateTime=0x1d327be, ftLastAccessTime.dwLowDateTime=0xb0c71bce, ftLastAccessTime.dwHighDateTime=0x1d327be, ftLastWriteTime.dwLowDateTime=0xb0fb9083, ftLastWriteTime.dwHighDateTime=0x1d327be, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="TELEMETRY.ASM-WINDOWSSQ.json", cAlternateFileName="TELEME~4.JSO")) returned 1 [0138.012] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.012] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.012] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x2d95e660, ftCreationTime.dwHighDateTime=0x1d336e0, ftLastAccessTime.dwLowDateTime=0x2d95e660, ftLastAccessTime.dwHighDateTime=0x1d336e0, ftLastWriteTime.dwLowDateTime=0x2e6edc8f, ftLastWriteTime.dwHighDateTime=0x1d336e0, nFileSizeHigh=0x0, nFileSizeLow=0x90, dwReserved0=0x0, dwReserved1=0x0, cFileName="telemetry.P-ARIA-194626ba46434f9ab441dd7ebda2aa64-5f64bebb-ac28-4cc7-bd52-570c8fe077c9-7717.json", cAlternateFileName="TEA386~1.JSO")) returned 1 [0138.012] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.012] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.012] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7ea85252, ftCreationTime.dwHighDateTime=0x1d327b6, ftLastAccessTime.dwLowDateTime=0x7ea85252, ftLastAccessTime.dwHighDateTime=0x1d327b6, ftLastWriteTime.dwLowDateTime=0x7f139471, ftLastWriteTime.dwHighDateTime=0x1d327b6, nFileSizeHigh=0x0, nFileSizeLow=0x90, dwReserved0=0x0, dwReserved1=0x0, cFileName="telemetry.P-ARIA-31f8f00f75ee43d4996762625b6917f2-ce77d96f-eec8-4063-a05a-09720f5bbf1b-7138.json", cAlternateFileName="TELEME~2.JSO")) returned 1 [0138.012] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.012] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.013] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7f139471, ftCreationTime.dwHighDateTime=0x1d327b6, ftLastAccessTime.dwLowDateTime=0x7f139471, ftLastAccessTime.dwHighDateTime=0x1d327b6, ftLastWriteTime.dwLowDateTime=0x7f4f45ae, ftLastWriteTime.dwHighDateTime=0x1d327b6, nFileSizeHigh=0x0, nFileSizeLow=0x90, dwReserved0=0x0, dwReserved1=0x0, cFileName="telemetry.P-ARIA-5476d0c4a7a347909c4b8a13078d4390-f8bdcecf-243f-40f8-b7c3-b9c44a57dead-7230.json", cAlternateFileName="TELEME~3.JSO")) returned 1 [0138.013] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.013] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.013] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x698688ac, ftCreationTime.dwHighDateTime=0x1d336d8, ftLastAccessTime.dwLowDateTime=0x698688ac, ftLastAccessTime.dwHighDateTime=0x1d336d8, ftLastWriteTime.dwLowDateTime=0x69d06e63, ftLastWriteTime.dwHighDateTime=0x1d336d8, nFileSizeHigh=0x0, nFileSizeLow=0xba4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="utc.app.json", cAlternateFileName="UTCAPP~1.JSO")) returned 1 [0138.013] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.013] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.013] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a8b18c4, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc5eab1ff, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0xc5ed1465, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x67f, dwReserved0=0x0, dwReserved1=0x0, cFileName="utc.app.json.bk", cAlternateFileName="UTCAPP~1.BK")) returned 1 [0138.013] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.013] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.013] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7e8bf97d, ftCreationTime.dwHighDateTime=0x1d327b6, ftLastAccessTime.dwLowDateTime=0x7e8bf97d, ftLastAccessTime.dwHighDateTime=0x1d327b6, ftLastWriteTime.dwLowDateTime=0x7ea85252, ftLastWriteTime.dwHighDateTime=0x1d327b6, nFileSizeHigh=0x0, nFileSizeLow=0x8e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="utc.cert.json", cAlternateFileName="UTCCER~1.JSO")) returned 1 [0138.013] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.013] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.013] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x120, ftCreationTime.dwLowDateTime=0x7e8bf97d, ftCreationTime.dwHighDateTime=0x1d327b6, ftLastAccessTime.dwLowDateTime=0x7e8bf97d, ftLastAccessTime.dwHighDateTime=0x1d327b6, ftLastWriteTime.dwLowDateTime=0x7ea85252, ftLastWriteTime.dwHighDateTime=0x1d327b6, nFileSizeHigh=0x0, nFileSizeLow=0x8e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="utc.cert.json", cAlternateFileName="UTCCER~1.JSO")) returned 0 [0138.014] GetLastError () returned 0x12 [0138.014] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0138.015] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x8e23c06e, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x8e23c06e, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ETLLogs", cAlternateFileName="")) returned 1 [0138.015] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.015] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ETLLogs", cchCount2=4) returned 1 [0138.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ETLLogs", cchCount2=4) returned 1 [0138.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ETLLogs", cchCount2=4) returned 1 [0138.015] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x8e23c06e, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x8e23c06e, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0138.133] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0138.133] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.134] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x8e23c06e, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x8e23c06e, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.134] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.134] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.134] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x2d5cadbc, ftLastAccessTime.dwHighDateTime=0x1d336e0, ftLastWriteTime.dwLowDateTime=0x2d5cadbc, ftLastWriteTime.dwHighDateTime=0x1d336e0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutoLogger", cAlternateFileName="AUTOLO~1")) returned 1 [0138.134] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.134] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.134] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="AutoLogger", cchCount2=8) returned 1 [0138.134] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AutoLogger", cchCount2=4) returned 1 [0138.134] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="AutoLogger", cchCount2=8) returned 1 [0138.134] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AutoLogger", cchCount2=4) returned 1 [0138.134] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="AutoLogger", cchCount2=8) returned 1 [0138.134] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AutoLogger", cchCount2=4) returned 1 [0138.134] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\AutoLogger\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x2d5cadbc, ftLastAccessTime.dwHighDateTime=0x1d336e0, ftLastWriteTime.dwLowDateTime=0xcd8d859b, ftLastWriteTime.dwHighDateTime=0x1d34734, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0138.135] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0138.135] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0138.137] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x2d5cadbc, ftLastAccessTime.dwHighDateTime=0x1d336e0, ftLastWriteTime.dwLowDateTime=0xcd8d859b, ftLastWriteTime.dwHighDateTime=0x1d34734, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.137] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0138.137] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0138.137] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcd8d859b, ftCreationTime.dwHighDateTime=0x1d34734, ftLastAccessTime.dwLowDateTime=0xcd8d859b, ftLastAccessTime.dwHighDateTime=0x1d34734, ftLastWriteTime.dwLowDateTime=0x6d79fcc6, ftLastWriteTime.dwHighDateTime=0x1d5e877, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutoLogger-Diagtrack-Listener.etl", cAlternateFileName="AUTOLO~1.ETL")) returned 1 [0138.137] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0138.137] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0138.138] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcd8d859b, ftCreationTime.dwHighDateTime=0x1d34734, ftLastAccessTime.dwLowDateTime=0xcd8d859b, ftLastAccessTime.dwHighDateTime=0x1d34734, ftLastWriteTime.dwLowDateTime=0x6d79fcc6, ftLastWriteTime.dwHighDateTime=0x1d5e877, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutoLogger-Diagtrack-Listener.etl", cAlternateFileName="AUTOLO~1.ETL")) returned 0 [0138.138] GetLastError () returned 0x12 [0138.138] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0138.138] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd69f80c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ScenarioShutdownLogger", cAlternateFileName="SCENAR~1")) returned 1 [0138.138] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.138] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.138] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ScenarioShutdownLogger", cchCount2=8) returned 1 [0138.138] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ScenarioShutdownLogger", cchCount2=4) returned 1 [0138.138] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ScenarioShutdownLogger", cchCount2=8) returned 1 [0138.138] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ScenarioShutdownLogger", cchCount2=4) returned 1 [0138.138] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ScenarioShutdownLogger", cchCount2=8) returned 1 [0138.138] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ScenarioShutdownLogger", cchCount2=4) returned 1 [0138.138] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ScenarioShutdownLogger\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd69f80c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0138.139] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0138.139] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0138.139] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd69f80c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.139] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0138.139] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0138.139] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd69f80c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0138.139] GetLastError () returned 0x12 [0138.139] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.139] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x2d6afbff, ftLastAccessTime.dwHighDateTime=0x1d336e0, ftLastWriteTime.dwLowDateTime=0x2d6afbff, ftLastWriteTime.dwHighDateTime=0x1d336e0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShutdownLogger", cAlternateFileName="SHUTDO~1")) returned 1 [0138.139] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.140] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ShutdownLogger", cchCount2=8) returned 1 [0138.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ShutdownLogger", cchCount2=4) returned 1 [0138.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ShutdownLogger", cchCount2=8) returned 1 [0138.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ShutdownLogger", cchCount2=4) returned 1 [0138.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ShutdownLogger", cchCount2=8) returned 1 [0138.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ShutdownLogger", cchCount2=4) returned 1 [0138.140] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\ETLLogs\\ShutdownLogger\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x2d6afbff, ftLastAccessTime.dwHighDateTime=0x1d336e0, ftLastWriteTime.dwLowDateTime=0xb855a1cd, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0138.141] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0138.141] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0138.141] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x2d6afbff, ftLastAccessTime.dwHighDateTime=0x1d336e0, ftLastWriteTime.dwLowDateTime=0xb855a1cd, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.141] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0138.141] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0138.141] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb855a1cd, ftCreationTime.dwHighDateTime=0x1d33839, ftLastAccessTime.dwLowDateTime=0xb855a1cd, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xbc623573, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutoLogger-Diagtrack-Listener.etl", cAlternateFileName="AUTOLO~1.ETL")) returned 1 [0138.141] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0138.141] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0138.142] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb855a1cd, ftCreationTime.dwHighDateTime=0x1d33839, ftLastAccessTime.dwLowDateTime=0xb855a1cd, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xbc623573, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutoLogger-Diagtrack-Listener.etl", cAlternateFileName="AUTOLO~1.ETL")) returned 0 [0138.142] GetLastError () returned 0x12 [0138.142] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0138.142] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x2d6afbff, ftLastAccessTime.dwHighDateTime=0x1d336e0, ftLastWriteTime.dwLowDateTime=0x2d6afbff, ftLastWriteTime.dwHighDateTime=0x1d336e0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShutdownLogger", cAlternateFileName="SHUTDO~1")) returned 0 [0138.142] GetLastError () returned 0x12 [0138.142] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.142] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b60b8d0, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8b60b8d0, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x29662597, ftLastWriteTime.dwHighDateTime=0x1d336e0, nFileSizeHigh=0x0, nFileSizeLow=0x666666, dwReserved0=0x0, dwReserved1=0x0, cFileName="Events_CostDeferred.rbs", cAlternateFileName="EVENTS~3.RBS")) returned 1 [0138.142] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.142] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.142] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b5e567a, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8b5e567a, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x29662597, ftLastWriteTime.dwHighDateTime=0x1d336e0, nFileSizeHigh=0x0, nFileSizeLow=0x1000000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Events_Normal.rbs", cAlternateFileName="EVENTS~1.RBS")) returned 1 [0138.142] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.142] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.143] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b60b8d0, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8b60b8d0, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x29662597, ftLastWriteTime.dwHighDateTime=0x1d336e0, nFileSizeHigh=0x0, nFileSizeLow=0x666666, dwReserved0=0x0, dwReserved1=0x0, cFileName="Events_NormalCritical.rbs", cAlternateFileName="EVENTS~2.RBS")) returned 1 [0138.143] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.143] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.143] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b60b8d0, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8b60b8d0, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x29662597, ftLastWriteTime.dwHighDateTime=0x1d336e0, nFileSizeHigh=0x0, nFileSizeLow=0x333333, dwReserved0=0x0, dwReserved1=0x0, cFileName="Events_Realtime.rbs", cAlternateFileName="EVENTS~4.RBS")) returned 1 [0138.143] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.143] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.143] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a029c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalTraceStore", cAlternateFileName="LOCALT~1")) returned 1 [0138.143] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.143] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="LocalTraceStore", cchCount2=8) returned 1 [0138.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="LocalTraceStore", cchCount2=4) returned 1 [0138.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="LocalTraceStore", cchCount2=8) returned 1 [0138.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="LocalTraceStore", cchCount2=4) returned 1 [0138.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="LocalTraceStore", cchCount2=8) returned 1 [0138.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="LocalTraceStore", cchCount2=4) returned 1 [0138.143] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\LocalTraceStore\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a029c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0138.144] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0138.144] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.144] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a029c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.144] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.144] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.144] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a029c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0138.144] GetLastError () returned 0x12 [0138.144] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.144] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a3dd985, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8a3dd985, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x28facbb4, ftLastWriteTime.dwHighDateTime=0x1d336e0, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x0, cFileName="osver.txt", cAlternateFileName="")) returned 1 [0138.144] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.144] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="osver.txt", cchCount2=8) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="osver.txt", cchCount2=4) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="osver.txt", cchCount2=8) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="osver.txt", cchCount2=4) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="osver.txt", cchCount2=8) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="osver.txt", cchCount2=4) returned 1 [0138.145] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8bfbb1de, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8bfbb1de, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8bfbb1de, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="parse.dat", cAlternateFileName="")) returned 1 [0138.145] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.145] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="parse.dat", cchCount2=8) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="parse.dat", cchCount2=4) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="parse.dat", cchCount2=8) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="parse.dat", cchCount2=4) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="parse.dat", cchCount2=8) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="parse.dat", cchCount2=4) returned 1 [0138.145] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a06c3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sideload", cAlternateFileName="")) returned 1 [0138.145] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.145] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Sideload", cchCount2=8) returned 1 [0138.146] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Sideload", cchCount2=4) returned 1 [0138.146] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Sideload", cchCount2=8) returned 1 [0138.146] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Sideload", cchCount2=4) returned 1 [0138.146] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Sideload", cchCount2=8) returned 1 [0138.146] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Sideload", cchCount2=4) returned 1 [0138.146] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\Sideload\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a06c3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0138.146] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0138.146] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.146] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a06c3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.146] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.146] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.147] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a06c3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0138.147] GetLastError () returned 0x12 [0138.147] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.147] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a0bca, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Siufloc", cAlternateFileName="")) returned 1 [0138.147] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.147] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Siufloc", cchCount2=4) returned 1 [0138.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Siufloc", cchCount2=4) returned 1 [0138.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Siufloc", cchCount2=4) returned 1 [0138.147] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\Siufloc\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a0bca, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0138.147] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0138.147] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.147] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a0bca, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.148] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.148] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.148] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd6a0bca, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0138.148] GetLastError () returned 0x12 [0138.148] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0138.148] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x4ddac897, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x4e4cb173, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SoftLanding", cAlternateFileName="SOFTLA~1")) returned 1 [0138.148] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.148] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SoftLanding", cchCount2=8) returned 1 [0138.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SoftLanding", cchCount2=4) returned 1 [0138.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SoftLanding", cchCount2=8) returned 1 [0138.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SoftLanding", cchCount2=4) returned 1 [0138.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SoftLanding", cchCount2=8) returned 1 [0138.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SoftLanding", cchCount2=4) returned 1 [0138.149] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x4ddac897, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x4e4cb173, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0138.152] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0138.152] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.152] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x4ddac897, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x4e4cb173, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.153] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.153] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.153] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8bfa790, ftCreationTime.dwHighDateTime=0x1d327b4, ftLastAccessTime.dwLowDateTime=0x4de62c84, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x840fae4f, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x41c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml", cAlternateFileName="03D1E1~1.XML")) returned 1 [0138.153] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.153] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml", cchCount2=8) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml", cchCount2=4) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml", cchCount2=8) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml", cchCount2=4) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml", cchCount2=8) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_show.xml", cchCount2=4) returned 1 [0138.154] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8c20a14, ftCreationTime.dwHighDateTime=0x1d327b4, ftLastAccessTime.dwLowDateTime=0x4defb5dd, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x840fae4f, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x441b, dwReserved0=0x0, dwReserved1=0x0, cFileName="03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml", cAlternateFileName="03D1E1~2.XML")) returned 1 [0138.154] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.154] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml", cchCount2=8) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml", cchCount2=4) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml", cchCount2=8) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml", cchCount2=4) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml", cchCount2=8) returned 1 [0138.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="03d1e1da-f580-45d7-afdd-3598ed7cdba4_withdraw.xml", cchCount2=4) returned 1 [0138.154] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7750111, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4df6de00, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb8128f6c, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x4180, dwReserved0=0x0, dwReserved1=0x0, cFileName="394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml", cAlternateFileName="394B7B~1.XML")) returned 1 [0138.154] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.154] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml", cchCount2=8) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml", cchCount2=4) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml", cchCount2=8) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml", cchCount2=4) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml", cchCount2=8) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_show.xml", cchCount2=4) returned 1 [0138.155] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7750111, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e006640, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb5c02e23, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x4187, dwReserved0=0x0, dwReserved1=0x0, cFileName="394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml", cAlternateFileName="394B7B~2.XML")) returned 1 [0138.155] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.155] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml", cchCount2=8) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml", cchCount2=4) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml", cchCount2=8) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml", cchCount2=4) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml", cchCount2=8) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="394b7b36-41b9-4032-9875-c0240ca5a7f5_withdraw.xml", cchCount2=4) returned 1 [0138.155] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8c46c2e, ftCreationTime.dwHighDateTime=0x1d327b4, ftLastAccessTime.dwLowDateTime=0x4e09efaa, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x8625bd94, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x4360, dwReserved0=0x0, dwReserved1=0x0, cFileName="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml", cAlternateFileName="75EF5B~1.XML")) returned 1 [0138.155] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.155] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml", cchCount2=8) returned 1 [0138.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml", cchCount2=4) returned 1 [0138.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml", cchCount2=8) returned 1 [0138.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml", cchCount2=4) returned 1 [0138.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml", cchCount2=8) returned 1 [0138.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_show.xml", cchCount2=4) returned 1 [0138.156] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8c46c2e, ftCreationTime.dwHighDateTime=0x1d327b4, ftLastAccessTime.dwLowDateTime=0x4e0c51fa, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x86556ca1, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x4473, dwReserved0=0x0, dwReserved1=0x0, cFileName="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml", cAlternateFileName="75EF5B~2.XML")) returned 1 [0138.156] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.156] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml", cchCount2=8) returned 1 [0138.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml", cchCount2=4) returned 1 [0138.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml", cchCount2=8) returned 1 [0138.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml", cchCount2=4) returned 1 [0138.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml", cchCount2=8) returned 1 [0138.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="75ef5b41-571d-4a4b-92bb-8b9f7fdc831f_withdraw.xml", cchCount2=4) returned 1 [0138.156] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7776347, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e15dbbf, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xbbc2bb3b, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x418e, dwReserved0=0x0, dwReserved1=0x0, cFileName="9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml", cAlternateFileName="9984EC~1.XML")) returned 1 [0138.156] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.156] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml", cchCount2=8) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml", cchCount2=4) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml", cchCount2=8) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml", cchCount2=4) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml", cchCount2=8) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_show.xml", cchCount2=4) returned 1 [0138.157] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7776347, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e1f64ee, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xbbb6d045, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x418c, dwReserved0=0x0, dwReserved1=0x0, cFileName="9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml", cAlternateFileName="9984EC~2.XML")) returned 1 [0138.157] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.157] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml", cchCount2=8) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml", cchCount2=4) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml", cchCount2=8) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml", cchCount2=4) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml", cchCount2=8) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="9984ecc0-931c-4feb-8996-203a6ffaa852_withdraw.xml", cchCount2=4) returned 1 [0138.157] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc779c570, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e24298b, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb9eacc8c, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x433c, dwReserved0=0x0, dwReserved1=0x0, cFileName="acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml", cAlternateFileName="ACAE42~1.XML")) returned 1 [0138.157] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.157] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml", cchCount2=8) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml", cchCount2=4) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml", cchCount2=8) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml", cchCount2=4) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml", cchCount2=8) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_show.xml", cchCount2=4) returned 1 [0138.158] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc779c570, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e28ee3c, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xba09c6cc, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x443f, dwReserved0=0x0, dwReserved1=0x0, cFileName="acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml", cAlternateFileName="ACAE42~2.XML")) returned 1 [0138.158] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.158] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml", cchCount2=8) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml", cchCount2=4) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml", cchCount2=8) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml", cchCount2=4) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml", cchCount2=8) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="acae4208-0ac4-4ef7-ac45-bb688b09e559_withdraw.xml", cchCount2=4) returned 1 [0138.158] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc779c570, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e2b5071, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb8d3a091, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x442d, dwReserved0=0x0, dwReserved1=0x0, cFileName="c0802597-6174-487a-b7de-20e8b1aa384e_show.xml", cAlternateFileName="C08025~1.XML")) returned 1 [0138.158] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.158] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_show.xml", cchCount2=8) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_show.xml", cchCount2=4) returned 1 [0138.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_show.xml", cchCount2=8) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_show.xml", cchCount2=4) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_show.xml", cchCount2=8) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_show.xml", cchCount2=4) returned 1 [0138.159] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc77c27a6, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e2db2dd, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb8c553ea, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x4187, dwReserved0=0x0, dwReserved1=0x0, cFileName="c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml", cAlternateFileName="C08025~2.XML")) returned 1 [0138.159] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.159] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml", cchCount2=8) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml", cchCount2=4) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml", cchCount2=8) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml", cchCount2=4) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml", cchCount2=8) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="c0802597-6174-487a-b7de-20e8b1aa384e_withdraw.xml", cchCount2=4) returned 1 [0138.159] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc77c27a6, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e301522, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xbb0b32d3, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x418b, dwReserved0=0x0, dwReserved1=0x0, cFileName="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cAlternateFileName="E80C85~1.XML")) returned 1 [0138.159] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.159] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=8) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=4) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=8) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=4) returned 1 [0138.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=8) returned 1 [0138.160] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=4) returned 1 [0138.160] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc77e89d5, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e34d9d0, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xbaf35d10, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x4172, dwReserved0=0x0, dwReserved1=0x0, cFileName="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cAlternateFileName="E80C85~2.XML")) returned 1 [0138.160] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.160] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.160] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=8) returned 1 [0138.160] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=4) returned 1 [0138.160] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=8) returned 1 [0138.160] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=4) returned 1 [0138.160] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=8) returned 1 [0138.160] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=4) returned 1 [0138.160] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8c930e8, ftCreationTime.dwHighDateTime=0x1d327b4, ftLastAccessTime.dwLowDateTime=0x4e399e7e, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x8507a310, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x5c3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cAlternateFileName="E9D217~1.XML")) returned 1 [0138.160] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.160] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=8) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=4) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=8) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=4) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=8) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=4) returned 1 [0138.161] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8c930e8, ftCreationTime.dwHighDateTime=0x1d327b4, ftLastAccessTime.dwLowDateTime=0x4e458a8d, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x85007c03, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x424c, dwReserved0=0x0, dwReserved1=0x0, cFileName="e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml", cAlternateFileName="E9D217~2.XML")) returned 1 [0138.161] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.161] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml", cchCount2=8) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml", cchCount2=4) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml", cchCount2=8) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml", cchCount2=4) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml", cchCount2=8) returned 1 [0138.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml", cchCount2=4) returned 1 [0138.162] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc780ec0e, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e4a4f18, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb806a476, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x43ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="fffd8b5d-0172-4719-a792-b7c76986459d_show.xml", cAlternateFileName="FFFD8B~1.XML")) returned 1 [0138.162] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.162] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_show.xml", cchCount2=8) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_show.xml", cchCount2=4) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_show.xml", cchCount2=8) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_show.xml", cchCount2=4) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_show.xml", cchCount2=8) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_show.xml", cchCount2=4) returned 1 [0138.162] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc780ec0e, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e4cb173, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb819b5fa, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x4443, dwReserved0=0x0, dwReserved1=0x0, cFileName="fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml", cAlternateFileName="FFFD8B~2.XML")) returned 1 [0138.162] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.162] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml", cchCount2=8) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml", cchCount2=4) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml", cchCount2=8) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml", cchCount2=4) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml", cchCount2=8) returned 1 [0138.162] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml", cchCount2=4) returned 1 [0138.163] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc780ec0e, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x4e4cb173, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb819b5fa, ftLastWriteTime.dwHighDateTime=0x1d336c5, nFileSizeHigh=0x0, nFileSizeLow=0x4443, dwReserved0=0x0, dwReserved1=0x0, cFileName="fffd8b5d-0172-4719-a792-b7c76986459d_withdraw.xml", cAlternateFileName="FFFD8B~2.XML")) returned 0 [0138.163] GetLastError () returned 0x12 [0138.163] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.164] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x4e4cb173, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x4e4cb173, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SoftLandingStage", cAlternateFileName="SOFTLA~2")) returned 1 [0138.164] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.164] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.164] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SoftLandingStage", cchCount2=8) returned 1 [0138.164] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SoftLandingStage", cchCount2=4) returned 1 [0138.164] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SoftLandingStage", cchCount2=8) returned 1 [0138.164] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SoftLandingStage", cchCount2=4) returned 1 [0138.164] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SoftLandingStage", cchCount2=8) returned 1 [0138.164] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SoftLandingStage", cchCount2=4) returned 1 [0138.164] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLandingStage\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x4e4cb173, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x4e4cb173, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d728 [0138.165] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0138.165] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.165] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x4e4cb173, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x4e4cb173, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.165] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.165] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.165] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x4e4cb173, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0x4e4cb173, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0138.165] GetLastError () returned 0x12 [0138.165] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0138.165] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xd6b11c43, ftLastAccessTime.dwHighDateTime=0x1d327b4, ftLastWriteTime.dwLowDateTime=0xd6b11c43, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TenantStorage", cAlternateFileName="TENANT~1")) returned 1 [0138.165] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.165] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.165] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="TenantStorage", cchCount2=8) returned 1 [0138.165] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="TenantStorage", cchCount2=4) returned 1 [0138.165] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="TenantStorage", cchCount2=8) returned 1 [0138.165] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="TenantStorage", cchCount2=4) returned 1 [0138.165] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="TenantStorage", cchCount2=8) returned 1 [0138.165] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="TenantStorage", cchCount2=4) returned 1 [0138.165] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\TenantStorage\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xd6b11c43, ftLastAccessTime.dwHighDateTime=0x1d327b4, ftLastWriteTime.dwLowDateTime=0xd6b11c43, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0138.166] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0138.166] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.166] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xd6b11c43, ftLastAccessTime.dwHighDateTime=0x1d327b4, ftLastWriteTime.dwLowDateTime=0xd6b11c43, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.166] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.166] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.166] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd6b11c43, ftCreationTime.dwHighDateTime=0x1d327b4, ftLastAccessTime.dwLowDateTime=0xd6b11c43, ftLastAccessTime.dwHighDateTime=0x1d327b4, ftLastWriteTime.dwLowDateTime=0xd6b37da3, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="P-ARIA", cAlternateFileName="")) returned 1 [0138.166] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0138.166] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0138.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="P-ARIA", cchCount2=4) returned 1 [0138.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="P-ARIA", cchCount2=4) returned 1 [0138.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="P-ARIA", cchCount2=4) returned 1 [0138.166] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\TenantStorage\\P-ARIA\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x12020e, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x19ed48, ftLastAccessTime.dwLowDateTime=0x773051f4, ftLastAccessTime.dwHighDateTime=0x24eb20c, ftLastWriteTime.dwLowDateTime=0x77304f40, ftLastWriteTime.dwHighDateTime=0x77305218, nFileSizeHigh=0x4, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="唬OᤸV놴Ɏ")) returned 0xffffffff [0138.167] GetLastError () returned 0x5 [0138.167] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd6b11c43, ftCreationTime.dwHighDateTime=0x1d327b4, ftLastAccessTime.dwLowDateTime=0xd6b11c43, ftLastAccessTime.dwHighDateTime=0x1d327b4, ftLastWriteTime.dwLowDateTime=0xd6b37da3, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="P-ARIA", cAlternateFileName="")) returned 0 [0138.168] GetLastError () returned 0x12 [0138.168] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.168] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x774ff760, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb85cc8d2, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb85cc8d2, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VortexSchemaRequests.dat", cAlternateFileName="VORTEX~1.DAT")) returned 1 [0138.168] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0138.168] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.168] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x774ff760, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb85cc8d2, ftLastAccessTime.dwHighDateTime=0x1d33839, ftLastWriteTime.dwLowDateTime=0xb85cc8d2, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VortexSchemaRequests.dat", cAlternateFileName="VORTEX~1.DAT")) returned 0 [0138.168] GetLastError () returned 0x12 [0138.168] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0138.168] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0138.168] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\DRM\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17c95299, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xbd71bd25, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17c95299, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0138.169] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0138.169] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.170] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0138.177] GetLastError () returned 0x12 [0138.177] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.177] GetLastError () returned 0x12 [0138.177] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0138.286] GetLastError () returned 0x12 [0138.286] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.287] GetLastError () returned 0x12 [0138.287] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.287] GetLastError () returned 0x12 [0138.287] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0138.287] GetLastError () returned 0x12 [0138.287] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0138.290] GetLastError () returned 0x12 [0138.290] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0138.290] GetLastError () returned 0x12 [0138.290] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.290] GetLastError () returned 0x12 [0138.290] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.291] GetLastError () returned 0x12 [0138.291] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.291] GetLastError () returned 0x12 [0138.292] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.292] GetLastError () returned 0x12 [0138.292] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0138.292] GetLastError () returned 0x12 [0138.292] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.294] GetLastError () returned 0x12 [0138.294] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.296] GetLastError () returned 0x12 [0138.296] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0138.296] GetLastError () returned 0x12 [0138.296] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0138.297] GetLastError () returned 0x12 [0138.297] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0138.297] GetLastError () returned 0x12 [0138.297] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.298] GetLastError () returned 0x12 [0138.298] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.304] GetLastError () returned 0x12 [0138.304] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.304] GetLastError () returned 0x12 [0138.304] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0138.304] GetLastError () returned 0x12 [0138.304] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.307] GetLastError () returned 0x12 [0138.307] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.307] GetLastError () returned 0x12 [0138.307] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0138.308] GetLastError () returned 0x12 [0138.308] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.312] GetLastError () returned 0x12 [0138.312] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.313] GetLastError () returned 0x12 [0138.313] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0138.313] GetLastError () returned 0x12 [0138.313] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.315] GetLastError () returned 0x12 [0138.315] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0138.315] GetLastError () returned 0x12 [0138.315] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.315] GetLastError () returned 0x12 [0138.315] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0138.317] GetLastError () returned 0x12 [0138.317] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0138.318] GetLastError () returned 0x12 [0138.318] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0138.318] GetLastError () returned 0x12 [0138.318] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.322] GetLastError () returned 0x12 [0138.322] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.322] GetLastError () returned 0x12 [0138.322] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0138.322] GetLastError () returned 0x12 [0138.322] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0138.324] GetLastError () returned 0x12 [0138.324] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0138.324] GetLastError () returned 0x12 [0138.324] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.324] GetLastError () returned 0x12 [0138.324] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.326] GetLastError () returned 0x12 [0138.326] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.327] GetLastError () returned 0x12 [0138.327] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0138.327] GetLastError () returned 0x12 [0138.327] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.328] GetLastError () returned 0x12 [0138.328] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.329] GetLastError () returned 0x12 [0138.329] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0138.329] GetLastError () returned 0x12 [0138.329] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.401] GetLastError () returned 0x12 [0138.401] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0138.402] GetLastError () returned 0x12 [0138.402] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0138.402] GetLastError () returned 0x12 [0138.402] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.405] GetLastError () returned 0x12 [0138.405] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0138.405] GetLastError () returned 0x12 [0138.405] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.405] GetLastError () returned 0x12 [0138.405] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0138.415] GetLastError () returned 0x12 [0138.415] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0138.415] GetLastError () returned 0x12 [0138.415] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0138.416] GetLastError () returned 0x12 [0138.416] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0138.465] GetLastError () returned 0x12 [0138.465] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0138.465] GetLastError () returned 0x12 [0138.465] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0138.465] GetLastError () returned 0x12 [0138.465] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0138.470] GetLastError () returned 0x12 [0138.470] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0138.471] GetLastError () returned 0x12 [0138.471] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0138.471] GetLastError () returned 0x12 [0138.471] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0140.630] GetLastError () returned 0x12 [0140.630] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0140.639] GetLastError () returned 0x12 [0140.639] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0140.639] GetLastError () returned 0x12 [0140.639] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0140.709] GetLastError () returned 0x12 [0140.709] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0140.709] GetLastError () returned 0x12 [0140.709] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0140.709] GetLastError () returned 0x12 [0140.709] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0140.712] GetLastError () returned 0x12 [0140.712] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0140.712] GetLastError () returned 0x12 [0140.712] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0140.712] GetLastError () returned 0x12 [0140.712] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0140.731] GetLastError () returned 0x12 [0140.731] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0140.732] GetLastError () returned 0x12 [0140.732] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0140.732] GetLastError () returned 0x12 [0140.732] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0140.733] GetLastError () returned 0x12 [0140.733] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0140.746] GetLastError () returned 0x12 [0140.747] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0140.750] GetLastError () returned 0x12 [0140.750] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0140.751] GetLastError () returned 0x12 [0140.751] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0140.754] GetLastError () returned 0x12 [0140.754] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0140.755] GetLastError () returned 0x12 [0140.755] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0140.755] GetLastError () returned 0x12 [0140.755] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0140.759] GetLastError () returned 0x12 [0140.759] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0140.759] GetLastError () returned 0x12 [0140.759] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0140.759] GetLastError () returned 0x12 [0140.759] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0140.805] GetLastError () returned 0x12 [0140.805] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0140.805] GetLastError () returned 0x12 [0140.805] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0140.805] GetLastError () returned 0x12 [0140.805] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0140.807] GetLastError () returned 0x12 [0140.807] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0140.807] GetLastError () returned 0x12 [0140.807] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0140.817] GetLastError () returned 0x12 [0140.817] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0140.818] GetLastError () returned 0x12 [0140.818] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0140.818] GetLastError () returned 0x12 [0140.818] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0140.819] GetLastError () returned 0x12 [0140.819] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0140.819] GetLastError () returned 0x12 [0140.819] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0140.825] GetLastError () returned 0x12 [0140.825] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0140.827] GetLastError () returned 0x12 [0140.827] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0140.827] GetLastError () returned 0x12 [0140.827] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0140.828] GetLastError () returned 0x12 [0140.828] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0140.828] GetLastError () returned 0x12 [0140.828] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0140.829] GetLastError () returned 0x12 [0140.829] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0140.830] GetLastError () returned 0x12 [0140.830] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0140.830] GetLastError () returned 0x12 [0140.830] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0140.842] GetLastError () returned 0x12 [0140.842] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0140.843] GetLastError () returned 0x12 [0140.843] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.530] GetLastError () returned 0x12 [0141.530] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.536] GetLastError () returned 0x12 [0141.536] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.542] GetLastError () returned 0x12 [0141.542] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.548] GetLastError () returned 0x12 [0141.548] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.554] GetLastError () returned 0x12 [0141.554] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0141.560] GetLastError () returned 0x12 [0141.560] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.563] GetLastError () returned 0x12 [0141.563] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.567] GetLastError () returned 0x12 [0141.567] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.859] GetLastError () returned 0x12 [0141.859] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.863] GetLastError () returned 0x12 [0141.863] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.868] GetLastError () returned 0x12 [0141.868] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.871] GetLastError () returned 0x12 [0141.871] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.871] GetLastError () returned 0x12 [0141.872] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.872] GetLastError () returned 0x12 [0141.872] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.874] GetLastError () returned 0x12 [0141.874] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.877] GetLastError () returned 0x12 [0141.877] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.880] GetLastError () returned 0x12 [0141.880] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0141.886] GetLastError () returned 0x12 [0141.886] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0141.894] GetLastError () returned 0x12 [0141.894] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.900] GetLastError () returned 0x12 [0141.900] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.901] GetLastError () returned 0x12 [0141.901] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0141.903] GetLastError () returned 0x12 [0141.903] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0141.904] GetLastError () returned 0x12 [0141.904] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0142.029] GetLastError () returned 0x12 [0142.029] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0142.032] GetLastError () returned 0x12 [0142.032] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0142.033] GetLastError () returned 0x12 [0142.033] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0142.035] GetLastError () returned 0x12 [0142.035] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0142.038] GetLastError () returned 0x12 [0142.038] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0142.040] GetLastError () returned 0x12 [0142.040] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0142.043] GetLastError () returned 0x12 [0142.043] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0142.045] GetLastError () returned 0x12 [0142.045] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0142.045] GetLastError () returned 0x12 [0142.045] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0142.048] GetLastError () returned 0x12 [0142.048] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0142.051] GetLastError () returned 0x12 [0142.051] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0142.054] GetLastError () returned 0x12 [0142.054] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0142.054] GetLastError () returned 0x12 [0142.054] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0142.057] GetLastError () returned 0x12 [0142.057] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0142.063] GetLastError () returned 0x12 [0142.063] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0142.065] GetLastError () returned 0x12 [0142.065] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0142.070] GetLastError () returned 0x12 [0142.070] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.187] GetLastError () returned 0x12 [0145.187] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.188] GetLastError () returned 0x12 [0145.188] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.191] GetLastError () returned 0x12 [0145.191] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0145.193] GetLastError () returned 0x12 [0145.193] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.195] GetLastError () returned 0x12 [0145.195] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0145.195] GetLastError () returned 0x12 [0145.195] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.199] GetLastError () returned 0x12 [0145.199] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.203] GetLastError () returned 0x12 [0145.203] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.206] GetLastError () returned 0x12 [0145.206] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.206] GetLastError () returned 0x12 [0145.206] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.208] GetLastError () returned 0x12 [0145.208] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.210] GetLastError () returned 0x12 [0145.210] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.212] GetLastError () returned 0x12 [0145.212] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0145.214] GetLastError () returned 0x12 [0145.214] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0145.263] GetLastError () returned 0x12 [0145.263] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0146.910] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftOfficeHub_2017.311.255.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0146.911] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftOfficeHub_2017.311.255.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0146.911] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftOfficeHub_2017.311.255.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0146.911] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftOfficeHub_2017.311.255.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0146.911] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftOfficeHub_2017.311.255.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0146.911] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftOfficeHub_2017.311.255.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0146.911] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftOfficeHub_2017.311.255.0_neutral_~_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc3123ced, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc3123ced, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc3123ced, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0147.650] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0147.650] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc3123ced, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc3123ced, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc3123ced, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0147.650] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0147.650] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0147.650] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc3123ced, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc3123ced, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc3123ced, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0147.650] GetLastError () returned 0x12 [0147.650] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0147.651] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96ea5b4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdb4a220d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xdb4a220d, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-100_8wekyb3d8bbwe", cAlternateFileName="MI06F6~1.SCA")) returned 1 [0147.651] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0147.651] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0147.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=8) returned 1 [0147.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=4) returned 1 [0147.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=8) returned 1 [0147.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=4) returned 1 [0147.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=8) returned 1 [0147.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=4) returned 1 [0147.651] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-100_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96ea5b4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdb4a220d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xdb4a220d, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0147.652] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0147.652] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0147.652] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96ea5b4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdb4a220d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xdb4a220d, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0147.652] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0147.652] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0147.652] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb4a220d, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xdb4a220d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xdb4a220d, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x40c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0147.653] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0147.653] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0147.874] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb4a220d, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xdb4a220d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xdb4a220d, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x40c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0147.874] GetLastError () returned 0x12 [0147.874] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.603] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96ea5b4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc96ea5b4, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc96ea5b4, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe", cAlternateFileName="MI673F~1.SCA")) returned 1 [0148.603] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.603] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.603] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96ea5b4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc96ea5b4, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc96ea5b4, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.604] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.604] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.604] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96ea5b4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc96ea5b4, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc96ea5b4, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.604] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.604] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.604] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96ea5b4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc96ea5b4, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc96ea5b4, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.605] GetLastError () returned 0x12 [0148.605] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.605] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96c435e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc96c435e, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc96c435e, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe", cAlternateFileName="MI9806~1.0_N")) returned 1 [0148.605] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.605] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.606] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96c435e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc96c435e, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc96c435e, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.606] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.606] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.606] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96c435e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc96c435e, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc96c435e, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.606] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.606] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.606] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96c435e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc96c435e, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc96c435e, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.606] GetLastError () returned 0x12 [0148.606] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.606] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96c435e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdb4ee6af, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xdb4ee6af, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe", cAlternateFileName="MIEA86~1.0_X")) returned 1 [0148.607] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.607] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.607] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96c435e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdb4ee6af, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xdb4ee6af, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.609] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.609] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.609] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc96c435e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdb4ee6af, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xdb4ee6af, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.609] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.609] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.609] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc97f562c, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc999916e, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc999916e, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0148.610] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.610] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.610] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9841c3d, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc9841c3d, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc9841c3d, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0148.610] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.610] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.610] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xc9841c3d, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc9841c3d, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xc9841c3d, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0148.610] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.610] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.610] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb4ee6af, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xdb4ee6af, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xdb4ee6af, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x1d14, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.610] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.611] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.611] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb4ee6af, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xdb4ee6af, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xdb4ee6af, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x1d14, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.611] GetLastError () returned 0x12 [0148.611] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.612] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb2ee04f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd8d71575, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd8d71575, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe", cAlternateFileName="MIA5B6~1.SCA")) returned 1 [0148.612] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.612] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.612] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb2ee04f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd8d71575, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd8d71575, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.726] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.726] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.726] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb2ee04f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd8d71575, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd8d71575, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.726] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.726] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.726] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8d71575, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd8d71575, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd8d71575, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x3cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.726] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.726] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.727] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8d71575, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd8d71575, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd8d71575, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x3cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.727] GetLastError () returned 0x12 [0148.727] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.727] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb314296, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb314296, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcb314296, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe", cAlternateFileName="MI2CD9~1.SCA")) returned 1 [0148.727] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.727] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.727] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb314296, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb314296, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcb314296, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6a8 [0148.728] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.728] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.728] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb314296, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb314296, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcb314296, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.728] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.728] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.728] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb314296, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb314296, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcb314296, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.728] GetLastError () returned 0x12 [0148.728] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0148.728] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb2ee04f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb2ee04f, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcb2ee04f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe", cAlternateFileName="MIFFC1~1.0_N")) returned 1 [0148.728] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.728] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.729] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb2ee04f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb2ee04f, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcb2ee04f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.729] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.729] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.729] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb2ee04f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb2ee04f, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcb2ee04f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.729] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.729] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.729] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb2ee04f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb2ee04f, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcb2ee04f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.730] GetLastError () returned 0x12 [0148.730] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.730] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb2ee04f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd8d71575, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd8d71575, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe", cAlternateFileName="MIAB25~1.0_X")) returned 1 [0148.730] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.730] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.730] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb2ee04f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd8d71575, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd8d71575, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.733] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.733] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.734] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb2ee04f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd8d71575, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd8d71575, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.734] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.734] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.734] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb3f90f6, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb52a4b1, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcb52a4b1, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0148.734] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.734] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.734] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcb4455c4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb4455c4, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcb4455c4, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0148.734] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.734] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.735] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcb4455c4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb4455c4, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcb4455c4, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0148.735] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.735] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.735] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8d71575, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd8d71575, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd8d71575, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x171c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.735] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.735] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.735] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8d71575, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd8d71575, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd8d71575, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x171c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.735] GetLastError () returned 0x12 [0148.735] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.737] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd25f2a9, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc002f677, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcd25f2a9, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MSPaint_1.1702.28017.0_neutral_~_8wekyb3d8bbwe", cAlternateFileName="MI34B5~1.0_N")) returned 1 [0148.737] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.737] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MSPaint_1.1702.28017.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MSPaint_1.1702.28017.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MSPaint_1.1702.28017.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MSPaint_1.1702.28017.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MSPaint_1.1702.28017.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MSPaint_1.1702.28017.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.737] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MSPaint_1.1702.28017.0_neutral_~_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd25f2a9, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc002f677, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcd25f2a9, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.739] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.739] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.739] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd25f2a9, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc002f677, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcd25f2a9, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.739] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.739] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.739] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd25f2a9, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc002f677, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcd25f2a9, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.739] GetLastError () returned 0x12 [0148.739] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.739] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd2853a0, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd7ed6e37, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd7ed6e37, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI21E8~1.0_X")) returned 1 [0148.739] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.739] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.740] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.740] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.740] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.740] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.740] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.740] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd2853a0, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd7ed6e37, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd7ed6e37, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.743] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.743] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.743] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcd2853a0, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd7ed6e37, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd7ed6e37, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.743] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.743] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.743] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd428da8, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcd618ddd, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcd618ddd, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0148.743] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.744] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.744] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.744] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.744] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.744] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.744] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.744] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.744] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcd475397, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcd475397, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcd475397, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0148.744] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.744] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.744] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xcd475397, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcd475397, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcd475397, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0148.744] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.744] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.744] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7ed6e37, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd7ed6e37, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd7ed6e37, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.745] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.745] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.745] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7ed6e37, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd7ed6e37, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd7ed6e37, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.745] GetLastError () returned 0x12 [0148.745] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.747] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd8b74a35, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xc009a429, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd8b74a35, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI052E~1.0_X")) returned 1 [0148.747] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.747] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.747] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.747] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.747] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.747] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.747] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.747] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.747] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd8b74a35, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xc009a429, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd8b74a35, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.748] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.748] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.748] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd8b74a35, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xc009a429, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd8b74a35, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.748] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.748] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.748] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd8b74a35, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xc009a429, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd8b74a35, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.748] GetLastError () returned 0x12 [0148.748] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.748] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xda4573f7, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xda4573f7, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xda4573f7, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cAlternateFileName="MI3AF7~1.0_X")) returned 1 [0148.748] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.748] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.748] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.748] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.748] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.748] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.748] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.749] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.749] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xda4573f7, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xda4573f7, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xda4573f7, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.749] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.749] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.749] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xda4573f7, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xda4573f7, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xda4573f7, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.749] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.749] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.749] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xda4573f7, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xda4573f7, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xda4573f7, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.749] GetLastError () returned 0x12 [0148.749] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.749] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb1742cc, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8ed7e84, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8ed7e84, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI4ACC~1.0_X")) returned 1 [0148.749] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.749] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.750] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.750] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.750] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.750] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.750] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.750] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.750] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb1742cc, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8ed7e84, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8ed7e84, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.750] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.750] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.750] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb1742cc, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8ed7e84, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8ed7e84, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.750] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.750] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.750] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9dc4244c, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xb8ed7e84, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8ed7e84, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.750] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.750] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.751] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9dc4244c, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xb8ed7e84, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8ed7e84, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.751] GetLastError () returned 0x12 [0148.751] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.751] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdbb49e3f, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8e192b8, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8e192b8, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x86__8wekyb3d8bbwe", cAlternateFileName="MI0106~1.0_X")) returned 1 [0148.751] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.751] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.751] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.751] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.751] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.751] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.751] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.751] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.751] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Framework.1.1_1.0.23115.0_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdbb49e3f, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8e192b8, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8e192b8, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.752] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.752] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.752] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdbb49e3f, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8e192b8, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8e192b8, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.752] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.752] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.752] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9db83899, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xb8e192b8, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8e192b8, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.752] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.752] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.752] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9db83899, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xb8e192b8, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8e192b8, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.752] GetLastError () returned 0x12 [0148.752] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.752] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb046ec20, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xec0ad3fb, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec0ad3fb, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI04D1~1.0_X")) returned 1 [0148.753] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.753] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.753] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb046ec20, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xec0ad3fb, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec0ad3fb, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.753] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.753] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.753] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb046ec20, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xec0ad3fb, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec0ad3fb, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.753] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.754] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.754] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec0ad3fb, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xec0ad3fb, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec0d3654, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.754] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.754] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.754] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec0ad3fb, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xec0ad3fb, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec0d3654, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.754] GetLastError () returned 0x12 [0148.754] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.754] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf79e229, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xebf2fc88, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xebf2fc88, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe", cAlternateFileName="MIF51B~1.0_X")) returned 1 [0148.754] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.754] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.755] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf79e229, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xebf2fc88, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xebf2fc88, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.755] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.755] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.755] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaf79e229, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xebf2fc88, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xebf2fc88, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.755] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.755] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.755] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebf2fc88, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xebf2fc88, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xebf2fc88, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.755] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.755] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.755] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebf2fc88, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xebf2fc88, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xebf2fc88, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.755] GetLastError () returned 0x12 [0148.755] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.756] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc2971cb, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b60cb3b, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b60cb3b, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI67F0~1.0_X")) returned 1 [0148.853] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.853] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.853] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.853] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.853] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.853] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.853] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.853] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.853] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc2971cb, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b60cb3b, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b60cb3b, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.854] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.854] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.854] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc2971cb, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b60cb3b, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b60cb3b, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.854] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.854] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.854] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b60cb3b, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b60cb3b, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b60cb3b, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.854] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.854] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.854] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b60cb3b, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b60cb3b, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b60cb3b, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.854] GetLastError () returned 0x12 [0148.854] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.855] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdcbae159, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b6a549f, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b6a549f, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cAlternateFileName="MI2C2E~1.0_X")) returned 1 [0148.855] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.855] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.855] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.855] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.855] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.855] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.855] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.855] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.855] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Framework.1.6_1.6.24903.0_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdcbae159, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b6a549f, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b6a549f, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.855] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.855] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.855] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdcbae159, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b6a549f, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b6a549f, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.855] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.855] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.855] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b6a549f, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b6a549f, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b6a549f, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.855] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.855] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.856] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b6a549f, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b6a549f, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b6a549f, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.856] GetLastError () returned 0x12 [0148.856] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.856] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdd5d0188, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xdd5d0188, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xdd5d0188, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cAlternateFileName="MIEBDA~1.0_X")) returned 1 [0148.856] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.856] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.856] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.856] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.856] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.856] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.856] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.856] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.856] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdd5d0188, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xdd5d0188, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xdd5d0188, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.857] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.857] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.857] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdd5d0188, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xdd5d0188, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xdd5d0188, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.857] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.857] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.857] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdd5d0188, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xdd5d0188, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xdd5d0188, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.857] GetLastError () returned 0x12 [0148.857] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.857] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xddf0d37b, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xddf0d37b, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xddf0d37b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cAlternateFileName="MIA018~1.0_X")) returned 1 [0148.857] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.857] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.858] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Runtime.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xddf0d37b, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xddf0d37b, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xddf0d37b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.858] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.858] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.858] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xddf0d37b, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xddf0d37b, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xddf0d37b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.858] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.858] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.858] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xddf0d37b, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xddf0d37b, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xddf0d37b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.858] GetLastError () returned 0x12 [0148.858] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.858] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde7b1c02, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8d0e22e, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8d0e22e, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI7399~1.0_X")) returned 1 [0148.858] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.858] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.858] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.858] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.858] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.858] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.858] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.859] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde7b1c02, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8d0e22e, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8d0e22e, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.859] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.859] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.859] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde7b1c02, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8d0e22e, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8d0e22e, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.859] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.859] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.859] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9da06111, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xb8d0e22e, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8d0e22e, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.859] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.859] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.859] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9da06111, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xb8d0e22e, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8d0e22e, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.859] GetLastError () returned 0x12 [0148.859] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.859] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf2463ca, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8c031cc, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8c031cc, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x86__8wekyb3d8bbwe", cAlternateFileName="MI38C6~1.0_X")) returned 1 [0148.860] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.860] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.860] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Runtime.1.1_1.1.23118.0_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf2463ca, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8c031cc, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8c031cc, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.860] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.860] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.860] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf2463ca, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xb8c031cc, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8c031cc, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.860] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.860] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.860] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d94752f, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xb8c031cc, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8c031cc, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.860] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.860] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.861] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d94752f, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xb8c031cc, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xb8c031cc, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.861] GetLastError () returned 0x12 [0148.861] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.861] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xae2e7ae6, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xebd66076, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xebd66076, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe", cAlternateFileName="MICROS~4.0_X")) returned 1 [0148.861] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.861] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.861] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.861] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.861] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.861] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.861] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.861] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.861] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xae2e7ae6, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xebd66076, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xebd66076, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.861] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.862] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.862] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xae2e7ae6, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xebd66076, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xebd66076, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.862] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.862] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.862] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebd66076, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xebd66076, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xebd8c317, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.862] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.862] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.862] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebd66076, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xebd66076, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xebd8c317, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.862] GetLastError () returned 0x12 [0148.862] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.862] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xad7ba9e8, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xeb913be8, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xeb913be8, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe", cAlternateFileName="MICROS~3.0_X")) returned 1 [0148.862] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.862] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.863] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.863] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xad7ba9e8, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xeb913be8, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xeb913be8, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.863] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.863] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.863] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xad7ba9e8, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xeb913be8, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xeb913be8, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.863] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.863] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.863] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb913be8, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xeb913be8, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xeb913be8, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.863] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.863] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.863] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb913be8, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xeb913be8, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xeb913be8, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.863] GetLastError () returned 0x12 [0148.863] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.863] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xad0dfe61, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x94ce5ec5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x94ce5ec5, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe", cAlternateFileName="MICROS~2.0_X")) returned 1 [0148.864] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.864] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.864] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xad0dfe61, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x94ce5ec5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x94ce5ec5, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6a8 [0148.864] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.864] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.864] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xad0dfe61, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x94ce5ec5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x94ce5ec5, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.864] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.864] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.864] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94ce5ec5, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x94ce5ec5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x94ce5ec5, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.864] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.865] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.865] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94ce5ec5, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x94ce5ec5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x94ce5ec5, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.865] GetLastError () returned 0x12 [0148.865] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0148.865] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaca2b3ac, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x94bdae53, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x94bdae53, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe", cAlternateFileName="MICROS~1.0_X")) returned 1 [0148.865] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.865] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.865] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaca2b3ac, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x94bdae53, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x94bdae53, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.866] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.866] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.866] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaca2b3ac, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x94bdae53, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x94bdae53, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.867] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.867] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.867] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94bdae53, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x94bdae53, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x94bdae53, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.867] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.867] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.867] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94bdae53, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x94bdae53, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x94bdae53, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.867] GetLastError () returned 0x12 [0148.867] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.867] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf9b990a, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b46914e, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b46914e, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cAlternateFileName="MIBE4A~1.0_X")) returned 1 [0148.867] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.867] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.867] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.868] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf9b990a, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b46914e, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b46914e, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.868] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.868] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.868] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf9b990a, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b46914e, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b46914e, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.868] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.868] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.868] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b46914e, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b46914e, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b46914e, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.868] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.868] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.869] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b46914e, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b46914e, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b46914e, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.869] GetLastError () returned 0x12 [0148.869] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.869] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe00ba7ea, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b527d0a, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b527d0a, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cAlternateFileName="MI7387~1.0_X")) returned 1 [0148.869] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.869] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x86__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.869] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.NET.Native.Runtime.1.6_1.6.24903.0_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe00ba7ea, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b527d0a, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b527d0a, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.869] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.870] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.870] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe00ba7ea, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8b527d0a, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b527d0a, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.870] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.870] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.870] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b527d0a, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b527d0a, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b527d0a, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.870] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.870] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.870] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b527d0a, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b527d0a, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b527d0a, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.870] GetLastError () returned 0x12 [0148.870] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.870] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd1eaa713, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8d980e9d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8d980e9d, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI20CB~1.0_X")) returned 1 [0148.870] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.870] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.871] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.871] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd1eaa713, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8d980e9d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8d980e9d, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0148.873] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.874] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.874] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd1eaa713, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8d980e9d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8d980e9d, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.874] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.874] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.874] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1fb5782, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd2a7013d, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd2a7013d, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0148.874] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.874] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.874] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xd1fdb9b6, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd1fdb9b6, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd1fdb9b6, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0148.874] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.874] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.874] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xd2001c2b, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd2001c2b, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd2001c2b, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0148.875] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.875] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.875] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d980e9d, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8d980e9d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8d983584, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0xb60, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.875] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.875] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.875] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d980e9d, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8d980e9d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8d983584, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0xb60, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.875] GetLastError () returned 0x12 [0148.875] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0148.877] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd1eaa713, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd1eaa713, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd1eaa713, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe", cAlternateFileName="MIAECB~1.0_N")) returned 1 [0148.877] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.877] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.877] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.877] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.877] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.877] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.877] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.877] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.877] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd1eaa713, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd1eaa713, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd1eaa713, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.878] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.878] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.878] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd1eaa713, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd1eaa713, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd1eaa713, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.878] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.878] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.878] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd1eaa713, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd1eaa713, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd1eaa713, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.878] GetLastError () returned 0x12 [0148.878] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.878] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe446155c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xd6fca002, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd6fca002, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI4126~1.0_X")) returned 1 [0148.878] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.878] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.878] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe446155c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xd6fca002, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd6fca002, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.883] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.883] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.883] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe446155c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xd6fca002, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd6fca002, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.883] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.883] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.883] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe45200be, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe470ff6d, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe470ff6d, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0148.883] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.883] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.883] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe456c579, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe456c579, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe456c579, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0148.883] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.883] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.884] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe456c579, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe456c579, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe456c579, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0148.884] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.884] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.884] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6fca002, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd6fca002, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd6fca002, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0xaf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.884] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.884] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.884] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6fca002, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd6fca002, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd6fca002, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0xaf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.884] GetLastError () returned 0x12 [0148.884] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.886] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe443b29c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xc01e39d2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe443b29c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe", cAlternateFileName="MI01E4~1.0_N")) returned 1 [0148.886] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.886] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.886] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe443b29c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xc01e39d2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe443b29c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0148.887] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.887] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.887] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe443b29c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xc01e39d2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe443b29c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.887] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.887] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.887] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe443b29c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xc01e39d2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe443b29c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.887] GetLastError () returned 0x12 [0148.887] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0148.887] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45db281, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd5f65c81, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd5f65c81, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe", cAlternateFileName="MI4988~1.SCA")) returned 1 [0148.887] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.887] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.887] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.887] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.888] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.888] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.888] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.888] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.888] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45db281, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd5f65c81, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd5f65c81, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0148.890] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.890] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.891] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45db281, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd5f65c81, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd5f65c81, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.891] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.891] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.891] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5f65c81, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd5f65c81, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd5f65c81, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x3cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.891] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.891] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.891] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5f65c81, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd5f65c81, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd5f65c81, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x3cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.891] GetLastError () returned 0x12 [0148.891] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0148.891] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45db281, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd45db281, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd45db281, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe", cAlternateFileName="MI8808~1.SCA")) returned 1 [0148.891] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.891] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.892] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45db281, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd45db281, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd45db281, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.892] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.892] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.892] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45db281, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd45db281, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd45db281, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.892] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.892] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.893] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45db281, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd45db281, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd45db281, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.893] GetLastError () returned 0x12 [0148.893] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.893] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45b50fc, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc01e61aa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd45b50fc, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.OneConnect_2.1701.277.0_neutral_~_8wekyb3d8bbwe", cAlternateFileName="MI2A4A~1.0_N")) returned 1 [0148.979] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.979] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.979] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.979] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.979] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.979] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.979] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_~_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.979] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_neutral_~_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.979] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.OneConnect_2.1701.277.0_neutral_~_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45b50fc, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc01e61aa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd45b50fc, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.980] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.980] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.980] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45b50fc, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc01e61aa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd45b50fc, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.980] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.980] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.980] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45b50fc, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc01e61aa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd45b50fc, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.980] GetLastError () returned 0x12 [0148.980] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.981] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45db281, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd5f65c81, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd5f65c81, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI5B43~1.0_X")) returned 1 [0148.981] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.981] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.981] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45db281, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd5f65c81, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd5f65c81, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.983] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.983] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.983] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd45db281, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd5f65c81, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd5f65c81, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.983] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.983] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.983] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4673bd2, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd47a4ead, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd47a4ead, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0148.983] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.983] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivationStore.dat", cchCount2=8) returned 1 [0148.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivationStore.dat", cchCount2=4) returned 1 [0148.984] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xd4699f34, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd4699f34, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd4699f34, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0148.984] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.984] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.984] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xd4699f34, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd4699f34, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd4699f34, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0148.984] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.984] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.984] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5f65c81, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd5f65c81, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd5f65c81, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x1718, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.984] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.984] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.985] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5f65c81, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd5f65c81, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd5f65c81, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x1718, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.985] GetLastError () returned 0x12 [0148.985] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.986] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd4774ad5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd4774ad5, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.People_10.1.10531.0_neutral_split.scale-100_8wekyb3d8bbwe", cAlternateFileName="MI155A~1.SCA")) returned 1 [0148.986] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.986] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.986] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.People_10.1.10531.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.986] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft.People_10.1.10531.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=4) returned 1 [0148.986] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft.People_10.1.10531.0_neutral_split.scale-100_8wekyb3d8bbwe", cchCount2=8) returned 1 [0148.986] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.People_10.1.10531.0_neutral_split.scale-100_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd4774ad5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd4774ad5, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0148.987] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.987] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.987] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd4774ad5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd4774ad5, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.987] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.987] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.987] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4774ad5, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd4774ad5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd4774ad5, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x39c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.987] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.987] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.988] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4774ad5, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd4774ad5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd4774ad5, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x39c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.988] GetLastError () returned 0x12 [0148.988] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0148.988] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc028b533, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd61ded48, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.People_10.1.10531.0_neutral_split.scale-125_8wekyb3d8bbwe", cAlternateFileName="MIBC36~1.SCA")) returned 1 [0148.988] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.988] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.988] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.People_10.1.10531.0_neutral_split.scale-125_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc028b533, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd61ded48, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.988] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.988] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.988] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc028b533, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd61ded48, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.989] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.989] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.989] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc028b533, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd61ded48, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.989] GetLastError () returned 0x12 [0148.989] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.989] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd479abb2, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd479abb2, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI698D~1.0_X")) returned 1 [0148.989] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.989] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.989] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd479abb2, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd479abb2, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.992] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.992] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.993] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd479abb2, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd479abb2, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.993] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.993] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.993] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd629d8ff, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd641b08f, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd641b08f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0148.993] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.993] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.993] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xd6310016, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd6310016, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd6310016, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0148.993] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.993] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.993] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xd6310016, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd6310016, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd6310016, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0148.993] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.993] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.993] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd479abb2, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd479abb2, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd479abb2, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x16a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0148.993] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.994] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.994] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd479abb2, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd479abb2, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd479abb2, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x16a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0148.994] GetLastError () returned 0x12 [0148.994] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0148.995] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd61ded48, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd61ded48, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.People_2017.222.1920.0_neutral_~_8wekyb3d8bbwe", cAlternateFileName="MI86E0~1.0_N")) returned 1 [0148.995] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.995] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.995] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.People_2017.222.1920.0_neutral_~_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd61ded48, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd61ded48, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d728 [0148.996] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.996] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.996] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd61ded48, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd61ded48, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.996] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0148.996] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.996] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd61ded48, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd61ded48, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xd61ded48, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0148.996] GetLastError () returned 0x12 [0148.996] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0148.996] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e18f7b2, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7f85fbfd, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x7f85fbfd, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy", cAlternateFileName="MI5A4E~1.0_N")) returned 1 [0148.996] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0148.996] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0148.996] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e18f7b2, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7f85fbfd, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x7f85fbfd, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0148.999] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0148.999] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0148.999] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e18f7b2, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7f85fbfd, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x7f85fbfd, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0148.999] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.000] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.000] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e3a57cf, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x9e523003, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x9e523003, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0149.000] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.000] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.000] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9e3f1dd7, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x9e3f1dd7, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x9e3f1dd7, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0149.000] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.000] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.000] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9e3f1dd7, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x9e3f1dd7, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x9e3f1dd7, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0149.000] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.000] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.000] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f85fbfd, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x7f85fbfd, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x7f85fbfd, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x6e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0149.000] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.000] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.000] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f85fbfd, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x7f85fbfd, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x7f85fbfd, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x6e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0149.000] GetLastError () returned 0x12 [0149.001] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.002] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe51581cf, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x89c1f221, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x89c1f221, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Services.Store.Engagement_10.0.1706.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI4486~1.0_X")) returned 1 [0149.002] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.002] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.002] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Services.Store.Engagement_10.0.1706.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe51581cf, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x89c1f221, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b121dc6, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.004] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.004] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.004] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe51581cf, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x89c1f221, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b121dc6, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.004] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.004] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.004] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe51ca8ff, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x89d03f94, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x89d03f94, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0149.004] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.005] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.005] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe51f0b80, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe51f0b80, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe51f0b80, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0149.005] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.005] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.005] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe51f0b80, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe51f0b80, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe51f0b80, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0149.005] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.005] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.005] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b121dc6, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b121dc6, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b121dc6, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x48c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0149.005] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.005] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.005] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b121dc6, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b121dc6, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b121dc6, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x48c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0149.005] GetLastError () returned 0x12 [0149.005] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.007] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe593dec1, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x89d766a5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x89d766a5, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Services.Store.Engagement_10.0.1706.0_x86__8wekyb3d8bbwe", cAlternateFileName="MI9817~1.0_X")) returned 1 [0149.007] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.007] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.007] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Services.Store.Engagement_10.0.1706.0_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe593dec1, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x89d766a5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b2eb9cf, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.010] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.010] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.010] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe593dec1, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x89d766a5, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b2eb9cf, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.010] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.010] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.010] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe59b05d5, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x89e81739, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x89e81739, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0149.010] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.010] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.010] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe59d699a, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe59d699a, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe59d699a, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0149.010] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.010] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.010] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe59d699a, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe59d699a, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe59d699a, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0149.010] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.011] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.011] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b2eb9cf, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b2eb9cf, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b2eb9cf, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x48c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0149.011] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.011] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.011] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b2eb9cf, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x8b2eb9cf, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x8b2eb9cf, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x48c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0149.011] GetLastError () returned 0x12 [0149.011] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.012] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdba3c24b, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x88e698d0, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x88e698d0, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-100_kzf8qxf38zg5c", cAlternateFileName="MI66C7~1.SCA")) returned 1 [0149.012] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.012] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.012] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-100_kzf8qxf38zg5c\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdba3c24b, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x88e698d0, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x88e698d0, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0149.013] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.013] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.013] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdba3c24b, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x88e698d0, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x88e698d0, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.013] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.013] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.013] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88e698d0, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x88e698d0, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x88e698d0, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x3d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0149.013] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.013] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.013] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88e698d0, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x88e698d0, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x88e698d0, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x3d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0149.014] GetLastError () returned 0x12 [0149.014] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0149.014] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdba3c24b, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdba3c24b, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdba3c24b, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c", cAlternateFileName="MIFA2C~1.SCA")) returned 1 [0149.014] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.014] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.014] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdba3c24b, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdba3c24b, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdba3c24b, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.014] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.014] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.014] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdba3c24b, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdba3c24b, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdba3c24b, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.014] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.014] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.014] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdba3c24b, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdba3c24b, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdba3c24b, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0149.015] GetLastError () returned 0x12 [0149.015] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.015] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb9efd9f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc0491dfe, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xdb9efd9f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.SkypeApp_11.8.204.0_neutral_~_kzf8qxf38zg5c", cAlternateFileName="MI29A2~1.0_N")) returned 1 [0149.015] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.015] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.015] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.SkypeApp_11.8.204.0_neutral_~_kzf8qxf38zg5c\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb9efd9f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc0491dfe, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xdb9efd9f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0149.015] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.015] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.015] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb9efd9f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc0491dfe, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xdb9efd9f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.016] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.016] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.016] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdb9efd9f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc0491dfe, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xdb9efd9f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0149.016] GetLastError () returned 0x12 [0149.016] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0149.016] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdba15ff2, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x88e8fb16, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x88e8fb16, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c", cAlternateFileName="MIC69C~1.0_X")) returned 1 [0149.016] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.016] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.016] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdba15ff2, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x88e8fb16, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x88e8fb16, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.016] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.016] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.016] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdba15ff2, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x88e8fb16, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x88e8fb16, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.016] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.016] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.017] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbb6d4f6, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x665f07f5, ftLastAccessTime.dwHighDateTime=0x1d6084c, ftLastWriteTime.dwLowDateTime=0xded0c5f6, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0149.017] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.017] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.017] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xdddd9685, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdddd9685, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdddd9685, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0149.017] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.017] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.017] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xdddd9685, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdddd9685, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdddd9685, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0149.017] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.017] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.017] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88e8fb16, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x88e8fb16, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x88e8fb16, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x1764, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0149.017] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.017] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.017] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88e8fb16, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x88e8fb16, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x88e8fb16, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x1764, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0149.018] GetLastError () returned 0x12 [0149.018] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.018] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfec7dad, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd32e43bc, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd32e43bc, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.StorePurchaseApp_1.0.45.0_x64__8wekyb3d8bbwe", cAlternateFileName="MIC910~1.0_X")) returned 1 [0149.018] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.018] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.018] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.StorePurchaseApp_1.0.45.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfec7dad, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd32e43bc, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd32e43bc, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0149.134] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.134] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.134] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfec7dad, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd32e43bc, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd32e43bc, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.134] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.134] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.134] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdffacb9d, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xe0176941, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xe0176941, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0149.134] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.134] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.135] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xdfff91bb, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdfff91bb, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdfff91bb, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0149.135] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.135] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.135] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xdfff91bb, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdfff91bb, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdfff91bb, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0149.135] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.135] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.135] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd32e43bc, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd32e43bc, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd32e43bc, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0xde8, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0149.135] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.135] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.135] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd32e43bc, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xd32e43bc, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xd32e43bc, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0xde8, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0149.136] GetLastError () returned 0x12 [0149.136] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0149.137] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfea1b47, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdfea1b47, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdfea1b47, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.StorePurchaseApp_1.0.454.0_neutral_~_8wekyb3d8bbwe", cAlternateFileName="MI3F66~1.0_N")) returned 1 [0149.137] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.137] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.137] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.StorePurchaseApp_1.0.454.0_neutral_~_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfea1b47, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdfea1b47, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdfea1b47, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.137] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.137] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.137] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfea1b47, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdfea1b47, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdfea1b47, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.137] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.137] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.137] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdfea1b47, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdfea1b47, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xdfea1b47, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0149.137] GetLastError () returned 0x12 [0149.138] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.138] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe61701d5, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe61701d5, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe61701d5, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe", cAlternateFileName="MICROS~1.1_X")) returned 1 [0149.138] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.138] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.138] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe61701d5, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe61701d5, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe61701d5, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.138] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.138] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.138] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe61701d5, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe61701d5, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe61701d5, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.138] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.138] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.138] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe61701d5, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe61701d5, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe61701d5, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0149.139] GetLastError () returned 0x12 [0149.139] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.139] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe68e376c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe68e376c, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe68e376c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe", cAlternateFileName="MICROS~2.1_X")) returned 1 [0149.139] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.139] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.139] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.VCLibs.120.00_12.0.21005.1_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe68e376c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe68e376c, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe68e376c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.139] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.139] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.139] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe68e376c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe68e376c, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe68e376c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.139] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.139] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.139] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe68e376c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xe68e376c, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe68e376c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0149.139] GetLastError () returned 0x12 [0149.140] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.140] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb13a1d82, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xec440c88, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec440c88, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI72FF~1.0_X")) returned 1 [0149.140] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.140] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.140] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb13a1d82, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xec440c88, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec440c88, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.140] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.140] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.140] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb13a1d82, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xec440c88, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec440c88, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.140] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.140] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.140] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec440c88, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xec440c88, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec440c88, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0149.140] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.140] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.141] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec440c88, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xec440c88, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec440c88, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0149.141] GetLastError () returned 0x12 [0149.141] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.141] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0d397aa, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xec2c34ed, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec2c34ed, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe", cAlternateFileName="MIA7C9~1.0_X")) returned 1 [0149.141] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.141] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.141] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0d397aa, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xec2c34ed, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec2c34ed, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.141] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.141] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.141] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0d397aa, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xec2c34ed, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec2c34ed, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.141] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.141] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.141] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec2c34ed, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xec2c34ed, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec2c34ed, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0149.141] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.141] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.142] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec2c34ed, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xec2c34ed, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xec2c34ed, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x4b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0149.142] GetLastError () returned 0x12 [0149.142] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.142] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe095c50f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc055a1a9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe095c50f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe", cAlternateFileName="MIB6B3~1.0_N")) returned 1 [0149.145] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.146] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.146] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe095c50f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc055a1a9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe095c50f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.147] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.147] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.147] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe095c50f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc055a1a9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe095c50f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.147] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.147] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.147] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe095c50f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xc055a1a9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe095c50f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0149.147] GetLastError () returned 0x12 [0149.147] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.147] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe09a894e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb5aaf36, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xcb5aaf36, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe", cAlternateFileName="MIF132~1.0_X")) returned 1 [0149.147] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.147] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.147] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe09a894e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb5aaf36, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xcb5aaf36, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.150] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.150] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.150] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe09a894e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xcb5aaf36, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xcb5aaf36, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.150] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.150] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.150] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0a67562, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xfd7a94e9, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xe0be4ebe, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0149.150] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.150] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.150] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe0ab3afa, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xe0ab3afa, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xe0ab3afa, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0149.151] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.151] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.151] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe0ab3afa, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xe0ab3afa, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xe0ab3afa, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0149.151] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.151] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.151] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb5aaf36, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xcb5aaf36, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xcb5aaf36, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x1678, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0149.151] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.151] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.151] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb5aaf36, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xcb5aaf36, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0xcb5aaf36, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x1678, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0149.151] GetLastError () returned 0x12 [0149.151] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.152] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ec964f4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x776231fd, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x776231fd, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy", cAlternateFileName="MIFC10~1.0_N")) returned 1 [0149.152] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.152] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.152] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ec964f4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x776231fd, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x776231fd, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.155] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.155] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.155] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9ec964f4, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x776231fd, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x776231fd, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.155] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.155] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.155] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9eda16ee, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x9ef450a8, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x9ef450a8, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0149.155] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.155] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.155] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9ededc4b, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x9ededc4b, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x9ededc4b, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0149.155] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.155] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.156] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9ededc4b, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x9ededc4b, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x9ededc4b, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0149.156] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.156] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.156] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x776231fd, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x776231fd, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x776231fd, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0149.156] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.156] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.156] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x776231fd, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x776231fd, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x776231fd, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0149.156] GetLastError () returned 0x12 [0149.156] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.157] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9f61fb9d, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x797aa353, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x797aa353, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy", cAlternateFileName="MI189A~1.0_N")) returned 1 [0149.157] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.157] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.157] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9f61fb9d, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x797aa353, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x797aa353, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.160] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0149.160] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.160] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9f61fb9d, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x797aa353, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x797aa353, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0149.160] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.160] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.160] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f750ea6, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x9f8a8638, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x9f8a8638, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat", cAlternateFileName="ACTIVA~1.DAT")) returned 1 [0149.160] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.160] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.160] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9f777249, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x9f777249, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x9f777249, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0149.160] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.160] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.160] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9f777249, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x9f777249, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x9f777249, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG2", cAlternateFileName="ACTIVA~2.LOG")) returned 1 [0149.160] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.160] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.160] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x797aa353, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x797aa353, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x797aa353, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0xb20, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 1 [0149.161] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0149.161] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0149.161] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x797aa353, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x797aa353, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x797aa353, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0xb20, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000.pckgdep", cAlternateFileName="S-1-5-~1.PCK")) returned 0 [0149.161] GetLastError () returned 0x12 [0149.161] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.162] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa00da580, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd0700f1a, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xd0700f1a, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy", cAlternateFileName="MI4E4E~1.0_N")) returned 1 [0149.162] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0149.162] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0149.162] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa00da580, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xd0700f1a, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xd0700f1a, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0149.166] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xa03168d6, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xa03168d6, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xa03168d6, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivationStore.dat.LOG1", cAlternateFileName="ACTIVA~1.LOG")) returned 1 [0149.167] GetLastError () returned 0x12 [0149.167] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.168] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa0c9ff75, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xde2cc116, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xde2cc116, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy", cAlternateFileName="MIBE4E~1.0_N")) returned 1 [0149.172] GetLastError () returned 0x12 [0149.172] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.172] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1d2a57c, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xdaf16fdd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xdaf16fdd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy", cAlternateFileName="MICROS~1.150")) returned 1 [0149.173] GetLastError () returned 0x12 [0149.173] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.173] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa386f4f0, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x760154c8, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x760154c8, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy", cAlternateFileName="MI98FA~1.0_N")) returned 1 [0149.305] GetLastError () returned 0x12 [0149.305] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.306] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45660e6, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7563f958, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x7563f958, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy", cAlternateFileName="MIC120~1.0_N")) returned 1 [0149.309] GetLastError () returned 0x12 [0149.309] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.310] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa4f880f2, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x74d289a8, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x74d289a8, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy", cAlternateFileName="MI7DAE~1.0_N")) returned 1 [0149.313] GetLastError () returned 0x12 [0149.313] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.315] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa5852c86, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x74306979, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x74306979, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy", cAlternateFileName="MID492~1.0_N")) returned 1 [0149.318] GetLastError () returned 0x12 [0149.318] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.320] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa64185cf, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7365c142, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x7365c142, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy", cAlternateFileName="MI6FCD~1.0_N")) returned 1 [0149.322] GetLastError () returned 0x12 [0149.322] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.324] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe8ca3fa7, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xecaaa968, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xecaaa968, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe", cAlternateFileName="MI10C6~1.SCA")) returned 1 [0149.324] GetLastError () returned 0x12 [0149.324] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0149.324] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe8c7dd6a, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xecacf438, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xecacf438, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe", cAlternateFileName="MI0911~1.0_X")) returned 1 [0149.327] GetLastError () returned 0x12 [0149.327] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.328] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe8c7dd6a, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0xe8c7dd6a, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xe8c7dd6a, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe", cAlternateFileName="MIC62C~1.0_N")) returned 1 [0149.328] GetLastError () returned 0x12 [0149.328] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0149.328] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6ce32a0, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x729d7d0b, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x729d7d0b, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy", cAlternateFileName="MI3009~1.0_N")) returned 1 [0149.331] GetLastError () returned 0x12 [0149.331] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.332] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7587b30, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x70f9dce6, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x70f9dce6, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.SecondaryTileExperience_10.0.0.0_neutral__cw5n1h2txyewy", cAlternateFileName="MI2456~1.0_N")) returned 1 [0149.335] GetLastError () returned 0x12 [0149.335] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.336] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7db9b26, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x70496e96, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x70496e96, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.Windows.SecureAssessmentBrowser_10.0.15063.0_neutral_neutral_cw5n1h2txyewy", cAlternateFileName="MI829F~1.0_N")) returned 1 [0149.342] GetLastError () returned 0x12 [0149.342] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.344] GetLastError () returned 0x12 [0149.344] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.460] GetLastError () returned 0x12 [0149.461] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.462] GetLastError () returned 0x12 [0149.462] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.463] GetLastError () returned 0x12 [0149.463] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.463] GetLastError () returned 0x12 [0149.463] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.464] GetLastError () returned 0x12 [0149.464] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.465] GetLastError () returned 0x12 [0149.465] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0149.465] GetLastError () returned 0x12 [0149.465] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.468] GetLastError () returned 0x12 [0149.468] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.470] GetLastError () returned 0x12 [0149.470] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.471] GetLastError () returned 0x12 [0149.471] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.569] GetLastError () returned 0x12 [0149.570] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0149.571] GetLastError () returned 0x12 [0149.571] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.572] GetLastError () returned 0x12 [0149.572] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.573] GetLastError () returned 0x12 [0149.573] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.573] GetLastError () returned 0x12 [0149.573] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.577] GetLastError () returned 0x12 [0149.577] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.579] GetLastError () returned 0x12 [0149.579] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.582] GetLastError () returned 0x12 [0149.582] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.582] GetLastError () returned 0x12 [0149.582] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.582] GetLastError () returned 0x12 [0149.582] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.586] GetLastError () returned 0x12 [0149.586] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.591] GetLastError () returned 0x12 [0149.591] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.593] GetLastError () returned 0x12 [0149.593] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0149.696] GetLastError () returned 0x12 [0149.696] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.697] GetLastError () returned 0x12 [0149.697] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.700] GetLastError () returned 0x12 [0149.700] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.702] GetLastError () returned 0x12 [0149.702] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0149.703] GetLastError () returned 0x12 [0149.703] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.706] GetLastError () returned 0x12 [0149.706] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.708] GetLastError () returned 0x12 [0149.708] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.709] GetLastError () returned 0x12 [0149.709] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.710] GetLastError () returned 0x12 [0149.710] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.714] GetLastError () returned 0x12 [0149.714] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.717] GetLastError () returned 0x12 [0149.717] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.720] GetLastError () returned 0x12 [0149.720] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.722] GetLastError () returned 0x12 [0149.722] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.722] GetLastError () returned 0x12 [0149.722] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.725] GetLastError () returned 0x12 [0149.725] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.728] GetLastError () returned 0x12 [0149.728] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.730] GetLastError () returned 0x12 [0149.730] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.731] GetLastError () returned 0x12 [0149.731] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0149.731] GetLastError () returned 0x12 [0149.731] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.733] GetLastError () returned 0x12 [0149.733] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.735] GetLastError () returned 0x12 [0149.735] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.735] GetLastError () returned 0x12 [0149.735] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0149.735] GetLastError () returned 0x12 [0149.735] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.926] GetLastError () returned 0x12 [0149.926] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.928] GetLastError () returned 0x12 [0149.928] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.946] GetLastError () returned 0x12 [0149.946] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.948] GetLastError () returned 0x12 [0149.948] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.948] GetLastError () returned 0x12 [0149.948] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0149.951] GetLastError () returned 0x12 [0149.951] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.952] GetLastError () returned 0x12 [0149.952] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.955] GetLastError () returned 0x12 [0149.955] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.956] GetLastError () returned 0x12 [0149.956] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0149.960] GetLastError () returned 0x12 [0149.960] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0150.092] GetLastError () returned 0x12 [0150.092] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0150.451] GetLastError () returned 0x12 [0150.451] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.452] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="windows.devicesflow_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="windows.devicesflow_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="windows.devicesflow_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="windows.devicesflow_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="windows.devicesflow_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="windows.devicesflow_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.453] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0150.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0150.454] GetLastError () returned 0x12 [0150.454] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0150.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="AppxProvisioning.xml", cchCount2=8) returned 1 [0150.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AppxProvisioning.xml", cchCount2=4) returned 1 [0150.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="AppxProvisioning.xml", cchCount2=8) returned 1 [0150.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AppxProvisioning.xml", cchCount2=4) returned 1 [0150.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="AppxProvisioning.xml", cchCount2=8) returned 1 [0150.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="AppxProvisioning.xml", cchCount2=4) returned 1 [0150.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Caches", cchCount2=4) returned 1 [0150.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Caches", cchCount2=4) returned 1 [0150.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Caches", cchCount2=4) returned 1 [0150.455] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6e238740, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xf60bd162, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xf60bd162, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.457] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.457] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.457] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.457] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.457] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.457] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.458] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.458] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.458] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.458] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.458] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.459] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.459] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.506] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf60bd162, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xf60bd162, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xf60bd162, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x46070, dwReserved0=0x0, dwReserved1=0x0, cFileName="{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000016.db", cAlternateFileName="{6AF06~2.DB")) returned 1 [0150.507] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.507] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.507] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40c77eb7, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0x40c77eb7, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0x40c77eb7, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x418, dwReserved0=0x0, dwReserved1=0x0, cFileName="{7BF8DBD1-8EE0-446A-8D07-1D22E4418D9A}.2.ver0x0000000000000001.db", cAlternateFileName="{7BF8D~1.DB")) returned 1 [0150.507] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.507] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.507] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6070dbf, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xf6070dbf, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xf6070dbf, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x418, dwReserved0=0x0, dwReserved1=0x0, cFileName="{7BF8DBD1-8EE0-446A-8D07-1D22E4418D9A}.2.ver0x0000000000000002.db", cAlternateFileName="{7BF8D~2.DB")) returned 1 [0150.507] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.507] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.507] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb2480d2, ftCreationTime.dwHighDateTime=0x1d327c9, ftLastAccessTime.dwLowDateTime=0xcb2480d2, ftLastAccessTime.dwHighDateTime=0x1d327c9, ftLastWriteTime.dwLowDateTime=0xcb2480d2, ftLastWriteTime.dwHighDateTime=0x1d327c9, nFileSizeHigh=0x0, nFileSizeLow=0x418, dwReserved0=0x0, dwReserved1=0x0, cFileName="{9961E15C-3F61-4FA0-9F93-F635907C374B}.2.ver0x0000000000000001.db", cAlternateFileName="{9961E~1.DB")) returned 1 [0150.507] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.507] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.507] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb1632b4, ftCreationTime.dwHighDateTime=0x1d327c9, ftLastAccessTime.dwLowDateTime=0xcb1632b4, ftLastAccessTime.dwHighDateTime=0x1d327c9, ftLastWriteTime.dwLowDateTime=0xcb1632b4, ftLastWriteTime.dwHighDateTime=0x1d327c9, nFileSizeHigh=0x0, nFileSizeLow=0x4c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{B8C80385-EAD5-4543-9080-86ADA8E81DD5}.2.ver0x0000000000000001.db", cAlternateFileName="{B8C80~1.DB")) returned 1 [0150.508] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.508] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.508] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e2f731c, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6e2f731c, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6e2f731c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x913d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db", cAlternateFileName="{DDF57~1.DB")) returned 1 [0150.508] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.508] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.508] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35698620, ftCreationTime.dwHighDateTime=0x1d32747, ftLastAccessTime.dwLowDateTime=0x35698620, ftLastAccessTime.dwHighDateTime=0x1d32747, ftLastWriteTime.dwLowDateTime=0x35698620, ftLastWriteTime.dwHighDateTime=0x1d32747, nFileSizeHigh=0x0, nFileSizeLow=0x4c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{E14796D4-F769-4AA4-85DC-E9FFE52AEEB4}.2.ver0x0000000000000001.db", cAlternateFileName="{E1479~1.DB")) returned 1 [0150.508] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.508] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.508] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35698620, ftCreationTime.dwHighDateTime=0x1d32747, ftLastAccessTime.dwLowDateTime=0x35698620, ftLastAccessTime.dwHighDateTime=0x1d32747, ftLastWriteTime.dwLowDateTime=0x35698620, ftLastWriteTime.dwHighDateTime=0x1d32747, nFileSizeHigh=0x0, nFileSizeLow=0x4c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{E14796D4-F769-4AA4-85DC-E9FFE52AEEB4}.2.ver0x0000000000000001.db", cAlternateFileName="{E1479~1.DB")) returned 0 [0150.508] GetLastError () returned 0x12 [0150.508] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.509] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x7dc6c35, ftLastAccessTime.dwHighDateTime=0x1d5d806, ftLastWriteTime.dwLowDateTime=0x7dc6c35, ftLastWriteTime.dwHighDateTime=0x1d5d806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ClipSVC", cAlternateFileName="")) returned 1 [0150.509] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.509] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.509] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ClipSVC", cchCount2=4) returned 1 [0150.509] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ClipSVC", cchCount2=4) returned 1 [0150.509] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ClipSVC", cchCount2=4) returned 1 [0150.509] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x7dc6c35, ftLastAccessTime.dwHighDateTime=0x1d5d806, ftLastWriteTime.dwLowDateTime=0x7dc6c35, ftLastWriteTime.dwHighDateTime=0x1d5d806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0150.512] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.512] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.512] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x7dc6c35, ftLastAccessTime.dwHighDateTime=0x1d5d806, ftLastWriteTime.dwLowDateTime=0x7dc6c35, ftLastWriteTime.dwHighDateTime=0x1d5d806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.512] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.512] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.512] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x17cbb4ff, ftLastAccessTime.dwHighDateTime=0x1d2a02b, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Archive", cAlternateFileName="")) returned 1 [0150.512] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.513] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Archive", cchCount2=4) returned 1 [0150.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Archive", cchCount2=4) returned 1 [0150.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Archive", cchCount2=4) returned 1 [0150.513] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x17cbb4ff, ftLastAccessTime.dwHighDateTime=0x1d2a02b, ftLastWriteTime.dwLowDateTime=0x7d7457cd, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.513] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.513] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.513] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x17cbb4ff, ftLastAccessTime.dwHighDateTime=0x1d2a02b, ftLastWriteTime.dwLowDateTime=0x7d7457cd, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.513] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.513] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.513] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7457cd, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x1302615f, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x1302615f, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Apps", cAlternateFileName="")) returned 1 [0150.513] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.513] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Apps", cchCount2=4) returned 1 [0150.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Apps", cchCount2=4) returned 1 [0150.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Apps", cchCount2=4) returned 1 [0150.513] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7457cd, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x1302615f, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x1302615f, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0150.516] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0150.516] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.516] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7457cd, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x1302615f, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x1302615f, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.517] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.517] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.517] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9246834, ftCreationTime.dwHighDateTime=0x1d336d6, ftLastAccessTime.dwLowDateTime=0xd9246834, ftLastAccessTime.dwHighDateTime=0x1d336d6, ftLastWriteTime.dwLowDateTime=0x11f29520, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc76, dwReserved0=0x0, dwReserved1=0x0, cFileName="02305155-8ac1-1189-ff55-b7119a53887c.xml", cAlternateFileName="023051~1.XML")) returned 1 [0150.517] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.517] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.517] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="02305155-8ac1-1189-ff55-b7119a53887c.xml", cchCount2=8) returned 1 [0150.517] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="02305155-8ac1-1189-ff55-b7119a53887c.xml", cchCount2=4) returned 1 [0150.517] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="02305155-8ac1-1189-ff55-b7119a53887c.xml", cchCount2=8) returned 1 [0150.517] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="02305155-8ac1-1189-ff55-b7119a53887c.xml", cchCount2=4) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="02305155-8ac1-1189-ff55-b7119a53887c.xml", cchCount2=8) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="02305155-8ac1-1189-ff55-b7119a53887c.xml", cchCount2=4) returned 1 [0150.518] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb8bd085, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xfb8bd085, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xfb8bd085, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc97, dwReserved0=0x0, dwReserved1=0x0, cFileName="03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cAlternateFileName="03F897~1.XML")) returned 1 [0150.518] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.518] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0150.518] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcdc841a, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0xcdc841a, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0xcdc841a, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc81, dwReserved0=0x0, dwReserved1=0x0, cFileName="0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cAlternateFileName="0890AD~1.XML")) returned 1 [0150.518] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.518] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0150.518] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f2c2ce9, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6f2c2ce9, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xe4e92946, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xaea, dwReserved0=0x0, dwReserved1=0x0, cFileName="08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cAlternateFileName="08961E~1.XML")) returned 1 [0150.518] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.518] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.518] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0150.519] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e6060f7, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e6060f7, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xe698b3f0, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa46, dwReserved0=0x0, dwReserved1=0x0, cFileName="0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cAlternateFileName="0A8C14~1.XML")) returned 1 [0150.519] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.519] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0150.519] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7956cf0, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xe7956cf0, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xe7956cf0, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xad9, dwReserved0=0x0, dwReserved1=0x0, cFileName="0cb4ef12-226b-0a51-6930-2dbfb63f3e7d.xml", cAlternateFileName="0CB4EF~1.XML")) returned 1 [0150.519] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.519] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0cb4ef12-226b-0a51-6930-2dbfb63f3e7d.xml", cchCount2=8) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0cb4ef12-226b-0a51-6930-2dbfb63f3e7d.xml", cchCount2=4) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0cb4ef12-226b-0a51-6930-2dbfb63f3e7d.xml", cchCount2=8) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0cb4ef12-226b-0a51-6930-2dbfb63f3e7d.xml", cchCount2=4) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="0cb4ef12-226b-0a51-6930-2dbfb63f3e7d.xml", cchCount2=8) returned 1 [0150.519] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="0cb4ef12-226b-0a51-6930-2dbfb63f3e7d.xml", cchCount2=4) returned 1 [0150.519] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4548ff6, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0x4548ff6, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x4548ff6, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="13ba8772-845b-29a1-ae9e-fb2793ccf4ea.xml", cAlternateFileName="13BA87~1.XML")) returned 1 [0150.519] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.520] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="13ba8772-845b-29a1-ae9e-fb2793ccf4ea.xml", cchCount2=8) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="13ba8772-845b-29a1-ae9e-fb2793ccf4ea.xml", cchCount2=4) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="13ba8772-845b-29a1-ae9e-fb2793ccf4ea.xml", cchCount2=8) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="13ba8772-845b-29a1-ae9e-fb2793ccf4ea.xml", cchCount2=4) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="13ba8772-845b-29a1-ae9e-fb2793ccf4ea.xml", cchCount2=8) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="13ba8772-845b-29a1-ae9e-fb2793ccf4ea.xml", cchCount2=4) returned 1 [0150.520] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea7cb078, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xea7cb078, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xea7cb078, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xdd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cAlternateFileName="1659A2~1.XML")) returned 1 [0150.520] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.520] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0150.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0150.520] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec7331f5, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xec7331f5, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xec759452, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc76, dwReserved0=0x0, dwReserved1=0x0, cFileName="1dae14df-4c42-28af-691e-10cc07a990b4.xml", cAlternateFileName="1DAE14~1.XML")) returned 1 [0150.520] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.520] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0150.521] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e20015d, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e20015d, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xe8863ab4, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cAlternateFileName="1E2259~1.XML")) returned 1 [0150.521] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.521] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0150.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0150.521] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dedefe5, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7dedefe5, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xe98259ba, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xade, dwReserved0=0x0, dwReserved1=0x0, cFileName="215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cAlternateFileName="215F97~1.XML")) returned 1 [0150.521] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.573] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.573] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0150.574] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8863ab4, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xe8863ab4, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xe8863ab4, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="2657f7c0-8294-58c3-f394-15fe18ba174a.xml", cAlternateFileName="2657F7~1.XML")) returned 1 [0150.574] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.574] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="2657f7c0-8294-58c3-f394-15fe18ba174a.xml", cchCount2=8) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="2657f7c0-8294-58c3-f394-15fe18ba174a.xml", cchCount2=4) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="2657f7c0-8294-58c3-f394-15fe18ba174a.xml", cchCount2=8) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="2657f7c0-8294-58c3-f394-15fe18ba174a.xml", cchCount2=4) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="2657f7c0-8294-58c3-f394-15fe18ba174a.xml", cchCount2=8) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="2657f7c0-8294-58c3-f394-15fe18ba174a.xml", cchCount2=4) returned 1 [0150.574] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf91532c3, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xf91532c3, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xf91532c3, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc77, dwReserved0=0x0, dwReserved1=0x0, cFileName="26943e1f-42ed-f190-2895-3bc2b8c4176d.xml", cAlternateFileName="26943E~1.XML")) returned 1 [0150.574] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.574] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="26943e1f-42ed-f190-2895-3bc2b8c4176d.xml", cchCount2=8) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="26943e1f-42ed-f190-2895-3bc2b8c4176d.xml", cchCount2=4) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="26943e1f-42ed-f190-2895-3bc2b8c4176d.xml", cchCount2=8) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="26943e1f-42ed-f190-2895-3bc2b8c4176d.xml", cchCount2=4) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="26943e1f-42ed-f190-2895-3bc2b8c4176d.xml", cchCount2=8) returned 1 [0150.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="26943e1f-42ed-f190-2895-3bc2b8c4176d.xml", cchCount2=4) returned 1 [0150.575] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd7eb90, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0xfd7eb90, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0xfd7eb90, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xddd, dwReserved0=0x0, dwReserved1=0x0, cFileName="280b97f1-1f94-1458-c842-d18e2d1e05f9.xml", cAlternateFileName="280B97~1.XML")) returned 1 [0150.575] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.575] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="280b97f1-1f94-1458-c842-d18e2d1e05f9.xml", cchCount2=8) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="280b97f1-1f94-1458-c842-d18e2d1e05f9.xml", cchCount2=4) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="280b97f1-1f94-1458-c842-d18e2d1e05f9.xml", cchCount2=8) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="280b97f1-1f94-1458-c842-d18e2d1e05f9.xml", cchCount2=4) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="280b97f1-1f94-1458-c842-d18e2d1e05f9.xml", cchCount2=8) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="280b97f1-1f94-1458-c842-d18e2d1e05f9.xml", cchCount2=4) returned 1 [0150.575] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ddd3f7c, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7ddd3f7c, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xea7cb078, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xae5, dwReserved0=0x0, dwReserved1=0x0, cFileName="28502d06-9d29-8514-1e5d-64447116d798.xml", cAlternateFileName="28502D~1.XML")) returned 1 [0150.575] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.575] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="28502d06-9d29-8514-1e5d-64447116d798.xml", cchCount2=8) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="28502d06-9d29-8514-1e5d-64447116d798.xml", cchCount2=4) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="28502d06-9d29-8514-1e5d-64447116d798.xml", cchCount2=8) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="28502d06-9d29-8514-1e5d-64447116d798.xml", cchCount2=4) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="28502d06-9d29-8514-1e5d-64447116d798.xml", cchCount2=8) returned 1 [0150.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="28502d06-9d29-8514-1e5d-64447116d798.xml", cchCount2=4) returned 1 [0150.575] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dcef153, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7dcef153, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xeb796a75, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="28748306-9f02-a5d7-6ded-4459fddadc31.xml", cAlternateFileName="287483~1.XML")) returned 1 [0150.575] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.575] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="28748306-9f02-a5d7-6ded-4459fddadc31.xml", cchCount2=8) returned 1 [0150.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="28748306-9f02-a5d7-6ded-4459fddadc31.xml", cchCount2=4) returned 1 [0150.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="28748306-9f02-a5d7-6ded-4459fddadc31.xml", cchCount2=8) returned 1 [0150.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="28748306-9f02-a5d7-6ded-4459fddadc31.xml", cchCount2=4) returned 1 [0150.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="28748306-9f02-a5d7-6ded-4459fddadc31.xml", cchCount2=8) returned 1 [0150.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="28748306-9f02-a5d7-6ded-4459fddadc31.xml", cchCount2=4) returned 1 [0150.576] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d7457cd, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7d7457cd, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xec759452, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa45, dwReserved0=0x0, dwReserved1=0x0, cFileName="2a3adcd0-4ddc-f3d2-6bcb-f11f9cbc1e2c.xml", cAlternateFileName="2A3ADC~1.XML")) returned 1 [0150.576] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.576] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="2a3adcd0-4ddc-f3d2-6bcb-f11f9cbc1e2c.xml", cchCount2=8) returned 1 [0150.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="2a3adcd0-4ddc-f3d2-6bcb-f11f9cbc1e2c.xml", cchCount2=4) returned 1 [0150.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="2a3adcd0-4ddc-f3d2-6bcb-f11f9cbc1e2c.xml", cchCount2=8) returned 1 [0150.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="2a3adcd0-4ddc-f3d2-6bcb-f11f9cbc1e2c.xml", cchCount2=4) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="2a3adcd0-4ddc-f3d2-6bcb-f11f9cbc1e2c.xml", cchCount2=8) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="2a3adcd0-4ddc-f3d2-6bcb-f11f9cbc1e2c.xml", cchCount2=4) returned 1 [0150.577] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee1b4b95, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xee1b4b95, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xee1b4b95, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa47, dwReserved0=0x0, dwReserved1=0x0, cFileName="2cb4947b-9a24-70fc-387f-98cfa7cd7461.xml", cAlternateFileName="2CB494~1.XML")) returned 1 [0150.577] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.577] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="2cb4947b-9a24-70fc-387f-98cfa7cd7461.xml", cchCount2=8) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="2cb4947b-9a24-70fc-387f-98cfa7cd7461.xml", cchCount2=4) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="2cb4947b-9a24-70fc-387f-98cfa7cd7461.xml", cchCount2=8) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="2cb4947b-9a24-70fc-387f-98cfa7cd7461.xml", cchCount2=4) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="2cb4947b-9a24-70fc-387f-98cfa7cd7461.xml", cchCount2=8) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="2cb4947b-9a24-70fc-387f-98cfa7cd7461.xml", cchCount2=4) returned 1 [0150.577] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23d0cfd, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0x23d0cfd, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x23d0cfd, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xdb6, dwReserved0=0x0, dwReserved1=0x0, cFileName="38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml", cAlternateFileName="38AE35~1.XML")) returned 1 [0150.577] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.577] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml", cchCount2=8) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml", cchCount2=4) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml", cchCount2=8) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml", cchCount2=4) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml", cchCount2=8) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="38ae356e-4b11-78bd-6f1e-d1fbd81b826a.xml", cchCount2=4) returned 1 [0150.577] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcb5d6de, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xfcb5d6de, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xfcb5d6de, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xca8, dwReserved0=0x0, dwReserved1=0x0, cFileName="3bef1b80-1939-62a0-48e8-4b25b157e940.xml", cAlternateFileName="3BEF1B~1.XML")) returned 1 [0150.577] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.577] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3bef1b80-1939-62a0-48e8-4b25b157e940.xml", cchCount2=8) returned 1 [0150.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3bef1b80-1939-62a0-48e8-4b25b157e940.xml", cchCount2=4) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3bef1b80-1939-62a0-48e8-4b25b157e940.xml", cchCount2=8) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3bef1b80-1939-62a0-48e8-4b25b157e940.xml", cchCount2=4) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3bef1b80-1939-62a0-48e8-4b25b157e940.xml", cchCount2=8) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3bef1b80-1939-62a0-48e8-4b25b157e940.xml", cchCount2=4) returned 1 [0150.578] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10e9efd0, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0x10e9efd0, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x10e9efd0, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc8c, dwReserved0=0x0, dwReserved1=0x0, cFileName="3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml", cAlternateFileName="3C8C7E~1.XML")) returned 1 [0150.578] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.578] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml", cchCount2=8) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml", cchCount2=4) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml", cchCount2=8) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml", cchCount2=4) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml", cchCount2=8) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml", cchCount2=4) returned 1 [0150.578] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee1688d1, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xee1688d1, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xee1688d1, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc76, dwReserved0=0x0, dwReserved1=0x0, cFileName="3d4098b6-679e-0d7e-f478-ee96ebcb42ff.xml", cAlternateFileName="3D4098~1.XML")) returned 1 [0150.578] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.578] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3d4098b6-679e-0d7e-f478-ee96ebcb42ff.xml", cchCount2=8) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3d4098b6-679e-0d7e-f478-ee96ebcb42ff.xml", cchCount2=4) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3d4098b6-679e-0d7e-f478-ee96ebcb42ff.xml", cchCount2=8) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3d4098b6-679e-0d7e-f478-ee96ebcb42ff.xml", cchCount2=4) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3d4098b6-679e-0d7e-f478-ee96ebcb42ff.xml", cchCount2=8) returned 1 [0150.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3d4098b6-679e-0d7e-f478-ee96ebcb42ff.xml", cchCount2=4) returned 1 [0150.578] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f73b48e, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6f73b48e, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6f8201b4, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0xfc7, dwReserved0=0x0, dwReserved1=0x0, cFileName="3e260c8e-54e8-d0b9-02ab-2d0faa9743f8.xml", cAlternateFileName="3E260C~1.XML")) returned 1 [0150.582] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.582] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3e260c8e-54e8-d0b9-02ab-2d0faa9743f8.xml", cchCount2=8) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3e260c8e-54e8-d0b9-02ab-2d0faa9743f8.xml", cchCount2=4) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3e260c8e-54e8-d0b9-02ab-2d0faa9743f8.xml", cchCount2=8) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3e260c8e-54e8-d0b9-02ab-2d0faa9743f8.xml", cchCount2=4) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3e260c8e-54e8-d0b9-02ab-2d0faa9743f8.xml", cchCount2=8) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3e260c8e-54e8-d0b9-02ab-2d0faa9743f8.xml", cchCount2=4) returned 1 [0150.582] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf116af2a, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xf116af2a, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xf116af2a, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc98, dwReserved0=0x0, dwReserved1=0x0, cFileName="3ebdb897-991b-934f-ee13-2ca21ed81938.xml", cAlternateFileName="3EBDB8~1.XML")) returned 1 [0150.582] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.582] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3ebdb897-991b-934f-ee13-2ca21ed81938.xml", cchCount2=8) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3ebdb897-991b-934f-ee13-2ca21ed81938.xml", cchCount2=4) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3ebdb897-991b-934f-ee13-2ca21ed81938.xml", cchCount2=8) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3ebdb897-991b-934f-ee13-2ca21ed81938.xml", cchCount2=4) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="3ebdb897-991b-934f-ee13-2ca21ed81938.xml", cchCount2=8) returned 1 [0150.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="3ebdb897-991b-934f-ee13-2ca21ed81938.xml", cchCount2=4) returned 1 [0150.582] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe97ff772, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xe97ff772, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xe97ff772, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc87, dwReserved0=0x0, dwReserved1=0x0, cFileName="41a63518-8ec4-f58c-c5ed-313ea0fb2820.xml", cAlternateFileName="41A635~1.XML")) returned 1 [0150.582] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.582] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="41a63518-8ec4-f58c-c5ed-313ea0fb2820.xml", cchCount2=8) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="41a63518-8ec4-f58c-c5ed-313ea0fb2820.xml", cchCount2=4) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="41a63518-8ec4-f58c-c5ed-313ea0fb2820.xml", cchCount2=8) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="41a63518-8ec4-f58c-c5ed-313ea0fb2820.xml", cchCount2=4) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="41a63518-8ec4-f58c-c5ed-313ea0fb2820.xml", cchCount2=8) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="41a63518-8ec4-f58c-c5ed-313ea0fb2820.xml", cchCount2=4) returned 1 [0150.583] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56b836c, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0x56b836c, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x56b836c, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xdb6, dwReserved0=0x0, dwReserved1=0x0, cFileName="46a9b648-161a-6393-bdaf-a6ccb77a570d.xml", cAlternateFileName="46A9B6~1.XML")) returned 1 [0150.583] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.583] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="46a9b648-161a-6393-bdaf-a6ccb77a570d.xml", cchCount2=8) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="46a9b648-161a-6393-bdaf-a6ccb77a570d.xml", cchCount2=4) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="46a9b648-161a-6393-bdaf-a6ccb77a570d.xml", cchCount2=8) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="46a9b648-161a-6393-bdaf-a6ccb77a570d.xml", cchCount2=4) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="46a9b648-161a-6393-bdaf-a6ccb77a570d.xml", cchCount2=8) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="46a9b648-161a-6393-bdaf-a6ccb77a570d.xml", cchCount2=4) returned 1 [0150.583] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf014be5b, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xf014be5b, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xf014be5b, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa47, dwReserved0=0x0, dwReserved1=0x0, cFileName="4ad5b311-485b-15cc-97e9-9adb84427d7b.xml", cAlternateFileName="4AD5B3~1.XML")) returned 1 [0150.583] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.583] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="4ad5b311-485b-15cc-97e9-9adb84427d7b.xml", cchCount2=8) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="4ad5b311-485b-15cc-97e9-9adb84427d7b.xml", cchCount2=4) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="4ad5b311-485b-15cc-97e9-9adb84427d7b.xml", cchCount2=8) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="4ad5b311-485b-15cc-97e9-9adb84427d7b.xml", cchCount2=4) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="4ad5b311-485b-15cc-97e9-9adb84427d7b.xml", cchCount2=8) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="4ad5b311-485b-15cc-97e9-9adb84427d7b.xml", cchCount2=4) returned 1 [0150.583] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed5f72a, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0xed5f72a, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0xed5f72a, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc81, dwReserved0=0x0, dwReserved1=0x0, cFileName="4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml", cAlternateFileName="4C4ECB~1.XML")) returned 1 [0150.583] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.583] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml", cchCount2=8) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml", cchCount2=4) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml", cchCount2=8) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml", cchCount2=4) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml", cchCount2=8) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml", cchCount2=4) returned 1 [0150.584] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d7de131, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7d7de131, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xf17ba2b8, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa68, dwReserved0=0x0, dwReserved1=0x0, cFileName="517cfcaf-138b-1796-2cea-62892204250a.xml", cAlternateFileName="517CFC~1.XML")) returned 1 [0150.584] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.584] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="517cfcaf-138b-1796-2cea-62892204250a.xml", cchCount2=8) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="517cfcaf-138b-1796-2cea-62892204250a.xml", cchCount2=4) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="517cfcaf-138b-1796-2cea-62892204250a.xml", cchCount2=8) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="517cfcaf-138b-1796-2cea-62892204250a.xml", cchCount2=4) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="517cfcaf-138b-1796-2cea-62892204250a.xml", cchCount2=8) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="517cfcaf-138b-1796-2cea-62892204250a.xml", cchCount2=4) returned 1 [0150.584] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf286a9f1, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xf286a9f1, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xf286a9f1, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa41, dwReserved0=0x0, dwReserved1=0x0, cFileName="5390be10-79b5-dc50-bb32-91842c76e607.xml", cAlternateFileName="5390BE~1.XML")) returned 1 [0150.584] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.584] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="5390be10-79b5-dc50-bb32-91842c76e607.xml", cchCount2=8) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="5390be10-79b5-dc50-bb32-91842c76e607.xml", cchCount2=4) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="5390be10-79b5-dc50-bb32-91842c76e607.xml", cchCount2=8) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="5390be10-79b5-dc50-bb32-91842c76e607.xml", cchCount2=4) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="5390be10-79b5-dc50-bb32-91842c76e607.xml", cchCount2=8) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="5390be10-79b5-dc50-bb32-91842c76e607.xml", cchCount2=4) returned 1 [0150.584] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf385c53a, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xf385c53a, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xf385c53a, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="54a30ac2-1ccf-60a8-6672-380af6008f3d.xml", cAlternateFileName="54A30A~1.XML")) returned 1 [0150.584] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.584] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="54a30ac2-1ccf-60a8-6672-380af6008f3d.xml", cchCount2=8) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="54a30ac2-1ccf-60a8-6672-380af6008f3d.xml", cchCount2=4) returned 1 [0150.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="54a30ac2-1ccf-60a8-6672-380af6008f3d.xml", cchCount2=8) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="54a30ac2-1ccf-60a8-6672-380af6008f3d.xml", cchCount2=4) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="54a30ac2-1ccf-60a8-6672-380af6008f3d.xml", cchCount2=8) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="54a30ac2-1ccf-60a8-6672-380af6008f3d.xml", cchCount2=4) returned 1 [0150.585] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf388279b, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xf388279b, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xf388279b, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="59e31519-5400-7696-2a00-b5fca5ba8904.xml", cAlternateFileName="59E315~1.XML")) returned 1 [0150.585] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.585] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="59e31519-5400-7696-2a00-b5fca5ba8904.xml", cchCount2=8) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="59e31519-5400-7696-2a00-b5fca5ba8904.xml", cchCount2=4) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="59e31519-5400-7696-2a00-b5fca5ba8904.xml", cchCount2=8) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="59e31519-5400-7696-2a00-b5fca5ba8904.xml", cchCount2=4) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="59e31519-5400-7696-2a00-b5fca5ba8904.xml", cchCount2=8) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="59e31519-5400-7696-2a00-b5fca5ba8904.xml", cchCount2=4) returned 1 [0150.585] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d8c2f73, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7d8c2f73, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xf4afcc60, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa46, dwReserved0=0x0, dwReserved1=0x0, cFileName="5b0a39aa-16e0-a938-f694-656664c7be15.xml", cAlternateFileName="5B0A39~1.XML")) returned 1 [0150.585] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.585] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="5b0a39aa-16e0-a938-f694-656664c7be15.xml", cchCount2=8) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="5b0a39aa-16e0-a938-f694-656664c7be15.xml", cchCount2=4) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="5b0a39aa-16e0-a938-f694-656664c7be15.xml", cchCount2=8) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="5b0a39aa-16e0-a938-f694-656664c7be15.xml", cchCount2=4) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="5b0a39aa-16e0-a938-f694-656664c7be15.xml", cchCount2=8) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="5b0a39aa-16e0-a938-f694-656664c7be15.xml", cchCount2=4) returned 1 [0150.585] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdd7b5b8, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xfdd7b5b8, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xfdd7b5b8, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc97, dwReserved0=0x0, dwReserved1=0x0, cFileName="5dd8bcf1-73af-cff8-d142-0ca7feade752.xml", cAlternateFileName="5DD8BC~1.XML")) returned 1 [0150.585] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.585] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="5dd8bcf1-73af-cff8-d142-0ca7feade752.xml", cchCount2=8) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="5dd8bcf1-73af-cff8-d142-0ca7feade752.xml", cchCount2=4) returned 1 [0150.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="5dd8bcf1-73af-cff8-d142-0ca7feade752.xml", cchCount2=8) returned 1 [0150.586] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7930a89, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xe7930a89, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xe7930a89, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xdcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cAlternateFileName="5F3C89~1.XML")) returned 1 [0150.586] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.586] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.586] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf49f1b92, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xf49f1b92, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xf49f1b92, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc76, dwReserved0=0x0, dwReserved1=0x0, cFileName="600364a7-e11c-efda-2c12-eac40e75f19a.xml", cAlternateFileName="600364~1.XML")) returned 1 [0150.586] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.586] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.586] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5cb83c7, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xf5cb83c7, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xf5cb83c7, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc82, dwReserved0=0x0, dwReserved1=0x0, cFileName="61b5bd89-4cb0-db77-6622-cb63b5a58080.xml", cAlternateFileName="61B5BD~1.XML")) returned 1 [0150.586] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.586] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.586] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffedc521, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xffedc521, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xffedc521, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc97, dwReserved0=0x0, dwReserved1=0x0, cFileName="630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml", cAlternateFileName="630A70~1.XML")) returned 1 [0150.586] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.586] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.586] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df516f3, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7df516f3, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xf5cb83c7, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa52, dwReserved0=0x0, dwReserved1=0x0, cFileName="67447b0c-05cf-6740-5f7b-391ab440c42d.xml", cAlternateFileName="67447B~1.XML")) returned 1 [0150.586] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.586] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.586] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e0cee88, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e0cee88, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xf7e4055d, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml", cAlternateFileName="71C8F3~1.XML")) returned 1 [0150.586] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.586] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.587] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac64cd3, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0xac64cd3, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0xac64cd3, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="71ef3df1-f4b1-69cd-793a-48e165e282aa.xml", cAlternateFileName="71EF3D~1.XML")) returned 1 [0150.587] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.587] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.587] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d850833, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7d850833, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xf917951d, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa47, dwReserved0=0x0, dwReserved1=0x0, cFileName="7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml", cAlternateFileName="730908~1.XML")) returned 1 [0150.587] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.587] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.587] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1302615f, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0x1302615f, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x1302615f, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cAlternateFileName="7646FA~1.XML")) returned 1 [0150.587] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.587] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.587] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e1677f3, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e1677f3, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xfb8e32db, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa64, dwReserved0=0x0, dwReserved1=0x0, cFileName="8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cAlternateFileName="829268~1.XML")) returned 1 [0150.587] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.587] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.587] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e4fb076, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e4fb076, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xfcdbfc63, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xb00, dwReserved0=0x0, dwReserved1=0x0, cFileName="865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cAlternateFileName="865E8F~1.XML")) returned 1 [0150.587] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.587] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.587] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dc0a322, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7dc0a322, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xfdda1820, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xadf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cAlternateFileName="8CE3D3~1.XML")) returned 1 [0150.596] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.596] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.596] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7db254f9, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7db254f9, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xfeec46de, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa6d, dwReserved0=0x0, dwReserved1=0x0, cFileName="8d56e57b-8663-136d-ff69-a004e217825a.xml", cAlternateFileName="8D56E5~1.XML")) returned 1 [0150.596] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.596] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.597] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d9cdfc2, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7d9cdfc2, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xfff0277e, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xa67, dwReserved0=0x0, dwReserved1=0x0, cFileName="8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cAlternateFileName="8E383E~1.XML")) returned 1 [0150.597] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.597] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.597] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66a9f5f, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0x66a9f5f, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x66a9f5f, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc81, dwReserved0=0x0, dwReserved1=0x0, cFileName="91edce6b-d93b-f186-c4e2-d38502cc520e.xml", cAlternateFileName="91EDCE~1.XML")) returned 1 [0150.597] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.597] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.597] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb24dd5d, ftCreationTime.dwHighDateTime=0x1d336d6, ftLastAccessTime.dwLowDateTime=0xdb24dd5d, ftLastAccessTime.dwHighDateTime=0x1d336d6, ftLastWriteTime.dwLowDateTime=0xdb24dd5d, ftLastWriteTime.dwHighDateTime=0x1d336d6, nFileSizeHigh=0x0, nFileSizeLow=0xcc9, dwReserved0=0x0, dwReserved1=0x0, cFileName="92c2558b-5247-7fec-0ec0-79f2583ab410.xml", cAlternateFileName="92C255~1.XML")) returned 1 [0150.597] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.597] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.597] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7da406e3, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7da406e3, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x1071af7, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xb0f, dwReserved0=0x0, dwReserved1=0x0, cFileName="9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml", cAlternateFileName="9D3AD2~1.XML")) returned 1 [0150.597] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.597] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.597] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104b893, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0x104b893, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x104b893, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xcc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="a1bac04c-582b-d37d-069c-13f17a799e18.xml", cAlternateFileName="A1BAC0~1.XML")) returned 1 [0150.597] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.597] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.598] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7db97c1a, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7db97c1a, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x23f6f61, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xac2, dwReserved0=0x0, dwReserved1=0x0, cFileName="a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml", cAlternateFileName="A1E5B1~1.XML")) returned 1 [0150.598] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.598] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.598] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7e4055d, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xf7e4055d, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xf7e4055d, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xcae, dwReserved0=0x0, dwReserved1=0x0, cFileName="a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml", cAlternateFileName="A7E08B~1.XML")) returned 1 [0150.598] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.598] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.598] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf284473b, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xf284473b, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xf284473b, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc71, dwReserved0=0x0, dwReserved1=0x0, cFileName="aa4e72b1-ad78-3f2c-e8ff-4733b8cdd4ac.xml", cAlternateFileName="AA4E72~1.XML")) returned 1 [0150.598] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.598] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.598] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e272861, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e272861, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x355740d, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ac116a72-b6b1-d558-23f6-10796e634d41.xml", cAlternateFileName="AC116A~1.XML")) returned 1 [0150.598] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.598] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.598] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e37d943, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e37d943, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x456f261, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml", cAlternateFileName="B34B19~1.XML")) returned 1 [0150.598] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.598] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.599] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de4668d, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7de4668d, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x56b836c, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xac2, dwReserved0=0x0, dwReserved1=0x0, cFileName="b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml", cAlternateFileName="B81D7E~1.XML")) returned 1 [0150.599] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.599] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.599] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66a9f5f, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0x66a9f5f, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x66a9f5f, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa51, dwReserved0=0x0, dwReserved1=0x0, cFileName="babc0ea4-dabb-04f7-1017-a11af9b29344.xml", cAlternateFileName="BABC0E~1.XML")) returned 1 [0150.599] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.599] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.599] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbca2d62, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0xbca2d62, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0xbca2d62, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xdd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", cAlternateFileName="BBC7A1~1.XML")) returned 1 [0150.599] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.599] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.599] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dd6185e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7dd6185e, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x78b1c3c, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa41, dwReserved0=0x0, dwReserved1=0x0, cFileName="bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cAlternateFileName="BBFBE8~1.XML")) returned 1 [0150.599] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.599] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.599] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dfea066, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7dfea066, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x893c171, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa62, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cAlternateFileName="BCDA97~1.XML")) returned 1 [0150.600] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.600] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.600] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb373f2, ftCreationTime.dwHighDateTime=0x1d327cd, ftLastAccessTime.dwLowDateTime=0xfb373f2, ftLastAccessTime.dwHighDateTime=0x1d327cd, ftLastWriteTime.dwLowDateTime=0xfb373f2, ftLastWriteTime.dwHighDateTime=0x1d327cd, nFileSizeHigh=0x0, nFileSizeLow=0x1aa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cAlternateFileName="BE7366~1.XML")) returned 1 [0150.600] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.600] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.600] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e488974, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e488974, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xac8af30, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cAlternateFileName="C3D42A~1.XML")) returned 1 [0150.600] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.600] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.600] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x893c171, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0x893c171, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x893c171, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc91, dwReserved0=0x0, dwReserved1=0x0, cFileName="c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cAlternateFileName="C94A6C~1.XML")) returned 1 [0150.600] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.600] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.600] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x355740d, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0x355740d, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x355740d, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cAlternateFileName="CA947D~1.XML")) returned 1 [0150.600] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.600] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.600] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfee9e48b, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xfee9e48b, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xfee9e48b, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cAlternateFileName="CB6929~1.XML")) returned 1 [0150.601] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.601] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.601] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb770a25, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xeb770a25, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xeb770a25, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cAlternateFileName="D1ECFC~1.XML")) returned 1 [0150.601] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.601] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.601] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde2c70d, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0xde2c70d, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0xde2c70d, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cAlternateFileName="D445D1~1.XML")) returned 1 [0150.603] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.603] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.603] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7dc7ca36, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7dc7ca36, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xbcc9055, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xace, dwReserved0=0x0, dwReserved1=0x0, cFileName="d508ba05-d8aa-2836-484d-3833d22fe185.xml", cAlternateFileName="D508BA~1.XML")) returned 1 [0150.603] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.603] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.603] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0125c0b, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xf0125c0b, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xf0125c0b, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc77, dwReserved0=0x0, dwReserved1=0x0, cFileName="dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cAlternateFileName="DC5BC5~1.XML")) returned 1 [0150.603] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.603] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.603] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e05c76e, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e05c76e, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xcdee677, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa52, dwReserved0=0x0, dwReserved1=0x0, cFileName="e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml", cAlternateFileName="E2A686~1.XML")) returned 1 [0150.604] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.604] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.604] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda8eb3d8, ftCreationTime.dwHighDateTime=0x1d336d6, ftLastAccessTime.dwLowDateTime=0xda8eb3d8, ftLastAccessTime.dwHighDateTime=0x1d336d6, ftLastWriteTime.dwLowDateTime=0xe69651bc, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc76, dwReserved0=0x0, dwReserved1=0x0, cFileName="e335baf1-18ab-73fe-e089-3fa0a6e71a35.xml", cAlternateFileName="E335BA~1.XML")) returned 1 [0150.604] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.604] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.604] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde52960, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0xde52960, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0xde52960, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xad4, dwReserved0=0x0, dwReserved1=0x0, cFileName="e603fcd0-9cde-3f41-875c-5cc396d927ce.xml", cAlternateFileName="E603FC~1.XML")) returned 1 [0150.604] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.604] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.604] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e30b1b9, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e30b1b9, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xed5f72a, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa51, dwReserved0=0x0, dwReserved1=0x0, cFileName="e64ffef1-e246-b632-595b-56076a3fa776.xml", cAlternateFileName="E64FFE~1.XML")) returned 1 [0150.604] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.604] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.604] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d95b8ca, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7d95b8ca, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xfda4de9, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xaea, dwReserved0=0x0, dwReserved1=0x0, cFileName="e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml", cAlternateFileName="E8AC93~1.XML")) returned 1 [0150.604] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.604] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.604] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e3efff1, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e3efff1, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x10ec523b, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="e8fff2df-6041-8f21-3df7-db31661aa09b.xml", cAlternateFileName="E8FFF2~1.XML")) returned 1 [0150.605] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.605] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.605] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78192ce, ftCreationTime.dwHighDateTime=0x1d38c44, ftLastAccessTime.dwLowDateTime=0x78192ce, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x78192ce, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xc71, dwReserved0=0x0, dwReserved1=0x0, cFileName="ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml", cAlternateFileName="ECBC26~1.XML")) returned 1 [0150.605] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.605] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.605] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e5939ec, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7e5939ec, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x11f4f803, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa46, dwReserved0=0x0, dwReserved1=0x0, cFileName="eee47229-947d-2ac7-e8a3-49bafee251d1.xml", cAlternateFileName="EEE472~1.XML")) returned 1 [0150.605] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.605] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.605] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4e92946, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xe4e92946, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xe4e92946, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0xc92, dwReserved0=0x0, dwReserved1=0x0, cFileName="f428c4e6-787a-08fa-4d5a-e12a3034aa02.xml", cAlternateFileName="F428C4~1.XML")) returned 1 [0150.605] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.605] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.605] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d7b7edb, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7d7b7edb, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x1304c3c7, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="fc93b452-8a84-dede-3b7a-0fc9413c4592.xml", cAlternateFileName="FC93B4~1.XML")) returned 1 [0150.605] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.605] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.606] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d7b7edb, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x7d7b7edb, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x1304c3c7, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0xa4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="fc93b452-8a84-dede-3b7a-0fc9413c4592.xml", cAlternateFileName="FC93B4~1.XML")) returned 0 [0150.606] GetLastError () returned 0x12 [0150.606] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0150.607] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7d7457cd, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x1302615f, ftLastAccessTime.dwHighDateTime=0x1d38c44, ftLastWriteTime.dwLowDateTime=0x1302615f, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Apps", cAlternateFileName="")) returned 0 [0150.607] GetLastError () returned 0x12 [0150.607] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.607] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2032263, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GenuineTicket", cAlternateFileName="GENUIN~1")) returned 1 [0150.608] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.608] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.608] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\GenuineTicket\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2032263, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0150.608] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.608] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.608] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2032263, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.608] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.608] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.608] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2032263, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.608] GetLastError () returned 0x12 [0150.608] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.609] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6f6ef001, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Import", cAlternateFileName="")) returned 1 [0150.609] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.609] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.609] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Import\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6f6ef001, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0150.647] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.647] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.647] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6f6ef001, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.647] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.647] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.648] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InApp", cAlternateFileName="")) returned 1 [0150.648] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.648] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.648] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Import\\InApp\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d768 [0150.649] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0150.649] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.649] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.649] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.649] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.649] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.649] GetLastError () returned 0x12 [0150.649] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0150.649] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InApp", cAlternateFileName="")) returned 0 [0150.649] GetLastError () returned 0x12 [0150.649] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0150.650] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Install", cAlternateFileName="")) returned 1 [0150.650] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.650] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.650] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Install\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6f20423e, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.650] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.650] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.650] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6f20423e, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.650] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.650] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.650] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x249ea1e, ftCreationTime.dwHighDateTime=0x1d2a059, ftLastAccessTime.dwLowDateTime=0x7e6eaf16, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x7e6eaf16, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Apps", cAlternateFileName="")) returned 1 [0150.650] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.650] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.650] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Install\\Apps\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x249ea1e, ftCreationTime.dwHighDateTime=0x1d2a059, ftLastAccessTime.dwLowDateTime=0x7e6eaf16, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x7e6eaf16, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0150.651] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0150.651] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.651] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x249ea1e, ftCreationTime.dwHighDateTime=0x1d2a059, ftLastAccessTime.dwLowDateTime=0x7e6eaf16, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x7e6eaf16, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.651] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.651] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.651] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x249ea1e, ftCreationTime.dwHighDateTime=0x1d2a059, ftLastAccessTime.dwLowDateTime=0x7e6eaf16, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x7e6eaf16, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.651] GetLastError () returned 0x12 [0150.651] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.651] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Device", cAlternateFileName="")) returned 1 [0150.651] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.651] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.651] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Install\\Device\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0150.652] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0150.652] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.652] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.652] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.652] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.652] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.652] GetLastError () returned 0x12 [0150.652] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.652] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KeyHolder", cAlternateFileName="KEYHOL~1")) returned 1 [0150.652] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.652] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.652] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Install\\KeyHolder\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0150.653] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0150.653] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.653] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.653] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.653] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.653] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ecf30bd, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6ecf30bd, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6ecf30bd, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.653] GetLastError () returned 0x12 [0150.653] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0150.653] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f20423e, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6f7fa098, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6f7fa098, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Migration", cAlternateFileName="MIGRAT~1")) returned 1 [0150.653] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.653] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.653] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Install\\Migration\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f20423e, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6f7fa098, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6f7fa098, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0150.653] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0150.653] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.653] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f20423e, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6f7fa098, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6f7fa098, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.654] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.654] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.654] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f20423e, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6f7fa098, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6f7fa098, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.654] GetLastError () returned 0x12 [0150.654] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.654] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f20423e, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x6f7fa098, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x6f7fa098, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Migration", cAlternateFileName="MIGRAT~1")) returned 0 [0150.654] GetLastError () returned 0x12 [0150.654] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.654] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b51a174, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xfbdffacb, ftLastAccessTime.dwHighDateTime=0x1d5d805, ftLastWriteTime.dwLowDateTime=0x7dc6c35, ftLastWriteTime.dwHighDateTime=0x1d5d806, nFileSizeHigh=0x0, nFileSizeLow=0xdc870, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 1 [0150.654] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.654] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.654] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1b51a174, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xfbdffacb, ftLastAccessTime.dwHighDateTime=0x1d5d805, ftLastWriteTime.dwLowDateTime=0x7dc6c35, ftLastWriteTime.dwHighDateTime=0x1d5d806, nFileSizeHigh=0x0, nFileSizeLow=0xdc870, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 0 [0150.654] GetLastError () returned 0x12 [0150.654] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0150.654] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xccc6a2b9, ftLastAccessTime.dwHighDateTime=0x1d5d80c, ftLastWriteTime.dwLowDateTime=0xccc6a2b9, ftLastWriteTime.dwHighDateTime=0x1d5d80c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeviceMetadataCache", cAlternateFileName="DEVICE~2")) returned 1 [0150.654] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.654] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.655] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataCache\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xccc6a2b9, ftLastAccessTime.dwHighDateTime=0x1d5d80c, ftLastWriteTime.dwLowDateTime=0xccc6a2b9, ftLastWriteTime.dwHighDateTime=0x1d5d80c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.657] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.657] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.657] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xccc6a2b9, ftLastAccessTime.dwHighDateTime=0x1d5d80c, ftLastWriteTime.dwLowDateTime=0xccc6a2b9, ftLastWriteTime.dwHighDateTime=0x1d5d80c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.657] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.657] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.657] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6acf85b2, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xccc1dbbe, ftLastAccessTime.dwHighDateTime=0x1d5d80c, ftLastWriteTime.dwLowDateTime=0xccc1dbbe, ftLastWriteTime.dwHighDateTime=0x1d5d80c, nFileSizeHigh=0x0, nFileSizeLow=0xafc58, dwReserved0=0x0, dwReserved1=0x0, cFileName="dmrc.idx", cAlternateFileName="")) returned 1 [0150.657] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.657] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.657] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8f00595d, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x8f00595d, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dmrccache", cAlternateFileName="DMRCCA~1")) returned 1 [0150.657] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.657] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.657] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8f00595d, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x8f00595d, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0150.658] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.658] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.658] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8f00595d, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x8f00595d, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.658] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.658] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.658] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8f00595d, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x8f00595d, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0150.658] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.658] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.658] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\downloads\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8f00595d, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x8f00595d, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0150.659] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0150.659] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.659] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8f00595d, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x8f00595d, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.659] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.659] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.659] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8f00595d, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x8f00595d, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.659] GetLastError () returned 0x12 [0150.659] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.659] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8f00595d, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x8f00595d, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="downloads", cAlternateFileName="DOWNLO~1")) returned 0 [0150.659] GetLastError () returned 0x12 [0150.659] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0150.659] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8f00595d, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x8f00595d, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x8f00595d, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dmrccache", cAlternateFileName="DMRCCA~1")) returned 0 [0150.659] GetLastError () returned 0x12 [0150.659] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.659] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2129d74, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DeviceMetadataStore", cAlternateFileName="DEVICE~1")) returned 1 [0150.659] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.659] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.659] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2129d74, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0150.660] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.660] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.660] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2129d74, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.660] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.660] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.660] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212a24b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a8fdd8c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0150.660] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.660] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.660] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\DeviceMetadataStore\\en-US\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212a24b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a8fdd8c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.660] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.660] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.660] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212a24b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a8fdd8c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.661] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.661] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.661] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4933c6a8, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4933c6a8, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4933c6a8, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x3736, dwReserved0=0x0, dwReserved1=0x0, cFileName="34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms", cAlternateFileName="")) returned 1 [0150.661] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.661] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.661] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62088d76, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62088d76, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62088d76, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1af79, dwReserved0=0x0, dwReserved1=0x0, cFileName="63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms", cAlternateFileName="")) returned 1 [0150.661] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.661] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.661] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62088d76, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x62088d76, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x62088d76, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1af79, dwReserved0=0x0, dwReserved1=0x0, cFileName="63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms", cAlternateFileName="")) returned 0 [0150.661] GetLastError () returned 0x12 [0150.661] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.661] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212a24b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a8fdd8c, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0150.661] GetLastError () returned 0x12 [0150.661] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.662] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212a839, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GameExplorer", cAlternateFileName="GAMEEX~1")) returned 1 [0150.662] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.662] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.662] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\GameExplorer\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212a839, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d8a8 [0150.663] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.663] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.663] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212a839, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.663] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.663] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.663] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212a839, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.663] GetLastError () returned 0x12 [0150.663] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0150.663] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xf4120249, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xf4120249, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LfSvc", cAlternateFileName="")) returned 1 [0150.663] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.663] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.663] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\LfSvc\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xf4120249, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xf4120249, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0150.664] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.664] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.664] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xf4120249, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xf4120249, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.664] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.664] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.664] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4120249, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xf4120249, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xf4120249, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0150.664] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.664] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.664] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\LfSvc\\Cache\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4120249, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xf4120249, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xf4120249, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0150.666] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.666] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.666] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4120249, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xf4120249, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xf4120249, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.666] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.666] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.666] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4120249, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0xf4120249, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xf4120249, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.666] GetLastError () returned 0x12 [0150.666] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0150.666] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x15ce201c, ftCreationTime.dwHighDateTime=0x1d1a050, ftLastAccessTime.dwLowDateTime=0xc212be41, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x15ce201c, ftLastWriteTime.dwHighDateTime=0x1d1a050, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Geofence", cAlternateFileName="")) returned 1 [0150.666] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.666] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.666] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\LfSvc\\Geofence\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x15ce201c, ftCreationTime.dwHighDateTime=0x1d1a050, ftLastAccessTime.dwLowDateTime=0xc212be41, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x15ce201c, ftLastWriteTime.dwHighDateTime=0x1d1a050, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0150.668] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.668] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.668] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x15ce201c, ftCreationTime.dwHighDateTime=0x1d1a050, ftLastAccessTime.dwLowDateTime=0xc212be41, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x15ce201c, ftLastWriteTime.dwHighDateTime=0x1d1a050, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.668] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.668] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.668] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15ce201c, ftCreationTime.dwHighDateTime=0x1d1a050, ftLastAccessTime.dwLowDateTime=0x15ce201c, ftLastAccessTime.dwHighDateTime=0x1d1a050, ftLastWriteTime.dwLowDateTime=0x4baaeab, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x148, dwReserved0=0x0, dwReserved1=0x0, cFileName="GeofenceApplicationID.dat", cAlternateFileName="GEOFEN~1.DAT")) returned 1 [0150.668] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.668] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.668] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15ce201c, ftCreationTime.dwHighDateTime=0x1d1a050, ftLastAccessTime.dwLowDateTime=0x15ce201c, ftLastAccessTime.dwHighDateTime=0x1d1a050, ftLastWriteTime.dwLowDateTime=0x4baaeab, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x148, dwReserved0=0x0, dwReserved1=0x0, cFileName="GeofenceApplicationID.dat", cAlternateFileName="GEOFEN~1.DAT")) returned 0 [0150.668] GetLastError () returned 0x12 [0150.668] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0150.669] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x15ce201c, ftCreationTime.dwHighDateTime=0x1d1a050, ftLastAccessTime.dwLowDateTime=0xc212be41, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x15ce201c, ftLastWriteTime.dwHighDateTime=0x1d1a050, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Geofence", cAlternateFileName="")) returned 0 [0150.669] GetLastError () returned 0x12 [0150.669] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0150.669] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212c481, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PackagedEventProviders", cAlternateFileName="PACKAG~1")) returned 1 [0150.669] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.669] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.669] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\PackagedEventProviders\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212c481, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0150.669] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.669] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.670] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212c481, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.670] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.670] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.670] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212c481, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17cbb4ff, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.670] GetLastError () returned 0x12 [0150.670] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.670] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212c80e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Parental Controls", cAlternateFileName="PARENT~1")) returned 1 [0150.670] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.670] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.670] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Parental Controls\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212c80e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0150.671] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.671] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.671] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17cbb4ff, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212c80e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.671] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.671] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.671] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212cd78, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings", cAlternateFileName="")) returned 1 [0150.672] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.672] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.672] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Parental Controls\\settings\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212cd78, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0150.672] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.672] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.672] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212cd78, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.672] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.672] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.672] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212cd78, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.672] GetLastError () returned 0x12 [0150.672] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.672] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc212cd78, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings", cAlternateFileName="")) returned 0 [0150.672] GetLastError () returned 0x12 [0150.672] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0150.673] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x1516f86b, ftLastAccessTime.dwHighDateTime=0x1d336da, ftLastWriteTime.dwLowDateTime=0x1516f86b, ftLastWriteTime.dwHighDateTime=0x1d336da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Power Efficiency Diagnostics", cAlternateFileName="POWERE~1")) returned 1 [0150.673] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.673] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.673] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x1516f86b, ftLastAccessTime.dwHighDateTime=0x1d336da, ftLastWriteTime.dwLowDateTime=0x15195c01, ftLastWriteTime.dwHighDateTime=0x1d336da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.675] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.675] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.675] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x1516f86b, ftLastAccessTime.dwHighDateTime=0x1d336da, ftLastWriteTime.dwLowDateTime=0x15195c01, ftLastWriteTime.dwHighDateTime=0x1d336da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.676] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.676] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.676] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14fcc049, ftCreationTime.dwHighDateTime=0x1d336da, ftLastAccessTime.dwLowDateTime=0x14fcc049, ftLastAccessTime.dwHighDateTime=0x1d336da, ftLastWriteTime.dwLowDateTime=0x14fa5e38, ftLastWriteTime.dwHighDateTime=0x1d336da, nFileSizeHigh=0x0, nFileSizeLow=0x3c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="energy-report-2017-09-26.xml", cAlternateFileName="ENERGY~2.XML")) returned 1 [0150.676] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.676] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.676] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14f337c3, ftCreationTime.dwHighDateTime=0x1d336da, ftLastAccessTime.dwLowDateTime=0x14f337c3, ftLastAccessTime.dwHighDateTime=0x1d336da, ftLastWriteTime.dwLowDateTime=0x14fa5e38, ftLastWriteTime.dwHighDateTime=0x1d336da, nFileSizeHigh=0x0, nFileSizeLow=0x3c8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="energy-report-latest.xml", cAlternateFileName="ENERGY~1.XML")) returned 1 [0150.676] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.676] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.677] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1516f86b, ftCreationTime.dwHighDateTime=0x1d336da, ftLastAccessTime.dwLowDateTime=0x1516f86b, ftLastAccessTime.dwHighDateTime=0x1d336da, ftLastWriteTime.dwLowDateTime=0x1516f86b, ftLastWriteTime.dwHighDateTime=0x1d336da, nFileSizeHigh=0x0, nFileSizeLow=0x3641, dwReserved0=0x0, dwReserved1=0x0, cFileName="energy-report.html", cAlternateFileName="ENERGY~1.HTM")) returned 1 [0150.677] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.677] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.677] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1516f86b, ftCreationTime.dwHighDateTime=0x1d336da, ftLastAccessTime.dwLowDateTime=0x1516f86b, ftLastAccessTime.dwHighDateTime=0x1d336da, ftLastWriteTime.dwLowDateTime=0x1516f86b, ftLastWriteTime.dwHighDateTime=0x1d336da, nFileSizeHigh=0x0, nFileSizeLow=0x3641, dwReserved0=0x0, dwReserved1=0x0, cFileName="energy-report.html", cAlternateFileName="ENERGY~1.HTM")) returned 0 [0150.677] GetLastError () returned 0x12 [0150.677] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.678] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc21e5ea3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ringtones", cAlternateFileName="RINGTO~1")) returned 1 [0150.678] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.678] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.678] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Ringtones\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc21e5ea3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.678] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.678] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.678] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc21e5ea3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.679] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.679] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.679] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc21e5ea3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.679] GetLastError () returned 0x12 [0150.679] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.679] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedcf5f61, ftCreationTime.dwHighDateTime=0x1d336d9, ftLastAccessTime.dwLowDateTime=0xeeb42f5b, ftLastAccessTime.dwHighDateTime=0x1d336d9, ftLastWriteTime.dwLowDateTime=0xeeb42f5b, ftLastWriteTime.dwHighDateTime=0x1d336d9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SleepStudy", cAlternateFileName="SLEEPS~1")) returned 1 [0150.679] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.679] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.679] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedcf5f61, ftCreationTime.dwHighDateTime=0x1d336d9, ftLastAccessTime.dwLowDateTime=0xeeb42f5b, ftLastAccessTime.dwHighDateTime=0x1d336d9, ftLastWriteTime.dwLowDateTime=0xeeb42f5b, ftLastWriteTime.dwHighDateTime=0x1d336d9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0150.679] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.679] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.679] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedcf5f61, ftCreationTime.dwHighDateTime=0x1d336d9, ftLastAccessTime.dwLowDateTime=0xeeb42f5b, ftLastAccessTime.dwHighDateTime=0x1d336d9, ftLastWriteTime.dwLowDateTime=0xeeb42f5b, ftLastWriteTime.dwHighDateTime=0x1d336d9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.679] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.679] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.679] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeeb42f5b, ftCreationTime.dwHighDateTime=0x1d336d9, ftLastAccessTime.dwLowDateTime=0xeeb42f5b, ftLastAccessTime.dwHighDateTime=0x1d336d9, ftLastWriteTime.dwLowDateTime=0xeeb42f5b, ftLastWriteTime.dwHighDateTime=0x1d336d9, nFileSizeHigh=0x0, nFileSizeLow=0x6229, dwReserved0=0x0, dwReserved1=0x0, cFileName="sleepstudy-report-latest.xml", cAlternateFileName="SLEEPS~1.XML")) returned 1 [0150.679] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.679] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.680] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeeb42f5b, ftCreationTime.dwHighDateTime=0x1d336d9, ftLastAccessTime.dwLowDateTime=0xeeb42f5b, ftLastAccessTime.dwHighDateTime=0x1d336d9, ftLastWriteTime.dwLowDateTime=0xeeb42f5b, ftLastWriteTime.dwHighDateTime=0x1d336d9, nFileSizeHigh=0x0, nFileSizeLow=0x6229, dwReserved0=0x0, dwReserved1=0x0, cFileName="sleepstudy-report-latest.xml", cAlternateFileName="SLEEPS~1.XML")) returned 0 [0150.680] GetLastError () returned 0x12 [0150.680] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.685] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sqm", cAlternateFileName="")) returned 1 [0150.685] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.685] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.685] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Sqm\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0150.685] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.685] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.685] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.685] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.685] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.685] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Manifest", cAlternateFileName="")) returned 1 [0150.686] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.686] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.686] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Sqm\\Manifest\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d368 [0150.686] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.686] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.686] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.686] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.686] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.686] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.686] GetLastError () returned 0x12 [0150.686] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0150.686] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sessions", cAlternateFileName="")) returned 1 [0150.686] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.686] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.686] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Sqm\\Sessions\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.688] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.688] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.688] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.688] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.688] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.688] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.688] GetLastError () returned 0x12 [0150.688] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.688] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Upload", cAlternateFileName="")) returned 1 [0150.688] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.688] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.688] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Sqm\\Upload\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d768 [0150.689] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.689] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.689] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.689] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.689] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.689] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.689] GetLastError () returned 0x12 [0150.689] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0150.689] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8440cf44, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8440cf44, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8440cf44, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Upload", cAlternateFileName="")) returned 0 [0150.689] GetLastError () returned 0x12 [0150.689] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.689] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc229ee00, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a923ff6, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0150.689] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.689] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.689] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc229ee00, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a923ff6, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0150.690] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.690] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.690] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc229ee00, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a923ff6, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.690] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.690] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.690] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x1a923ff6, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc5f43b93, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0xc5f43b93, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0150.690] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.690] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.690] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xfd412f52, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xfd412f52, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 1 [0150.690] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.690] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.690] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xfd412f52, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xfd412f52, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d368 [0150.690] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.690] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.690] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xfd412f52, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xfd412f52, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.691] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.691] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.691] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4ae4bfb, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf4ae4bfb, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf4ae4bfb, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x974, dwReserved0=0x0, dwReserved1=0x0, cFileName="Access 2016.lnk", cAlternateFileName="ACCESS~1.LNK")) returned 1 [0150.691] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.691] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.691] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc23497a5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a94a259, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0150.691] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.691] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.691] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc23497a5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a94a259, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d728 [0150.691] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0150.691] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.691] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc23497a5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a94a259, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.691] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.691] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.691] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x1a94a259, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc5f43b93, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0xc8e5b1b6, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x172, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0150.691] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.691] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.691] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437960ad, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x437960ad, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x437960ad, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Speech Recognition.lnk", cAlternateFileName="")) returned 1 [0150.691] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.691] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.692] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437960ad, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x437960ad, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x437960ad, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Speech Recognition.lnk", cAlternateFileName="")) returned 0 [0150.692] GetLastError () returned 0x12 [0150.692] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0150.692] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc234b032, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x47011dad, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~2")) returned 1 [0150.692] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.692] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.692] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc234b032, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x47011dad, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.692] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0150.692] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.692] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc234b032, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x47011dad, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.692] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.692] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.692] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x1a94a259, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x69cb7dde, ftLastAccessTime.dwHighDateTime=0x1d2fa08, ftLastWriteTime.dwLowDateTime=0x69cb7dde, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x5c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0150.692] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.692] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.692] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98a4376e, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x98a4376e, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x98a4376e, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x49e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Math Input Panel.lnk", cAlternateFileName="")) returned 1 [0150.692] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.692] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.693] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x630c736a, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x630c736a, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x630c736a, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x45a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Paint.lnk", cAlternateFileName="")) returned 1 [0150.693] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.693] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.693] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d6e8df9, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x9e26238d, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x9c706000, ftLastWriteTime.dwHighDateTime=0x1d29fab, nFileSizeHigh=0x0, nFileSizeLow=0x48c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Assist.lnk", cAlternateFileName="")) returned 1 [0150.693] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.693] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.693] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67c555e4, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x67c555e4, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x67c555e4, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x4bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="Remote Desktop Connection.lnk", cAlternateFileName="")) returned 1 [0150.693] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.693] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.693] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c8ce781, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7c8ce781, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7c8ce781, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x46e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Snipping Tool.lnk", cAlternateFileName="")) returned 1 [0150.693] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.693] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.780] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x378897b7, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x378897b7, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x378897b7, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x448, dwReserved0=0x0, dwReserved1=0x0, cFileName="Steps Recorder.lnk", cAlternateFileName="")) returned 1 [0150.780] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.780] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.781] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc234c75c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x21f770e1, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0150.781] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.781] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="System Tools", cchCount2=8) returned 1 [0150.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="System Tools", cchCount2=4) returned 1 [0150.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="System Tools", cchCount2=8) returned 1 [0150.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="System Tools", cchCount2=4) returned 1 [0150.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="System Tools", cchCount2=8) returned 1 [0150.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="System Tools", cchCount2=4) returned 1 [0150.781] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc234c75c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x21f770e1, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0150.781] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e6a0 | out: lpLocalFileTime=0x19e6a0) returned 1 [0150.781] FileTimeToDosDateTime (in: lpFileTime=0x19e6a0, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0150.781] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc234c75c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x21f770e1, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.782] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0150.782] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0150.782] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x655bc768, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x655bc768, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x655bc768, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x45a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Character Map.lnk", cAlternateFileName="")) returned 1 [0150.782] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0150.782] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0150.782] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x21f770e1, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc8e8141c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0xc8e8141c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x55, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0150.782] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0150.782] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0150.782] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x21f770e1, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc8e8141c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0xc8e8141c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x55, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0150.782] GetLastError () returned 0x12 [0150.782] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0150.782] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x6ec61aae, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0xc234d9cc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x6ec61aae, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tablet PC", cAlternateFileName="TABLET~1")) returned 1 [0150.782] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.782] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Tablet PC", cchCount2=8) returned 1 [0150.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Tablet PC", cchCount2=4) returned 1 [0150.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Tablet PC", cchCount2=8) returned 1 [0150.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Tablet PC", cchCount2=4) returned 1 [0150.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Tablet PC", cchCount2=8) returned 1 [0150.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Tablet PC", cchCount2=4) returned 1 [0150.783] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\*", lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x6ec61aae, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0xc234d9cc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x6ec61aae, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6a8 [0150.783] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e6a0 | out: lpLocalFileTime=0x19e6a0) returned 1 [0150.783] FileTimeToDosDateTime (in: lpFileTime=0x19e6a0, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0150.783] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x6ec61aae, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0xc234d9cc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x6ec61aae, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.783] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0150.784] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0150.784] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x6ec61aae, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0xc234d9cc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x6ec61aae, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.784] GetLastError () returned 0x12 [0150.784] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0150.784] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x955ce979, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x955ce979, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x955ce979, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x448, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Fax and Scan.lnk", cAlternateFileName="")) returned 1 [0150.784] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.784] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.784] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa40fd93f, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xa5b5da3e, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0xf78d700, ftLastWriteTime.dwHighDateTime=0x1d29faa, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="")) returned 1 [0150.784] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.784] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.784] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x653f2a91, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x653f2a91, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x653f2a91, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x482, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wordpad.lnk", cAlternateFileName="")) returned 1 [0150.784] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.784] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.785] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96ce7e01, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96ce7e01, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96ce7e01, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x462, dwReserved0=0x0, dwReserved1=0x0, cFileName="XPS Viewer.lnk", cAlternateFileName="")) returned 1 [0150.785] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.785] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.785] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96ce7e01, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x96ce7e01, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x96ce7e01, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x462, dwReserved0=0x0, dwReserved1=0x0, cFileName="XPS Viewer.lnk", cAlternateFileName="")) returned 0 [0150.785] GetLastError () returned 0x12 [0150.785] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.785] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38b1d2da, ftCreationTime.dwHighDateTime=0x1d327c9, ftLastAccessTime.dwLowDateTime=0xe2eb3f5a, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0xe2eda1a5, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x999, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat Reader DC.lnk", cAlternateFileName="ACROBA~1.LNK")) returned 1 [0150.785] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.785] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.785] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc23f53a4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x76b7cd4d, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0150.785] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.785] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.785] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Administrative Tools", cchCount2=8) returned 1 [0150.786] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Administrative Tools", cchCount2=4) returned 1 [0150.786] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Administrative Tools", cchCount2=8) returned 1 [0150.786] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Administrative Tools", cchCount2=4) returned 1 [0150.786] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Administrative Tools", cchCount2=8) returned 1 [0150.786] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Administrative Tools", cchCount2=4) returned 1 [0150.786] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc23f53a4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x76b7cd4d, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.786] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0150.786] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.786] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc23f53a4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x76b7cd4d, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.786] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.787] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.787] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c1db61d, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x3c1db61d, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x3c1db61d, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Component Services.lnk", cAlternateFileName="")) returned 1 [0150.787] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.787] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.787] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33042a24, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x33042a24, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x33042a24, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x48c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Computer Management.lnk", cAlternateFileName="")) returned 1 [0150.787] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.787] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.787] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x1a94a259, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x69cb7dde, ftLastAccessTime.dwHighDateTime=0x1d2fa08, ftLastWriteTime.dwLowDateTime=0x69cb7dde, ftLastWriteTime.dwHighDateTime=0x1d2fa08, nFileSizeHigh=0x0, nFileSizeLow=0xa26, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0150.787] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.787] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.787] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x399c4fa7, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x399c4fa7, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x399c4fa7, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x486, dwReserved0=0x0, dwReserved1=0x0, cFileName="dfrgui.lnk", cAlternateFileName="")) returned 1 [0150.788] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.788] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.788] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64367fd2, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x64367fd2, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x64367fd2, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Disk Cleanup.lnk", cAlternateFileName="")) returned 1 [0150.788] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.788] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.788] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31dc802b, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x31dc802b, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x31dc802b, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x490, dwReserved0=0x0, dwReserved1=0x0, cFileName="Event Viewer.lnk", cAlternateFileName="")) returned 1 [0150.788] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.788] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.788] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e8e6bbf, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x3e8e6bbf, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x3e8e6bbf, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x478, dwReserved0=0x0, dwReserved1=0x0, cFileName="iSCSI Initiator.lnk", cAlternateFileName="")) returned 1 [0150.788] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.788] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.788] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39893c6e, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x39893c6e, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x39893c6e, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x474, dwReserved0=0x0, dwReserved1=0x0, cFileName="Memory Diagnostics Tool.lnk", cAlternateFileName="")) returned 1 [0150.789] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.789] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.789] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d2782ec, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x6d2782ec, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x6d2782ec, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ODBC Data Sources (32-bit).lnk", cAlternateFileName="")) returned 1 [0150.789] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.789] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.789] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41da7e83, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x41da7e83, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x41da7e83, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x474, dwReserved0=0x0, dwReserved1=0x0, cFileName="ODBC Data Sources (64-bit).lnk", cAlternateFileName="")) returned 1 [0150.789] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.789] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.789] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b4be2a0, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x3b4be2a0, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x3b4be2a0, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x450, dwReserved0=0x0, dwReserved1=0x0, cFileName="Performance Monitor.lnk", cAlternateFileName="")) returned 1 [0150.789] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.789] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0150.789] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c8822b6, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7c8822b6, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7c8822b6, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x45e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Print Management.lnk", cAlternateFileName="")) returned 1 [0150.790] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.790] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b4be2a0, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x3b4be2a0, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x3b4be2a0, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x454, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resource Monitor.lnk", cAlternateFileName="")) returned 1 [0150.790] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.790] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c66c10d, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x7c66c10d, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x7c66c10d, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x462, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security Configuration Management.lnk", cAlternateFileName="")) returned 1 [0150.790] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.790] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32f116ee, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x32f116ee, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x32f116ee, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x486, dwReserved0=0x0, dwReserved1=0x0, cFileName="services.lnk", cAlternateFileName="")) returned 1 [0150.790] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.790] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b498035, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x3b498035, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x3b498035, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x45c, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Configuration.lnk", cAlternateFileName="")) returned 1 [0150.790] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.791] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34d51ec6, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x34d51ec6, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x34d51ec6, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x45a, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Information.lnk", cAlternateFileName="")) returned 1 [0150.791] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.791] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31dee28b, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x31dee28b, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x31dee28b, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x46c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Task Scheduler.lnk", cAlternateFileName="")) returned 1 [0150.791] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.791] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e2f6c78, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4e2f6c78, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4e2f6c78, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x484, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Firewall with Advanced Security.lnk", cAlternateFileName="")) returned 1 [0150.791] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0150.791] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e2f6c78, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x4e2f6c78, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x4e2f6c78, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x484, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Firewall with Advanced Security.lnk", cAlternateFileName="")) returned 0 [0150.791] GetLastError () returned 0x12 [0150.791] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.792] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x1a923ff6, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x96fe9bef, ftLastAccessTime.dwHighDateTime=0x1d32794, ftLastWriteTime.dwLowDateTime=0x6e749736, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x31c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0150.792] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.792] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4b0ade7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xf4b0ade7, ftLastAccessTime.dwHighDateTime=0x1d327e7, ftLastWriteTime.dwLowDateTime=0xf4b0ade7, ftLastWriteTime.dwHighDateTime=0x1d327e7, nFileSizeHigh=0x0, nFileSizeLow=0x973, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel 2016.lnk", cAlternateFileName="EXCEL2~1.LNK")) returned 1 [0150.792] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.792] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4c6308a, ftCreationTime.dwHighDateTime=0x1d327cb, ftLastAccessTime.dwLowDateTime=0xe4c6308a, ftLastAccessTime.dwHighDateTime=0x1d327cb, ftLastWriteTime.dwLowDateTime=0xe4c6308a, ftLastWriteTime.dwHighDateTime=0x1d327cb, nFileSizeHigh=0x0, nFileSizeLow=0x926, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0150.792] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.792] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x25, ftCreationTime.dwLowDateTime=0x97a9db13, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x97a9db13, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x97a9db13, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x92d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Immersive Control Panel.lnk", cAlternateFileName="")) returned 1 [0150.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Java", cchCount2=4) returned 1 [0150.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Java", cchCount2=4) returned 1 [0150.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Java", cchCount2=4) returned 1 [0150.793] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Java\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xabaf4d3e, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac589477, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xac589477, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0150.797] GetLastError () returned 0x12 [0150.797] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0150.799] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc248d7d2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a9704bf, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0150.799] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Maintenance", cchCount2=8) returned 1 [0150.799] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Maintenance", cchCount2=4) returned 1 [0150.799] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Maintenance", cchCount2=8) returned 1 [0150.799] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Maintenance", cchCount2=4) returned 1 [0150.799] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Maintenance", cchCount2=8) returned 1 [0150.799] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Maintenance", cchCount2=4) returned 1 [0150.799] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc248d7d2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a9704bf, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.800] GetLastError () returned 0x12 [0150.800] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft Office 2016 Tools", cchCount2=8) returned 1 [0150.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft Office 2016 Tools", cchCount2=4) returned 1 [0150.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft Office 2016 Tools", cchCount2=8) returned 1 [0150.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft Office 2016 Tools", cchCount2=4) returned 1 [0150.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft Office 2016 Tools", cchCount2=8) returned 1 [0150.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft Office 2016 Tools", cchCount2=4) returned 1 [0150.800] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office 2016 Tools\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf4b0ade7, ftCreationTime.dwHighDateTime=0x1d327e7, ftLastAccessTime.dwLowDateTime=0xfd412f52, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xfd412f52, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0150.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Database Compare 2016.lnk", cchCount2=8) returned 1 [0150.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Database Compare 2016.lnk", cchCount2=4) returned 1 [0150.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Database Compare 2016.lnk", cchCount2=8) returned 1 [0150.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Database Compare 2016.lnk", cchCount2=4) returned 1 [0150.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Database Compare 2016.lnk", cchCount2=8) returned 1 [0150.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Database Compare 2016.lnk", cchCount2=4) returned 1 [0150.804] GetLastError () returned 0x12 [0150.804] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0150.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Startup", cchCount2=4) returned 1 [0150.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Startup", cchCount2=4) returned 1 [0150.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Startup", cchCount2=4) returned 1 [0150.806] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc24e5770, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a9704bf, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d868 [0150.806] GetLastError () returned 0x12 [0150.806] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0150.807] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="System Tools", cchCount2=8) returned 1 [0150.807] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="System Tools", cchCount2=4) returned 1 [0150.807] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="System Tools", cchCount2=8) returned 1 [0150.807] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="System Tools", cchCount2=4) returned 1 [0150.807] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="System Tools", cchCount2=8) returned 1 [0150.807] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="System Tools", cchCount2=4) returned 1 [0150.807] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc24e74df, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x474d6904, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0150.807] GetLastError () returned 0x12 [0150.807] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0150.808] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Tablet PC", cchCount2=8) returned 1 [0150.808] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Tablet PC", cchCount2=4) returned 1 [0150.808] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Tablet PC", cchCount2=8) returned 1 [0150.808] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Tablet PC", cchCount2=4) returned 1 [0150.808] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Tablet PC", cchCount2=8) returned 1 [0150.808] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Tablet PC", cchCount2=4) returned 1 [0150.808] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Tablet PC\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x6ec87d0d, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0xc24e8184, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x6ec87d0d, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6a8 [0150.808] GetLastError () returned 0x12 [0150.808] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0150.809] GetLastError () returned 0x12 [0150.809] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0150.809] GetLastError () returned 0x12 [0150.809] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0150.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Start Menu Places", cchCount2=8) returned 1 [0150.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Start Menu Places", cchCount2=4) returned 1 [0150.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Start Menu Places", cchCount2=8) returned 1 [0150.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Start Menu Places", cchCount2=4) returned 1 [0150.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Start Menu Places", cchCount2=8) returned 1 [0150.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Start Menu Places", cchCount2=4) returned 1 [0150.809] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu Places\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc252d1d0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x21f770e1, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.811] GetLastError () returned 0x12 [0150.811] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.811] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SystemData", cchCount2=8) returned 1 [0150.811] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SystemData", cchCount2=4) returned 1 [0150.811] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SystemData", cchCount2=8) returned 1 [0150.811] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SystemData", cchCount2=4) returned 1 [0150.811] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SystemData", cchCount2=8) returned 1 [0150.811] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SystemData", cchCount2=4) returned 1 [0150.811] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SystemData\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x19effc, ftCreationTime.dwHighDateTime=0x773051f4, ftLastAccessTime.dwLowDateTime=0x25084ec, ftLastAccessTime.dwHighDateTime=0x77304f40, ftLastWriteTime.dwLowDateTime=0x77305218, ftLastWriteTime.dwHighDateTime=0x4, nFileSizeHigh=0x4, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="缠\x91", cAlternateFileName="唬OᤸV놴Ɏ")) returned 0xffffffff [0150.812] GetLastError () returned 0x5 [0150.812] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Templates", cchCount2=8) returned 1 [0150.812] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Templates", cchCount2=4) returned 1 [0150.812] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Templates", cchCount2=8) returned 1 [0150.812] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Templates", cchCount2=4) returned 1 [0150.812] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Templates", cchCount2=8) returned 1 [0150.812] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Templates", cchCount2=4) returned 1 [0150.812] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc25d1ac7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0150.812] GetLastError () returned 0x12 [0150.812] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0150.815] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ReportArchive", cchCount2=8) returned 1 [0150.815] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ReportArchive", cchCount2=4) returned 1 [0150.815] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ReportArchive", cchCount2=8) returned 1 [0150.815] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ReportArchive", cchCount2=4) returned 1 [0150.815] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ReportArchive", cchCount2=8) returned 1 [0150.815] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ReportArchive", cchCount2=4) returned 1 [0150.815] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\WER\\ReportArchive\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc25d2e0a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0150.816] GetLastError () returned 0x12 [0150.816] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0150.816] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ReportQueue", cchCount2=8) returned 1 [0150.816] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ReportQueue", cchCount2=4) returned 1 [0150.816] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ReportQueue", cchCount2=8) returned 1 [0150.816] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ReportQueue", cchCount2=4) returned 1 [0150.816] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ReportQueue", cchCount2=8) returned 1 [0150.816] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ReportQueue", cchCount2=4) returned 1 [0150.816] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\WER\\ReportQueue\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc25d33b0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17ce1766, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d868 [0150.817] GetLastError () returned 0x12 [0150.817] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0150.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Temp", cchCount2=4) returned 1 [0150.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Temp", cchCount2=4) returned 1 [0150.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Temp", cchCount2=4) returned 1 [0150.817] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\WER\\Temp\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x56c668bc, ftLastAccessTime.dwHighDateTime=0x1d5d806, ftLastWriteTime.dwLowDateTime=0xd3073804, ftLastWriteTime.dwHighDateTime=0x1d5d806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.818] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.818] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.818] GetLastError () returned 0x12 [0150.818] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.845] GetLastError () returned 0x12 [0150.845] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0150.846] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.846] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\wfp\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x8846c94f, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8846c94f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d868 [0150.846] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.846] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.846] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x8846c94f, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8846c94f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.846] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.846] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.846] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x8846c94f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8846c94f, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xb33495f6, ftLastWriteTime.dwHighDateTime=0x1d5f12a, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="wfpdiag.etl", cAlternateFileName="")) returned 1 [0150.846] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.846] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.846] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x8846c94f, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x8846c94f, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0xb33495f6, ftLastWriteTime.dwHighDateTime=0x1d5f12a, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="wfpdiag.etl", cAlternateFileName="")) returned 0 [0150.847] GetLastError () returned 0x12 [0150.847] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0150.847] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0x8846c94f, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x8846c94f, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wfp", cAlternateFileName="")) returned 0 [0150.847] GetLastError () returned 0x12 [0150.847] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0150.847] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc25d4e74, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb320aac5, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0150.847] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0150.847] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0150.847] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Defender", cchCount2=8) returned 1 [0150.847] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Defender", cchCount2=4) returned 1 [0150.847] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Defender", cchCount2=8) returned 1 [0150.847] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Defender", cchCount2=4) returned 1 [0150.847] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Defender", cchCount2=8) returned 1 [0150.847] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Defender", cchCount2=4) returned 1 [0150.847] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc25d4e74, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb320aac5, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0150.850] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0150.850] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.850] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17ce1766, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc25d4e74, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb320aac5, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.850] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.850] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.850] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc25d5968, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Clean Store", cAlternateFileName="CLEANS~1")) returned 1 [0150.851] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.851] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Clean Store", cchCount2=8) returned 1 [0150.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Clean Store", cchCount2=4) returned 1 [0150.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Clean Store", cchCount2=8) returned 1 [0150.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Clean Store", cchCount2=4) returned 1 [0150.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Clean Store", cchCount2=8) returned 1 [0150.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Clean Store", cchCount2=4) returned 1 [0150.851] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Clean Store\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc25d5968, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d768 [0150.851] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.851] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.851] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc25d5968, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.851] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.851] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.851] FindNextFileW (in: hFindFile=0x94d768, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc25d5968, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.851] GetLastError () returned 0x12 [0150.851] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0150.852] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xb2ba2529, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb2ba2529, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Definition Updates", cAlternateFileName="DEFINI~1")) returned 1 [0150.852] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.852] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Definition Updates", cchCount2=8) returned 1 [0150.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Definition Updates", cchCount2=4) returned 1 [0150.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Definition Updates", cchCount2=8) returned 1 [0150.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Definition Updates", cchCount2=4) returned 1 [0150.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Definition Updates", cchCount2=8) returned 1 [0150.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Definition Updates", cchCount2=4) returned 1 [0150.852] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xb2ba2529, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb2ba2529, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0150.853] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.853] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.853] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xb2ba2529, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb2ba2529, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.853] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.853] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.853] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc25d6ec5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Backup", cAlternateFileName="")) returned 1 [0150.853] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.853] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.853] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Backup", cchCount2=4) returned 1 [0150.853] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Backup", cchCount2=4) returned 1 [0150.853] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Backup", cchCount2=4) returned 1 [0150.853] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Backup\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc25d6ec5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0150.856] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.856] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.856] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc25d6ec5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.856] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.856] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.856] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc25d6ec5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.856] GetLastError () returned 0x12 [0150.856] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0150.856] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc26252c7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a996721, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0150.856] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.856] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.856] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Default", cchCount2=4) returned 1 [0150.856] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Default", cchCount2=4) returned 1 [0150.856] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Default", cchCount2=4) returned 1 [0150.856] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Default\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc26252c7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a996721, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0150.860] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.860] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.860] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc26252c7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a996721, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.860] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.860] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.860] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26c24f7c, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x26c24f7c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x26c24f7c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x11d0d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GapaEngine.dll", cAlternateFileName="")) returned 1 [0150.860] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.860] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.860] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26af3c42, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x26af3c42, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x26b66370, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x22f6710, dwReserved0=0x0, dwReserved1=0x0, cFileName="MpAsBase.vdm", cAlternateFileName="")) returned 1 [0150.860] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.860] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.861] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26af3c42, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x26af3c42, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x26af3c42, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x8f10, dwReserved0=0x0, dwReserved1=0x0, cFileName="MpAsDlta.vdm", cAlternateFileName="")) returned 1 [0150.861] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.861] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.861] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26b66370, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x26b66370, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x26c24f7c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x563cd10, dwReserved0=0x0, dwReserved1=0x0, cFileName="MpAvBase.vdm", cAlternateFileName="")) returned 1 [0150.861] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.861] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.861] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26af3c42, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x26af3c42, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x26af3c42, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x15910, dwReserved0=0x0, dwReserved1=0x0, cFileName="MpAvDlta.vdm", cAlternateFileName="")) returned 1 [0150.861] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.861] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.861] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26c24f7c, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x26c24f7c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x26c4b1e3, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0xc11740, dwReserved0=0x0, dwReserved1=0x0, cFileName="MpEngine.dll", cAlternateFileName="")) returned 1 [0150.861] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.861] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.861] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26c24f7c, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x26c24f7c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x26c24f7c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x14e318, dwReserved0=0x0, dwReserved1=0x0, cFileName="NisBase.vdm", cAlternateFileName="")) returned 1 [0150.861] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.861] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.861] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26c24f7c, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x26c24f7c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x26c24f7c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x14e718, dwReserved0=0x0, dwReserved1=0x0, cFileName="NisFull.vdm", cAlternateFileName="")) returned 1 [0150.862] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.862] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.862] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26c24f7c, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x26c24f7c, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x26c24f7c, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x14e718, dwReserved0=0x0, dwReserved1=0x0, cFileName="NisFull.vdm", cAlternateFileName="")) returned 0 [0150.862] GetLastError () returned 0x12 [0150.862] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0150.863] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2626574, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NisBackup", cAlternateFileName="NISBAC~1")) returned 1 [0150.863] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.863] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.863] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="NisBackup", cchCount2=8) returned 1 [0150.863] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="NisBackup", cchCount2=4) returned 1 [0150.863] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="NisBackup", cchCount2=8) returned 1 [0150.863] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="NisBackup", cchCount2=4) returned 1 [0150.863] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="NisBackup", cchCount2=8) returned 1 [0150.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="NisBackup", cchCount2=4) returned 1 [0150.864] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\NisBackup\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2626574, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.864] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.864] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.864] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2626574, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.864] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.864] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.864] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2626574, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.864] GetLastError () returned 0x12 [0150.864] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.864] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2626eab, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Updates", cAlternateFileName="")) returned 1 [0150.865] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.865] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Updates", cchCount2=4) returned 1 [0150.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Updates", cchCount2=4) returned 1 [0150.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Updates", cchCount2=4) returned 1 [0150.865] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Definition Updates\\Updates\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2626eab, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0150.866] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.866] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.866] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2626eab, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.866] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.866] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.866] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2626eab, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.866] GetLastError () returned 0x12 [0150.866] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0150.866] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2626eab, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Updates", cAlternateFileName="")) returned 0 [0150.866] GetLastError () returned 0x12 [0150.866] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0150.866] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc26279a1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Features", cAlternateFileName="")) returned 1 [0150.866] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.866] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Features", cchCount2=8) returned 1 [0150.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Features", cchCount2=4) returned 1 [0150.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Features", cchCount2=8) returned 1 [0150.867] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Features", cchCount2=4) returned 1 [0150.867] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Features", cchCount2=8) returned 1 [0150.867] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Features", cchCount2=4) returned 1 [0150.867] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Features\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc26279a1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0150.868] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.868] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.868] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc26279a1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.868] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.868] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.868] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc26279a1, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.869] GetLastError () returned 0x12 [0150.869] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0150.869] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc26281f9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalCopy", cAlternateFileName="LOCALC~1")) returned 1 [0150.869] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.869] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="LocalCopy", cchCount2=8) returned 1 [0150.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="LocalCopy", cchCount2=4) returned 1 [0150.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="LocalCopy", cchCount2=8) returned 1 [0150.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="LocalCopy", cchCount2=4) returned 1 [0150.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="LocalCopy", cchCount2=8) returned 1 [0150.869] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="LocalCopy", cchCount2=4) returned 1 [0150.869] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\LocalCopy\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc26281f9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0150.869] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.869] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.869] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc26281f9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.869] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.869] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.869] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc26281f9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd525f5, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.870] GetLastError () returned 0x12 [0150.870] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0150.870] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2628aa5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2bc876c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Inspection System", cAlternateFileName="NETWOR~1")) returned 1 [0150.870] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.870] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Network Inspection System", cchCount2=8) returned 1 [0150.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Network Inspection System", cchCount2=4) returned 1 [0150.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Network Inspection System", cchCount2=8) returned 1 [0150.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Network Inspection System", cchCount2=4) returned 1 [0150.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Network Inspection System", cchCount2=8) returned 1 [0150.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Network Inspection System", cchCount2=4) returned 1 [0150.870] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Network Inspection System\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2628aa5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2bc876c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0150.871] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.871] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.871] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2628aa5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2bc876c, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.871] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.871] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.871] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x366fbd4a, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x366fbd4a, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Support", cAlternateFileName="")) returned 1 [0150.871] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.871] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.871] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Support", cchCount2=4) returned 1 [0150.871] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Support", cchCount2=4) returned 1 [0150.871] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Support", cchCount2=4) returned 1 [0150.871] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Network Inspection System\\Support\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x366fbd4a, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x366fbd4a, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0150.872] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.872] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.872] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x366fbd4a, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x366fbd4a, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.872] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.872] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.872] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x366fbd4a, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x366fbd4a, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x366fbd4a, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NisLog.txt", cAlternateFileName="")) returned 1 [0150.872] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.872] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.872] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="NisLog.txt", cchCount2=8) returned 1 [0150.872] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="NisLog.txt", cchCount2=4) returned 1 [0150.872] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="NisLog.txt", cchCount2=8) returned 1 [0150.872] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="NisLog.txt", cchCount2=4) returned 1 [0150.872] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="NisLog.txt", cchCount2=8) returned 1 [0150.872] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="NisLog.txt", cchCount2=4) returned 1 [0150.872] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x366fbd4a, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x366fbd4a, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x366fbd4a, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NisLog.txt", cAlternateFileName="")) returned 0 [0150.872] GetLastError () returned 0x12 [0150.872] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0150.873] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd525f5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x366fbd4a, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x366fbd4a, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Support", cAlternateFileName="")) returned 0 [0150.873] GetLastError () returned 0x12 [0150.873] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0150.873] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc262a040, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Platform", cAlternateFileName="")) returned 1 [0150.873] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.873] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Platform", cchCount2=8) returned 1 [0150.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Platform", cchCount2=4) returned 1 [0150.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Platform", cchCount2=8) returned 1 [0150.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Platform", cchCount2=4) returned 1 [0150.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Platform", cchCount2=8) returned 1 [0150.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Platform", cchCount2=4) returned 1 [0150.873] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Platform\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc262a040, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0150.873] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.873] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.873] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc262a040, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.874] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.874] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.874] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc262a040, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.874] GetLastError () returned 0x12 [0150.874] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0150.874] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc262a749, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quarantine", cAlternateFileName="QUARAN~1")) returned 1 [0150.874] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.874] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Quarantine", cchCount2=8) returned 1 [0150.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Quarantine", cchCount2=4) returned 1 [0150.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Quarantine", cchCount2=8) returned 1 [0150.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Quarantine", cchCount2=4) returned 1 [0150.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Quarantine", cchCount2=8) returned 1 [0150.874] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Quarantine", cchCount2=4) returned 1 [0150.874] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Quarantine\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc262a749, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6a8 [0150.875] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.875] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.875] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc262a749, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.875] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.875] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.875] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc262a749, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.875] GetLastError () returned 0x12 [0150.875] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0150.875] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc26ff45d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x16ca3b2a, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Scans", cAlternateFileName="")) returned 1 [0150.875] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0150.875] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0150.875] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Scans", cchCount2=4) returned 1 [0150.875] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Scans", cchCount2=4) returned 1 [0150.875] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Scans", cchCount2=4) returned 1 [0150.875] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc26ff45d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x16ca3b2a, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0150.879] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0150.879] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.879] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc26ff45d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x16ca3b2a, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.881] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.881] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.882] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc270158c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CleanFileTelemetry", cAlternateFileName="CLEANF~1")) returned 1 [0150.882] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.882] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="CleanFileTelemetry", cchCount2=8) returned 1 [0150.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="CleanFileTelemetry", cchCount2=4) returned 1 [0150.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="CleanFileTelemetry", cchCount2=8) returned 1 [0150.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="CleanFileTelemetry", cchCount2=4) returned 1 [0150.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="CleanFileTelemetry", cchCount2=8) returned 1 [0150.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="CleanFileTelemetry", cchCount2=4) returned 1 [0150.882] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\CleanFileTelemetry\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc270158c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0150.882] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0150.882] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.882] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc270158c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.883] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0150.883] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0150.883] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc270158c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0150.883] GetLastError () returned 0x12 [0150.883] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0150.883] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2703fb5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xac58c824, ftLastWriteTime.dwHighDateTime=0x1d32720, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CleanStore", cAlternateFileName="CLEANS~1")) returned 1 [0150.883] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0150.883] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0150.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="CleanStore", cchCount2=8) returned 1 [0150.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="CleanStore", cchCount2=4) returned 1 [0150.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="CleanStore", cchCount2=8) returned 1 [0150.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="CleanStore", cchCount2=4) returned 1 [0150.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="CleanStore", cchCount2=8) returned 1 [0150.884] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="CleanStore", cchCount2=4) returned 1 [0150.884] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\CleanStore\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2703fb5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xac58c824, ftLastWriteTime.dwHighDateTime=0x1d32720, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0151.103] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0151.103] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.103] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2703fb5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xac58c824, ftLastWriteTime.dwHighDateTime=0x1d32720, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.103] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.103] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.103] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc278a841, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Entries", cAlternateFileName="")) returned 1 [0151.103] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.103] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Entries", cchCount2=4) returned 1 [0151.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Entries", cchCount2=4) returned 1 [0151.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Entries", cchCount2=4) returned 1 [0151.103] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\CleanStore\\Entries\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc278a841, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0151.104] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.104] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.104] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc278a841, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.104] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.104] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.104] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc278a841, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.105] GetLastError () returned 0x12 [0151.105] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0151.105] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc283e428, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ResourceData", cAlternateFileName="RESOUR~1")) returned 1 [0151.105] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.105] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ResourceData", cchCount2=8) returned 1 [0151.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ResourceData", cchCount2=4) returned 1 [0151.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ResourceData", cchCount2=8) returned 1 [0151.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ResourceData", cchCount2=4) returned 1 [0151.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ResourceData", cchCount2=8) returned 1 [0151.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ResourceData", cchCount2=4) returned 1 [0151.105] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\CleanStore\\ResourceData\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc283e428, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0151.107] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.107] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.107] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc283e428, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.107] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.107] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.107] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc283e428, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.107] GetLastError () returned 0x12 [0151.107] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0151.107] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc283ed5c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resources", cAlternateFileName="RESOUR~2")) returned 1 [0151.107] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.107] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Resources", cchCount2=8) returned 1 [0151.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Resources", cchCount2=4) returned 1 [0151.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Resources", cchCount2=8) returned 1 [0151.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Resources", cchCount2=4) returned 1 [0151.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Resources", cchCount2=8) returned 1 [0151.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Resources", cchCount2=4) returned 1 [0151.107] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\CleanStore\\Resources\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc283ed5c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0151.108] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.108] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.108] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc283ed5c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.108] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.108] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.108] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc283ed5c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.108] GetLastError () returned 0x12 [0151.108] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0151.108] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc283ed5c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resources", cAlternateFileName="RESOUR~2")) returned 0 [0151.108] GetLastError () returned 0x12 [0151.108] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0151.108] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1712929f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc28a95cf, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3125c62, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0151.108] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.109] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.109] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="History", cchCount2=4) returned 1 [0151.109] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="History", cchCount2=4) returned 1 [0151.109] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="History", cchCount2=4) returned 1 [0151.109] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1712929f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc28a95cf, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3125c62, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d368 [0151.167] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0151.167] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.167] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1712929f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc28a95cf, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3125c62, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.167] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.167] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.167] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1712929f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc28aa444, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1712929f, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CacheManager", cAlternateFileName="CACHEM~1")) returned 1 [0151.167] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.167] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.167] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="CacheManager", cchCount2=8) returned 1 [0151.167] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="CacheManager", cchCount2=4) returned 1 [0151.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="CacheManager", cchCount2=8) returned 1 [0151.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="CacheManager", cchCount2=4) returned 1 [0151.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="CacheManager", cchCount2=8) returned 1 [0151.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="CacheManager", cchCount2=4) returned 1 [0151.168] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\CacheManager\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1712929f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc28aa444, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1712929f, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d868 [0151.168] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.168] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.169] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1712929f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc28aa444, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1712929f, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.169] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.169] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.169] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1712929f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc28aa444, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1712929f, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.169] GetLastError () returned 0x12 [0151.169] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0151.169] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc28aac86, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2dde708, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mput", cAlternateFileName="")) returned 1 [0151.169] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.169] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.169] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Mput", cchCount2=4) returned 1 [0151.169] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Mput", cchCount2=4) returned 1 [0151.169] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Mput", cchCount2=4) returned 1 [0151.169] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc28aac86, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2dde708, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0151.170] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.170] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.170] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc28aac86, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2dde708, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.170] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.170] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.170] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc28ab6dc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3040e3a, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MputHistory", cAlternateFileName="MPUTHI~1")) returned 1 [0151.170] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.170] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.170] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MputHistory", cchCount2=8) returned 1 [0151.170] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MputHistory", cchCount2=4) returned 1 [0151.170] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MputHistory", cchCount2=8) returned 1 [0151.170] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MputHistory", cchCount2=4) returned 1 [0151.170] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MputHistory", cchCount2=8) returned 1 [0151.170] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MputHistory", cchCount2=4) returned 1 [0151.170] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\*", lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc28ab6dc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3040e3a, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0151.174] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e6a0 | out: lpLocalFileTime=0x19e6a0) returned 1 [0151.174] FileTimeToDosDateTime (in: lpFileTime=0x19e6a0, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.174] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc28ab6dc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3040e3a, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.174] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.174] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.174] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2900a03, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="00", cAlternateFileName="")) returned 1 [0151.174] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.174] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.175] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\00\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2900a03, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0151.177] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.177] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.177] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2900a03, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.178] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.178] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.178] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="192", cAlternateFileName="")) returned 1 [0151.178] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.178] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.178] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="192", cAlternateFileName="")) returned 0 [0151.178] GetLastError () returned 0x12 [0151.178] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0151.178] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc290171f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2e0495b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="01", cAlternateFileName="")) returned 1 [0151.178] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.178] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.179] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\01\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc290171f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2e0495b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0151.182] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.182] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.182] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc290171f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2e0495b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.182] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.182] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.182] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="271", cAlternateFileName="")) returned 1 [0151.182] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.182] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.185] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="271", cAlternateFileName="")) returned 0 [0151.185] GetLastError () returned 0x12 [0151.185] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0151.185] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2951aa5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa2297c25, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="02", cAlternateFileName="")) returned 1 [0151.186] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.186] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.186] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\02\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2951aa5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa2297c25, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d6a8 [0151.191] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.191] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.191] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2951aa5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa2297c25, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.191] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.191] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.192] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="109004", cAlternateFileName="")) returned 1 [0151.192] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.192] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.192] FindNextFileW (in: hFindFile=0x94d6a8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="109004", cAlternateFileName="")) returned 0 [0151.192] GetLastError () returned 0x12 [0151.192] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0151.192] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc295215e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="04", cAlternateFileName="")) returned 1 [0151.193] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.193] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.193] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\04\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc295215e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d8a8 [0151.193] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.193] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.193] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc295215e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.193] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.193] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.193] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="109005", cAlternateFileName="")) returned 1 [0151.193] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.193] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.193] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="259", cAlternateFileName="")) returned 1 [0151.193] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.194] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.194] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="259", cAlternateFileName="")) returned 0 [0151.194] GetLastError () returned 0x12 [0151.194] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0151.194] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc295291b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2e9d2d1, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="05", cAlternateFileName="")) returned 1 [0151.194] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.194] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.194] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\05\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc295291b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2e9d2d1, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0151.194] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.194] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.194] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc295291b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2e9d2d1, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.195] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.195] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.195] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="191", cAlternateFileName="")) returned 1 [0151.195] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.195] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.195] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="191", cAlternateFileName="")) returned 0 [0151.195] GetLastError () returned 0x12 [0151.195] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0151.195] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2952f6f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2ec3520, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="09", cAlternateFileName="")) returned 1 [0151.195] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.195] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.195] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\09\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2952f6f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2ec3520, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0151.195] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.195] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.195] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2952f6f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2ec3520, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.196] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.196] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.196] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="287", cAlternateFileName="")) returned 1 [0151.196] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.196] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.196] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="287", cAlternateFileName="")) returned 0 [0151.196] GetLastError () returned 0x12 [0151.196] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0151.196] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc29537a2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2ec3520, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10", cAlternateFileName="")) returned 1 [0151.196] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.196] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.196] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\10\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc29537a2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2ec3520, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0151.196] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.196] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.196] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc29537a2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2ec3520, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.197] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.197] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.197] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="267", cAlternateFileName="")) returned 1 [0151.197] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.197] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.197] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="286", cAlternateFileName="")) returned 1 [0151.197] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.197] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.197] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="286", cAlternateFileName="")) returned 0 [0151.197] GetLastError () returned 0x12 [0151.197] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0151.197] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc29540e7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa2297c25, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="11", cAlternateFileName="")) returned 1 [0151.197] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.197] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.197] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\11\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc29540e7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa2297c25, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0151.201] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.201] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.201] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc29540e7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa2297c25, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.201] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.201] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.201] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc29540e7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa2297c25, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 0 [0151.201] GetLastError () returned 0x12 [0151.201] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0151.201] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2954efa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="12", cAlternateFileName="")) returned 1 [0151.201] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.201] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.201] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\12\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2954efa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0151.204] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.204] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.204] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2954efa, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.205] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.205] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.205] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="194", cAlternateFileName="")) returned 1 [0151.205] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.205] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.205] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="194", cAlternateFileName="")) returned 0 [0151.205] GetLastError () returned 0x12 [0151.205] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0151.205] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2955681, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2f5be9a, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="15", cAlternateFileName="")) returned 1 [0151.205] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.205] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.205] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\15\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2955681, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2f5be9a, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0151.206] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.206] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.206] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2955681, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2f5be9a, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.206] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.206] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.206] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="196", cAlternateFileName="")) returned 1 [0151.206] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.206] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.206] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="262", cAlternateFileName="")) returned 1 [0151.206] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.206] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.206] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="262", cAlternateFileName="")) returned 0 [0151.206] GetLastError () returned 0x12 [0151.207] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0151.207] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2955eb4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="17", cAlternateFileName="")) returned 1 [0151.207] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.207] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.207] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\17\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2955eb4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0151.208] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.208] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.208] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2955eb4, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.209] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.209] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.209] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="109001", cAlternateFileName="")) returned 1 [0151.209] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.209] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.209] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="193", cAlternateFileName="")) returned 1 [0151.209] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.209] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.209] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="193", cAlternateFileName="")) returned 0 [0151.209] GetLastError () returned 0x12 [0151.209] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0151.210] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2956545, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2f82233, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="18", cAlternateFileName="")) returned 1 [0151.210] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.210] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.210] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\18\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2956545, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2f82233, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d8a8 [0151.210] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.210] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.210] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2956545, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb2f82233, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.210] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.210] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.210] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="109002", cAlternateFileName="")) returned 1 [0151.210] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.211] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.211] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="195", cAlternateFileName="")) returned 1 [0151.211] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.211] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.211] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="195", cAlternateFileName="")) returned 0 [0151.211] GetLastError () returned 0x12 [0151.211] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0151.211] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2956d56, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="19", cAlternateFileName="")) returned 1 [0151.211] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.211] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.211] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\19\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2956d56, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0151.212] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.212] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.212] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2956d56, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.212] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.212] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.212] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="266", cAlternateFileName="")) returned 1 [0151.212] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.212] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.212] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="272", cAlternateFileName="")) returned 1 [0151.212] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.212] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.212] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="328", cAlternateFileName="")) returned 1 [0151.213] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.213] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.213] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="328", cAlternateFileName="")) returned 0 [0151.213] GetLastError () returned 0x12 [0151.213] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0151.213] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc29575a5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="21", cAlternateFileName="")) returned 1 [0151.213] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.213] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.213] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\21\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc29575a5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0151.214] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.214] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.214] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc29575a5, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa22bde00, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.214] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.214] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.214] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="260", cAlternateFileName="")) returned 1 [0151.214] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.214] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.214] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa22bde00, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa22bde00, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="260", cAlternateFileName="")) returned 0 [0151.214] GetLastError () returned 0x12 [0151.214] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0151.214] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2957eed, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa2297c25, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="22", cAlternateFileName="")) returned 1 [0151.214] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.214] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.215] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Mput\\MputHistory\\22\\*", lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2957eed, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa2297c25, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0151.216] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3ec | out: lpLocalFileTime=0x19e3ec) returned 1 [0151.216] FileTimeToDosDateTime (in: lpFileTime=0x19e3ec, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.216] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2957eed, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa2297c25, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="..", cAlternateFileName="")) returned 1 [0151.216] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.216] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.216] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="109003", cAlternateFileName="")) returned 1 [0151.217] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.217] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.217] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="109006", cAlternateFileName="")) returned 1 [0151.217] FileTimeToLocalFileTime (in: lpFileTime=0x19e478, lpLocalFileTime=0x19e3e8 | out: lpLocalFileTime=0x19e3e8) returned 1 [0151.217] FileTimeToDosDateTime (in: lpFileTime=0x19e3e8, lpFatDate=0x19e446, lpFatTime=0x19e444 | out: lpFatDate=0x19e446, lpFatTime=0x19e444) returned 1 [0151.217] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e464 | out: lpFindFileData=0x19e464*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xa2297c25, ftLastAccessTime.dwHighDateTime=0x1d1a04f, ftLastWriteTime.dwLowDateTime=0x356bdc8f, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x88, dwReserved0=0xfffffc80, dwReserved1=0x5c0079, cFileName="109006", cAlternateFileName="")) returned 0 [0151.217] GetLastError () returned 0x12 [0151.217] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0151.217] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc2957eed, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xa2297c25, ftLastWriteTime.dwHighDateTime=0x1d1a04f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="22", cAlternateFileName="")) returned 0 [0151.217] GetLastError () returned 0x12 [0151.217] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0151.217] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa2297c25, ftCreationTime.dwHighDateTime=0x1d1a04f, ftLastAccessTime.dwLowDateTime=0xc28ab6dc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3040e3a, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MputHistory", cAlternateFileName="MPUTHI~1")) returned 0 [0151.218] GetLastError () returned 0x12 [0151.218] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0151.218] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2958c27, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RemCheck", cAlternateFileName="")) returned 1 [0151.218] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.218] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="RemCheck", cchCount2=8) returned 1 [0151.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="RemCheck", cchCount2=4) returned 1 [0151.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="RemCheck", cchCount2=8) returned 1 [0151.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="RemCheck", cchCount2=4) returned 1 [0151.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="RemCheck", cchCount2=8) returned 1 [0151.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="RemCheck", cchCount2=4) returned 1 [0151.218] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\RemCheck\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2958c27, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0151.219] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.219] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.219] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2958c27, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.219] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.219] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.219] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2958c27, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.219] GetLastError () returned 0x12 [0151.219] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0151.219] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29d8813, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fad6a80, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Results", cAlternateFileName="")) returned 1 [0151.219] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.219] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Results", cchCount2=4) returned 1 [0151.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Results", cchCount2=4) returned 1 [0151.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Results", cchCount2=4) returned 1 [0151.220] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Results\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29d8813, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fad6a80, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0151.220] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.221] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.221] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29d8813, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fad6a80, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.221] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.221] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.221] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29d8813, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fad6a80, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.221] GetLastError () returned 0x12 [0151.221] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0151.360] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1717573f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29d9954, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1717573f, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Service", cAlternateFileName="")) returned 1 [0151.360] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.360] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.360] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Service", cchCount2=4) returned 1 [0151.360] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Service", cchCount2=4) returned 1 [0151.361] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Service", cchCount2=4) returned 1 [0151.361] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Service\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1717573f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29d9954, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1717573f, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0151.739] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.739] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.739] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1717573f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29d9954, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1717573f, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.739] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.739] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.739] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1717573f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29d9954, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1717573f, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.739] GetLastError () returned 0x12 [0151.739] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0151.759] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29da6f8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fad6a80, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Store", cAlternateFileName="")) returned 1 [0151.759] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.759] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Store", cchCount2=4) returned 1 [0151.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Store", cchCount2=4) returned 1 [0151.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Store", cchCount2=4) returned 1 [0151.760] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\History\\Store\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29da6f8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fad6a80, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0151.761] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.761] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.761] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29da6f8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fad6a80, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.761] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.761] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.761] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29da6f8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fad6a80, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.761] GetLastError () returned 0x12 [0151.761] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0151.762] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29da6f8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fad6a80, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Store", cAlternateFileName="")) returned 0 [0151.762] GetLastError () returned 0x12 [0151.762] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0151.762] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29db382, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3198210, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MetaStore", cAlternateFileName="METAST~1")) returned 1 [0151.762] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.762] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MetaStore", cchCount2=8) returned 1 [0151.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MetaStore", cchCount2=4) returned 1 [0151.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MetaStore", cchCount2=8) returned 1 [0151.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MetaStore", cchCount2=4) returned 1 [0151.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="MetaStore", cchCount2=8) returned 1 [0151.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MetaStore", cchCount2=4) returned 1 [0151.762] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\MetaStore\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29db382, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3198210, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0151.763] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0151.763] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.763] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29db382, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3198210, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.763] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.764] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.764] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29dbfd0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1", cAlternateFileName="")) returned 1 [0151.764] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.764] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.764] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\MetaStore\\1\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29dbfd0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0151.764] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.764] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.764] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29dbfd0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.764] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.764] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.764] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29dbfd0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.764] GetLastError () returned 0x12 [0151.764] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0151.764] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29dc87e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3198210, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2", cAlternateFileName="")) returned 1 [0151.764] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.764] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.764] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\MetaStore\\2\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29dc87e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3198210, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0151.765] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.765] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.765] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc29dc87e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xb3198210, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.765] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.765] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.765] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4fdfe49b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a331af, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x7710f5c8, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName="94", cAlternateFileName="")) returned 1 [0151.765] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.765] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.765] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\MetaStore\\2\\94\\*", lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4fdfe49b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a331af, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x7710f5c8, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x610074, dwReserved1=0x740053, cFileName=".", cAlternateFileName="")) returned 0x94d728 [0151.766] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e6a0 | out: lpLocalFileTime=0x19e6a0) returned 1 [0151.766] FileTimeToDosDateTime (in: lpFileTime=0x19e6a0, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.766] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4fdfe49b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a331af, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x7710f5c8, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x610074, dwReserved1=0x740053, cFileName="..", cAlternateFileName="")) returned 1 [0151.766] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.766] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.766] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fdfe49b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x7710f5c8, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x7710f5c8, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x13d9, dwReserved0=0x610074, dwReserved1=0x740053, cFileName="A75BFDE52F3DD8E6.dat", cAlternateFileName="A75BFD~1.DAT")) returned 1 [0151.767] FileTimeToLocalFileTime (in: lpFileTime=0x19e72c, lpLocalFileTime=0x19e69c | out: lpLocalFileTime=0x19e69c) returned 1 [0151.767] FileTimeToDosDateTime (in: lpFileTime=0x19e69c, lpFatDate=0x19e6fa, lpFatTime=0x19e6f8 | out: lpFatDate=0x19e6fa, lpFatTime=0x19e6f8) returned 1 [0151.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="A75BFDE52F3DD8E6.dat", cchCount2=8) returned 1 [0151.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="A75BFDE52F3DD8E6.dat", cchCount2=4) returned 1 [0151.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="A75BFDE52F3DD8E6.dat", cchCount2=8) returned 1 [0151.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="A75BFDE52F3DD8E6.dat", cchCount2=4) returned 1 [0151.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="A75BFDE52F3DD8E6.dat", cchCount2=8) returned 1 [0151.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="A75BFDE52F3DD8E6.dat", cchCount2=4) returned 1 [0151.767] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19e718 | out: lpFindFileData=0x19e718*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fdfe49b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x7710f5c8, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x7710f5c8, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x13d9, dwReserved0=0x610074, dwReserved1=0x740053, cFileName="A75BFDE52F3DD8E6.dat", cAlternateFileName="A75BFD~1.DAT")) returned 0 [0151.767] GetLastError () returned 0x12 [0151.767] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0151.767] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4fdfe49b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a331af, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x7710f5c8, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName="94", cAlternateFileName="")) returned 0 [0151.767] GetLastError () returned 0x12 [0151.767] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0151.767] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a3432b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3", cAlternateFileName="")) returned 1 [0151.768] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.768] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.768] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\MetaStore\\3\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a3432b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0151.768] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.768] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.768] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a3432b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.768] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.768] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.768] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37aacd1b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a3432b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.768] GetLastError () returned 0x12 [0151.768] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0151.768] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a352ee, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4", cAlternateFileName="")) returned 1 [0151.769] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.769] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.769] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\MetaStore\\4\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a352ee, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0151.769] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.769] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.769] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a352ee, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.769] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.769] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.769] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a352ee, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffa7f, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.769] GetLastError () returned 0x12 [0151.769] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0151.769] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37ad2f56, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a352ee, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x37ad2f56, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4", cAlternateFileName="")) returned 0 [0151.769] GetLastError () returned 0x12 [0151.769] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0151.770] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fab0876, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x2fab0876, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x37aacd1b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0xa2ac97, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin", cAlternateFileName="")) returned 1 [0151.770] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.770] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.770] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3797bae0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x3797bae0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x379ee1a9, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x18ea5e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.5B", cAlternateFileName="")) returned 1 [0151.770] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.770] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.770] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37149d8d, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x37149d8d, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x3754fb0e, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x6a1ab6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.67", cAlternateFileName="")) returned 1 [0151.770] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.770] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.770] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x820, ftCreationTime.dwLowDateTime=0x37575d5f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x37575d5f, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x3771965f, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x3b14000, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.79", cAlternateFileName="")) returned 1 [0151.770] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.770] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.770] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x820, ftCreationTime.dwLowDateTime=0x3771965f, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x3771965f, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x3773f8ba, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x529000, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.7C", cAlternateFileName="")) returned 1 [0151.771] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.771] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.771] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37765b02, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x37765b02, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x37765b02, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x3cff18, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.7E", cAlternateFileName="")) returned 1 [0151.771] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.771] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.771] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x378e31c3, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x378e31c3, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x3790940e, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0xcfdc43, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.80", cAlternateFileName="")) returned 1 [0151.771] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.771] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.771] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x820, ftCreationTime.dwLowDateTime=0x3795589b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x3795589b, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x3795589b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x1d7f38, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.83", cAlternateFileName="")) returned 1 [0151.771] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.771] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.772] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3792f650, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x3792f650, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x3792f650, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x1a3a61, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.87", cAlternateFileName="")) returned 1 [0151.772] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.772] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.772] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3795589b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x3795589b, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x3795589b, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x358f2f, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.A0", cAlternateFileName="")) returned 1 [0151.772] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.772] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.772] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3797bae0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x3797bae0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x3797bae0, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x5fff9, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.CB", cAlternateFileName="")) returned 1 [0151.772] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.772] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.772] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3797bae0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x3797bae0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x3797bae0, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x441a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-3B2FA0352F7866F295FE76520C4D8AC0F30337F5.bin.CC", cAlternateFileName="")) returned 1 [0151.772] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.772] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.773] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xccf915d5, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xccf915d5, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd1ce7a3f, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0xa2ac97, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin", cAlternateFileName="MPCACH~1.BIN")) returned 1 [0151.773] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.773] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.773] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd18e1ad1, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd18e1ad1, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd1bb677b, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x18ea5e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.5B", cAlternateFileName="MPCACH~1.5B")) returned 1 [0151.773] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.773] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.773] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1206ea7, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd1206ea7, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd154e258, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x6a1ab6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.67", cAlternateFileName="MPCACH~1.67")) returned 1 [0151.773] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.773] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.773] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x820, ftCreationTime.dwLowDateTime=0xd159a713, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd159a713, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd16592ea, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x3b14000, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.79", cAlternateFileName="MPCACH~1.79")) returned 1 [0151.773] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.773] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.774] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x820, ftCreationTime.dwLowDateTime=0xd167f527, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd167f527, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd167f527, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x529000, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.7C", cAlternateFileName="MPCACH~1.7C")) returned 1 [0151.774] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.774] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.774] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd16cb9d7, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd16cb9d7, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd16cb9d7, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x3cff18, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.7E", cAlternateFileName="MPCACH~1.7E")) returned 1 [0151.774] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.774] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.774] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1822efb, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd1822efb, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd186f3c1, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0xcfdc43, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.80", cAlternateFileName="MPCACH~1.80")) returned 1 [0151.774] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.774] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.774] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x820, ftCreationTime.dwLowDateTime=0xd18bb86e, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd18bb86e, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd18bb86e, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x1d7f38, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.83", cAlternateFileName="MPCACH~1.83")) returned 1 [0151.774] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.774] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.775] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1895623, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd1895623, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd1895623, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x1a3a61, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.87", cAlternateFileName="MPCACH~1.87")) returned 1 [0151.775] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.775] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.775] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd18bb86e, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd18bb86e, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd18bb86e, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x358f2f, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.A0", cAlternateFileName="MPCACH~1.A0")) returned 1 [0151.775] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.775] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.775] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd18e1ad1, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd18e1ad1, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd18e1ad1, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x5fff9, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.CB", cAlternateFileName="MPCACH~1.CB")) returned 1 [0151.775] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.775] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.775] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd18e1ad1, ftCreationTime.dwHighDateTime=0x1d1a04e, ftLastAccessTime.dwLowDateTime=0xd18e1ad1, ftLastAccessTime.dwHighDateTime=0x1d1a04e, ftLastWriteTime.dwLowDateTime=0xd18e1ad1, ftLastWriteTime.dwHighDateTime=0x1d1a04e, nFileSizeHigh=0x0, nFileSizeLow=0x441a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpcache-CC7537BD57F4E352D7CDEA5852D447A507E0F749.bin.CC", cAlternateFileName="MPCACH~1.CC")) returned 1 [0151.775] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.775] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.776] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a35fb0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xac709f73, ftLastWriteTime.dwHighDateTime=0x1d32720, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RtSigs", cAlternateFileName="")) returned 1 [0151.776] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.776] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.776] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="RtSigs", cchCount2=4) returned 1 [0151.776] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="RtSigs", cchCount2=4) returned 1 [0151.776] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="RtSigs", cchCount2=4) returned 1 [0151.776] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\RtSigs\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a35fb0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xac709f73, ftLastWriteTime.dwHighDateTime=0x1d32720, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d868 [0151.777] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0151.777] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.777] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a35fb0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xac709f73, ftLastWriteTime.dwHighDateTime=0x1d32720, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.777] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.777] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.777] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fafccda, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a8e638, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fafccda, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0151.777] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.777] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Data", cchCount2=4) returned 1 [0151.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Data", cchCount2=4) returned 1 [0151.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Data", cchCount2=4) returned 1 [0151.777] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Scans\\RtSigs\\Data\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fafccda, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a8e638, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fafccda, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0151.778] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.778] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.779] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fafccda, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a8e638, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fafccda, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.779] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.779] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.779] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fafccda, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a8e638, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fafccda, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.779] GetLastError () returned 0x12 [0151.779] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0151.779] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fafccda, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a8e638, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x2fafccda, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 0 [0151.779] GetLastError () returned 0x12 [0151.779] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0151.779] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2fad6a80, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc2a35fb0, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xac709f73, ftLastWriteTime.dwHighDateTime=0x1d32720, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RtSigs", cAlternateFileName="")) returned 0 [0151.779] GetLastError () returned 0x12 [0151.779] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0151.780] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc0597ac7, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc0597ac7, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Support", cAlternateFileName="")) returned 1 [0151.780] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0151.780] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0151.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Support", cchCount2=4) returned 1 [0151.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Support", cchCount2=4) returned 1 [0151.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Support", cchCount2=4) returned 1 [0151.780] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender\\Support\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc0597ac7, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc0597ac7, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0151.780] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0151.780] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.780] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc0597ac7, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc0597ac7, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.780] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.780] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.780] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc0597ac7, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc0597ac7, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.781] GetLastError () returned 0x12 [0151.781] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0151.781] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc0597ac7, ftLastAccessTime.dwHighDateTime=0x1d327d0, ftLastWriteTime.dwLowDateTime=0xc0597ac7, ftLastWriteTime.dwHighDateTime=0x1d327d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Support", cAlternateFileName="")) returned 0 [0151.781] GetLastError () returned 0x12 [0151.781] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0151.781] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2a90a48, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender Advanced Threat Protection", cAlternateFileName="WIF4A9~1")) returned 1 [0151.781] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0151.781] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0151.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Defender Advanced Threat Protection", cchCount2=8) returned 1 [0151.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Defender Advanced Threat Protection", cchCount2=4) returned 1 [0151.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Defender Advanced Threat Protection", cchCount2=8) returned 1 [0151.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Defender Advanced Threat Protection", cchCount2=4) returned 1 [0151.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Defender Advanced Threat Protection", cchCount2=8) returned 1 [0151.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Defender Advanced Threat Protection", cchCount2=4) returned 1 [0151.782] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender Advanced Threat Protection\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2a90a48, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0151.783] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0151.783] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0151.783] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2a90a48, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.783] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0151.783] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0151.783] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2a9166d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0151.783] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0151.783] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0151.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Cache", cchCount2=4) returned 1 [0151.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Cache", cchCount2=4) returned 1 [0151.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Cache", cchCount2=4) returned 1 [0151.783] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender Advanced Threat Protection\\Cache\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x19effc, ftCreationTime.dwHighDateTime=0x773051f4, ftLastAccessTime.dwLowDateTime=0x24eb20c, ftLastAccessTime.dwHighDateTime=0x77304f40, ftLastWriteTime.dwLowDateTime=0x77305218, ftLastWriteTime.dwHighDateTime=0x4, nFileSizeHigh=0x4, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="缠\x91", cAlternateFileName="唬OᤸV놴Ɏ")) returned 0xffffffff [0151.784] GetLastError () returned 0x5 [0151.784] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2a91ebd, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0151.784] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0151.784] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0151.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Temp", cchCount2=4) returned 1 [0151.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Temp", cchCount2=4) returned 1 [0151.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Temp", cchCount2=4) returned 1 [0151.784] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Defender Advanced Threat Protection\\Temp\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2a91ebd, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0151.785] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0151.785] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.785] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2a91ebd, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.785] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.785] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.785] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2a91ebd, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.785] GetLastError () returned 0x12 [0151.785] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0151.785] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe6d9d2c8, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2a91ebd, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xe6d9d2c8, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0 [0151.786] GetLastError () returned 0x12 [0151.786] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0151.786] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2a928fc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a996721, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~2")) returned 1 [0151.786] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0151.786] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0151.786] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Live", cchCount2=8) returned 1 [0151.786] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Live", cchCount2=4) returned 1 [0151.786] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Live", cchCount2=8) returned 1 [0151.786] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Live", cchCount2=4) returned 1 [0151.786] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Live", cchCount2=8) returned 1 [0151.786] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Live", cchCount2=4) returned 1 [0151.786] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Live\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2a928fc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a996721, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0151.788] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0151.788] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0151.788] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2a928fc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a996721, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.788] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0151.788] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0151.788] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a996721, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc5f69dfa, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0xc5f69dfa, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1231, dwReserved0=0x0, dwReserved1=0x0, cFileName="WLive48x48.png", cAlternateFileName="WLIVE4~1.PNG")) returned 1 [0151.788] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0151.788] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0151.788] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="WLive48x48.png", cchCount2=8) returned 1 [0151.788] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WLive48x48.png", cchCount2=4) returned 1 [0151.788] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="WLive48x48.png", cchCount2=8) returned 1 [0151.788] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WLive48x48.png", cchCount2=4) returned 1 [0151.788] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="WLive48x48.png", cchCount2=8) returned 1 [0151.788] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WLive48x48.png", cchCount2=4) returned 1 [0151.788] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a996721, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc5f69dfa, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0xc5f69dfa, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x1231, dwReserved0=0x0, dwReserved1=0x0, cFileName="WLive48x48.png", cAlternateFileName="WLIVE4~1.PNG")) returned 0 [0151.789] GetLastError () returned 0x12 [0151.789] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0151.789] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2a93496, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WINDOW~3")) returned 1 [0151.789] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0151.789] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0151.789] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows NT", cchCount2=8) returned 1 [0151.789] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows NT", cchCount2=4) returned 1 [0151.789] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows NT", cchCount2=8) returned 1 [0151.789] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows NT", cchCount2=4) returned 1 [0151.789] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows NT", cchCount2=8) returned 1 [0151.789] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows NT", cchCount2=4) returned 1 [0151.789] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2a93496, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0151.790] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0151.790] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0151.790] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2a93496, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.790] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0151.790] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0151.790] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb2396478, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb2396478, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSFax", cAlternateFileName="")) returned 1 [0151.790] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0151.790] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0151.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MSFax", cchCount2=4) returned 1 [0151.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MSFax", cchCount2=4) returned 1 [0151.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MSFax", cchCount2=4) returned 1 [0151.790] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb2396478, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb2396478, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0151.804] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0151.804] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.805] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb2396478, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xb2396478, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.805] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.805] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.805] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b08c11, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActivityLog", cAlternateFileName="ACTIVI~1")) returned 1 [0151.805] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.805] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.805] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivityLog", cchCount2=8) returned 1 [0151.805] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivityLog", cchCount2=4) returned 1 [0151.805] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivityLog", cchCount2=8) returned 1 [0151.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivityLog", cchCount2=4) returned 1 [0151.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="ActivityLog", cchCount2=8) returned 1 [0151.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="ActivityLog", cchCount2=4) returned 1 [0151.806] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\ActivityLog\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b08c11, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0151.807] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0151.807] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.807] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b08c11, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.807] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.807] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.807] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b08c11, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0151.807] GetLastError () returned 0x12 [0151.807] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0151.807] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0960f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xbd313219, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Coverpages", cAlternateFileName="COMMON~1")) returned 1 [0151.807] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0151.807] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0151.807] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Common Coverpages", cchCount2=8) returned 1 [0151.807] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Common Coverpages", cchCount2=4) returned 1 [0151.807] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Common Coverpages", cchCount2=8) returned 1 [0151.807] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Common Coverpages", cchCount2=4) returned 1 [0151.807] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Common Coverpages", cchCount2=8) returned 1 [0151.808] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Common Coverpages", cchCount2=4) returned 1 [0151.808] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0960f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xbd313219, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0151.839] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0151.839] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.839] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0960f, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xbd313219, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.839] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.839] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.839] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd313219, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xc2b0a072, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xbd313219, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0151.839] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0151.839] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0151.839] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0151.840] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0151.840] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0151.840] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Common Coverpages\\en-US\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd313219, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xc2b0a072, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xbd313219, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0151.840] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0151.840] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.840] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd313219, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xc2b0a072, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xbd313219, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.840] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.840] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.840] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3af4c607, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7d5f3279, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x43ba1000, ftLastWriteTime.dwHighDateTime=0x1d283cc, nFileSizeHigh=0x0, nFileSizeLow=0x28aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="confident.cov", cAlternateFileName="")) returned 1 [0151.840] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.841] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.864] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3af4c607, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7d5f3279, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x43ba1000, ftLastWriteTime.dwHighDateTime=0x1d283cc, nFileSizeHigh=0x0, nFileSizeLow=0x2a09, dwReserved0=0x0, dwReserved1=0x0, cFileName="fyi.cov", cAlternateFileName="")) returned 1 [0151.864] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.864] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.865] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3af4c607, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7d5f3279, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x43ba1000, ftLastWriteTime.dwHighDateTime=0x1d283cc, nFileSizeHigh=0x0, nFileSizeLow=0x3aa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="generic.cov", cAlternateFileName="")) returned 1 [0151.865] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.865] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.865] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3af4c607, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7d5f3279, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x43ba1000, ftLastWriteTime.dwHighDateTime=0x1d283cc, nFileSizeHigh=0x0, nFileSizeLow=0x2886, dwReserved0=0x0, dwReserved1=0x0, cFileName="urgent.cov", cAlternateFileName="")) returned 1 [0151.865] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0151.865] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0151.865] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3af4c607, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7d5f3279, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x43ba1000, ftLastWriteTime.dwHighDateTime=0x1d283cc, nFileSizeHigh=0x0, nFileSizeLow=0x2886, dwReserved0=0x0, dwReserved1=0x0, cFileName="urgent.cov", cAlternateFileName="")) returned 0 [0151.865] GetLastError () returned 0x12 [0151.865] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0152.185] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd313219, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xc2b0a072, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xbd313219, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0152.185] GetLastError () returned 0x12 [0152.185] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.185] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0ac24, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Inbox", cAlternateFileName="")) returned 1 [0152.185] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.185] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Inbox", cchCount2=4) returned 1 [0152.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Inbox", cchCount2=4) returned 1 [0152.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Inbox", cchCount2=4) returned 1 [0152.185] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Inbox\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0ac24, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0152.214] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.214] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.214] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0ac24, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.214] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.214] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.214] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0ac24, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0152.214] GetLastError () returned 0x12 [0152.214] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.214] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0b3ba, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Queue", cAlternateFileName="")) returned 1 [0152.215] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.215] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Queue", cchCount2=4) returned 1 [0152.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Queue", cchCount2=4) returned 1 [0152.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Queue", cchCount2=4) returned 1 [0152.215] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0b3ba, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0152.216] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.216] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.216] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0b3ba, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.216] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.216] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.216] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0b3ba, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0152.217] GetLastError () returned 0x12 [0152.217] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0152.217] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0bae7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Queue_Migrated", cAlternateFileName="")) returned 1 [0152.217] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.217] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Queue_Migrated", cchCount2=8) returned 1 [0152.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Queue_Migrated", cchCount2=4) returned 1 [0152.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Queue_Migrated", cchCount2=8) returned 1 [0152.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Queue_Migrated", cchCount2=4) returned 1 [0152.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Queue_Migrated", cchCount2=8) returned 1 [0152.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Queue_Migrated", cchCount2=4) returned 1 [0152.217] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\Queue_Migrated\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0bae7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0152.219] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.219] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.219] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0bae7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.219] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.219] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.219] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0bae7, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0152.219] GetLastError () returned 0x12 [0152.219] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.219] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0c408, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SentItems", cAlternateFileName="SENTIT~1")) returned 1 [0152.220] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.220] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SentItems", cchCount2=8) returned 1 [0152.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SentItems", cchCount2=4) returned 1 [0152.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SentItems", cchCount2=8) returned 1 [0152.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SentItems", cchCount2=4) returned 1 [0152.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="SentItems", cchCount2=8) returned 1 [0152.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="SentItems", cchCount2=4) returned 1 [0152.220] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\SentItems\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0c408, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0152.220] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.220] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.221] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0c408, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.221] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.221] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.221] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc2b0c408, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0152.221] GetLastError () returned 0x12 [0152.221] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.221] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0ccc3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 1 [0152.221] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.221] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="VirtualInbox", cchCount2=8) returned 1 [0152.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="VirtualInbox", cchCount2=4) returned 1 [0152.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="VirtualInbox", cchCount2=8) returned 1 [0152.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="VirtualInbox", cchCount2=4) returned 1 [0152.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="VirtualInbox", cchCount2=8) returned 1 [0152.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="VirtualInbox", cchCount2=4) returned 1 [0152.221] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0ccc3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0152.222] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.222] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.222] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0ccc3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.222] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.222] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.222] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b2a1d79, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2b0d815, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0152.222] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.222] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0152.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0152.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="en-US", cchCount2=4) returned 1 [0152.222] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSFax\\VirtualInbox\\en-US\\*", lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b2a1d79, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2b0d815, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0152.223] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e954 | out: lpLocalFileTime=0x19e954) returned 1 [0152.223] FileTimeToDosDateTime (in: lpFileTime=0x19e954, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0152.223] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b2a1d79, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2b0d815, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.223] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0152.223] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0152.223] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3af00150, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7d5f3279, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x43ba1000, ftLastWriteTime.dwHighDateTime=0x1d283cc, nFileSizeHigh=0x0, nFileSizeLow=0x15dbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="WelcomeFax.tif", cAlternateFileName="")) returned 1 [0152.223] FileTimeToLocalFileTime (in: lpFileTime=0x19e9e0, lpLocalFileTime=0x19e950 | out: lpLocalFileTime=0x19e950) returned 1 [0152.223] FileTimeToDosDateTime (in: lpFileTime=0x19e950, lpFatDate=0x19e9ae, lpFatTime=0x19e9ac | out: lpFatDate=0x19e9ae, lpFatTime=0x19e9ac) returned 1 [0152.223] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19e9cc | out: lpFindFileData=0x19e9cc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3af00150, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0x7d5f3279, ftLastAccessTime.dwHighDateTime=0x1d2a058, ftLastWriteTime.dwLowDateTime=0x43ba1000, ftLastWriteTime.dwHighDateTime=0x1d283cc, nFileSizeHigh=0x0, nFileSizeLow=0x15dbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="WelcomeFax.tif", cAlternateFileName="")) returned 0 [0152.223] GetLastError () returned 0x12 [0152.224] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0152.224] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8b2a1d79, ftCreationTime.dwHighDateTime=0x1d2a058, ftLastAccessTime.dwLowDateTime=0xc2b0d815, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0152.224] GetLastError () returned 0x12 [0152.224] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0152.224] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0ccc3, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x8b2a1d79, ftLastWriteTime.dwHighDateTime=0x1d2a058, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualInbox", cAlternateFileName="VIRTUA~1")) returned 0 [0152.224] GetLastError () returned 0x12 [0152.224] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.225] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0e356, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a996721, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSScan", cAlternateFileName="")) returned 1 [0152.225] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.225] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.225] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MSScan", cchCount2=4) returned 1 [0152.225] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MSScan", cchCount2=4) returned 1 [0152.225] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="MSScan", cchCount2=4) returned 1 [0152.225] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0e356, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a996721, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0152.225] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.225] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.225] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0e356, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a996721, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.225] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.226] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.226] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d027e99, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x9d027e99, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x9d04e0f0, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x7e148, dwReserved0=0x0, dwReserved1=0x0, cFileName="WelcomeScan.jpg", cAlternateFileName="")) returned 1 [0152.226] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.226] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="WelcomeScan.jpg", cchCount2=8) returned 1 [0152.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WelcomeScan.jpg", cchCount2=4) returned 1 [0152.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="WelcomeScan.jpg", cchCount2=8) returned 1 [0152.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WelcomeScan.jpg", cchCount2=4) returned 1 [0152.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="WelcomeScan.jpg", cchCount2=8) returned 1 [0152.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WelcomeScan.jpg", cchCount2=4) returned 1 [0152.226] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d027e99, ftCreationTime.dwHighDateTime=0x1d2a02a, ftLastAccessTime.dwLowDateTime=0x9d027e99, ftLastAccessTime.dwHighDateTime=0x1d2a02a, ftLastWriteTime.dwLowDateTime=0x9d04e0f0, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x7e148, dwReserved0=0x0, dwReserved1=0x0, cFileName="WelcomeScan.jpg", cAlternateFileName="")) returned 0 [0152.226] GetLastError () returned 0x12 [0152.226] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0152.226] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0e356, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x1a996721, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSScan", cAlternateFileName="")) returned 0 [0152.226] GetLastError () returned 0x12 [0152.226] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.227] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0ef6b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Security Health", cAlternateFileName="WINDOW~4")) returned 1 [0152.227] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.227] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.227] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Security Health", cchCount2=8) returned 1 [0152.227] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Security Health", cchCount2=4) returned 1 [0152.227] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Security Health", cchCount2=8) returned 1 [0152.227] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Security Health", cchCount2=4) returned 1 [0152.227] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Windows Security Health", cchCount2=8) returned 1 [0152.227] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Windows Security Health", cchCount2=4) returned 1 [0152.227] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Security Health\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0ef6b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d728 [0152.228] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.228] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.228] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0ef6b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.228] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.228] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.228] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0fb9d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Health Advisor", cAlternateFileName="HEALTH~1")) returned 1 [0152.228] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.228] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Health Advisor", cchCount2=8) returned 1 [0152.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Health Advisor", cchCount2=4) returned 1 [0152.229] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Health Advisor", cchCount2=8) returned 1 [0152.229] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Health Advisor", cchCount2=4) returned 1 [0152.229] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Health Advisor", cchCount2=8) returned 1 [0152.229] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Health Advisor", cchCount2=4) returned 1 [0152.229] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Security Health\\Health Advisor\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0fb9d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0152.229] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.229] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.229] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0fb9d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.229] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.229] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.230] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2b0fb9d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0152.230] GetLastError () returned 0x12 [0152.230] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0152.230] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb47d9b3e, ftLastAccessTime.dwHighDateTime=0x1d5f12a, ftLastWriteTime.dwLowDateTime=0xb47d9b3e, ftLastWriteTime.dwHighDateTime=0x1d5f12a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Logs", cAlternateFileName="")) returned 1 [0152.230] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.230] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Logs", cchCount2=4) returned 1 [0152.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Logs", cchCount2=4) returned 1 [0152.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Logs", cchCount2=4) returned 1 [0152.230] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows Security Health\\Logs\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb47d9b3e, ftLastAccessTime.dwHighDateTime=0x1d5f12a, ftLastWriteTime.dwLowDateTime=0xb47d9b3e, ftLastWriteTime.dwHighDateTime=0x1d5f12a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0152.252] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.252] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.252] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb47d9b3e, ftLastAccessTime.dwHighDateTime=0x1d5f12a, ftLastWriteTime.dwLowDateTime=0xb47d9b3e, ftLastWriteTime.dwHighDateTime=0x1d5f12a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.254] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.254] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.254] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7bbd978f, ftCreationTime.dwHighDateTime=0x1d38c3f, ftLastAccessTime.dwLowDateTime=0x7bbd978f, ftLastAccessTime.dwHighDateTime=0x1d38c3f, ftLastWriteTime.dwLowDateTime=0x8d13fad9, ftLastWriteTime.dwHighDateTime=0x1d38c3f, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-01132018-082401-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-01~1.BIN")) returned 1 [0152.254] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.254] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.254] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29ac15be, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0x29ac15be, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0x25d26abc, ftLastWriteTime.dwHighDateTime=0x1d38c44, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-01132018-085021-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-01~2.BIN")) returned 1 [0152.254] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.254] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.254] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb863810c, ftCreationTime.dwHighDateTime=0x1d4ae7b, ftLastAccessTime.dwLowDateTime=0xb863810c, ftLastAccessTime.dwHighDateTime=0x1d4ae7b, ftLastWriteTime.dwLowDateTime=0x5a744dc7, ftLastWriteTime.dwHighDateTime=0x1d4ae7c, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-01172019-164549-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-01~3.BIN")) returned 1 [0152.255] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.255] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.255] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x910999b0, ftCreationTime.dwHighDateTime=0x1d5d805, ftLastAccessTime.dwLowDateTime=0x910999b0, ftLastAccessTime.dwHighDateTime=0x1d5d805, ftLastWriteTime.dwLowDateTime=0x583b1b7e, ftLastWriteTime.dwHighDateTime=0x1d5d806, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-01312020-081049-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-01~4.BIN")) returned 1 [0152.255] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.255] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.288] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8dd1d361, ftCreationTime.dwHighDateTime=0x1d5d806, ftLastAccessTime.dwLowDateTime=0x8dd1d361, ftLastAccessTime.dwHighDateTime=0x1d5d806, ftLastWriteTime.dwLowDateTime=0xd355e53a, ftLastWriteTime.dwHighDateTime=0x1d5d806, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-01312020-081753-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHFEAC~1.BIN")) returned 1 [0152.288] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.288] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.289] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x656a5b08, ftCreationTime.dwHighDateTime=0x1d5d80b, ftLastAccessTime.dwLowDateTime=0x656a5b08, ftLastAccessTime.dwHighDateTime=0x1d5d80b, ftLastWriteTime.dwLowDateTime=0x909cf223, ftLastWriteTime.dwHighDateTime=0x1d5d80d, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-01312020-085233-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SH1574~1.BIN")) returned 1 [0152.289] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.289] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.289] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f6ab118, ftCreationTime.dwHighDateTime=0x1d5d80e, ftLastAccessTime.dwLowDateTime=0x4f6ab118, ftLastAccessTime.dwHighDateTime=0x1d5d80e, ftLastWriteTime.dwLowDateTime=0x57764536, ftLastWriteTime.dwHighDateTime=0x1d5d80f, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-01312020-091325-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHFCC9~1.BIN")) returned 1 [0152.289] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.289] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.289] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa767a579, ftCreationTime.dwHighDateTime=0x1d5d80f, ftLastAccessTime.dwLowDateTime=0xa767a579, ftLastAccessTime.dwHighDateTime=0x1d5d80f, ftLastWriteTime.dwLowDateTime=0x53135016, ftLastWriteTime.dwHighDateTime=0x1d5d811, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-01312020-092302-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SH33AC~1.BIN")) returned 1 [0152.289] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.289] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.289] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29cb790a, ftCreationTime.dwHighDateTime=0x1d5d815, ftLastAccessTime.dwLowDateTime=0x29cb790a, ftLastAccessTime.dwHighDateTime=0x1d5d815, ftLastWriteTime.dwLowDateTime=0xd36fe848, ftLastWriteTime.dwHighDateTime=0x1d5d815, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-01312020-100228-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHEC6E~1.BIN")) returned 1 [0152.289] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.289] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.290] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf94c6396, ftCreationTime.dwHighDateTime=0x1d39f5a, ftLastAccessTime.dwLowDateTime=0xf94c6396, ftLastAccessTime.dwHighDateTime=0x1d39f5a, ftLastWriteTime.dwLowDateTime=0x54c48137, ftLastWriteTime.dwHighDateTime=0x1d39f5b, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-02062018-155840-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-02~1.BIN")) returned 1 [0152.290] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.290] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.290] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb28f34a3, ftCreationTime.dwHighDateTime=0x1d39f5c, ftLastAccessTime.dwLowDateTime=0xb28f34a3, ftLastAccessTime.dwHighDateTime=0x1d39f5c, ftLastWriteTime.dwLowDateTime=0xdd1442c1, ftLastWriteTime.dwHighDateTime=0x1d39f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-02062018-161100-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-02~2.BIN")) returned 1 [0152.290] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.290] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.290] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xee7ecabd, ftCreationTime.dwHighDateTime=0x1d39f5e, ftLastAccessTime.dwLowDateTime=0xee7ecabd, ftLastAccessTime.dwHighDateTime=0x1d39f5e, ftLastWriteTime.dwLowDateTime=0x5e457d19, ftLastWriteTime.dwHighDateTime=0x1d39f5f, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-02062018-162700-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-02~3.BIN")) returned 1 [0152.290] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.290] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.290] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f3c86b, ftCreationTime.dwHighDateTime=0x1d5e7c1, ftLastAccessTime.dwLowDateTime=0x9f3c86b, ftLastAccessTime.dwHighDateTime=0x1d5e7c1, ftLastWriteTime.dwLowDateTime=0x69eb9cea, ftLastWriteTime.dwHighDateTime=0x1d5e7c1, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-02202020-084035-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SH9BCA~1.BIN")) returned 1 [0152.290] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.290] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.291] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x67bdaf2c, ftCreationTime.dwHighDateTime=0x1d5e7c2, ftLastAccessTime.dwLowDateTime=0x67bdaf2c, ftLastAccessTime.dwHighDateTime=0x1d5e7c2, ftLastWriteTime.dwLowDateTime=0xd57afacc, ftLastWriteTime.dwHighDateTime=0x1d5e7c2, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-02202020-085022-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SH856E~1.BIN")) returned 1 [0152.291] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.291] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.291] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7a075c31, ftCreationTime.dwHighDateTime=0x1d3aafb, ftLastAccessTime.dwLowDateTime=0x7a075c31, ftLastAccessTime.dwHighDateTime=0x1d3aafb, ftLastWriteTime.dwLowDateTime=0x32313161, ftLastWriteTime.dwHighDateTime=0x1d3aafc, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-02212018-110518-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-02~4.BIN")) returned 1 [0152.291] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.291] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.291] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3d869209, ftCreationTime.dwHighDateTime=0x1d5e877, ftLastAccessTime.dwLowDateTime=0x3d869209, ftLastAccessTime.dwHighDateTime=0x1d5e877, ftLastWriteTime.dwLowDateTime=0x6d72d3cf, ftLastWriteTime.dwHighDateTime=0x1d5e877, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-02212020-062450-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SH6034~1.BIN")) returned 1 [0152.291] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.291] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.291] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xb47d9b3e, ftCreationTime.dwHighDateTime=0x1d5f12a, ftLastAccessTime.dwLowDateTime=0xb47d9b3e, ftLastAccessTime.dwHighDateTime=0x1d5f12a, ftLastWriteTime.dwLowDateTime=0xb47d9b3e, ftLastWriteTime.dwHighDateTime=0x1d5f12a, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-03032020-080939-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-03~3.BIN")) returned 1 [0152.292] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.292] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.292] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19a4d06c, ftCreationTime.dwHighDateTime=0x1d4d5d0, ftLastAccessTime.dwLowDateTime=0x19a4d06c, ftLastAccessTime.dwHighDateTime=0x1d4d5d0, ftLastWriteTime.dwLowDateTime=0x37122ed1, ftLastWriteTime.dwHighDateTime=0x1d4d5d0, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-03082019-175806-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-03~1.BIN")) returned 1 [0152.293] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.293] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.293] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xcadfed41, ftCreationTime.dwHighDateTime=0x1d4d5d2, ftLastAccessTime.dwLowDateTime=0xcadfed41, ftLastAccessTime.dwHighDateTime=0x1d4d5d2, ftLastWriteTime.dwLowDateTime=0xac415a8e, ftLastWriteTime.dwHighDateTime=0x1d4d5d3, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-03082019-181722-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-03~2.BIN")) returned 1 [0152.293] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.293] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.294] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6e95e484, ftCreationTime.dwHighDateTime=0x1d41dc3, ftLastAccessTime.dwLowDateTime=0x6e95e484, ftLastAccessTime.dwHighDateTime=0x1d41dc3, ftLastWriteTime.dwLowDateTime=0x6da4c73e, ftLastWriteTime.dwHighDateTime=0x1d41dc4, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-07172018-134351-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-07~2.BIN")) returned 1 [0152.294] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.294] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.294] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc3f8b81, ftCreationTime.dwHighDateTime=0x1d41dc5, ftLastAccessTime.dwLowDateTime=0xc3f8b81, ftLastAccessTime.dwHighDateTime=0x1d41dc5, ftLastWriteTime.dwLowDateTime=0x23c2da14, ftLastWriteTime.dwHighDateTime=0x1d41dc5, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-07172018-135525-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-07~1.BIN")) returned 1 [0152.294] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.294] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.294] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88c78932, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x88c78932, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x7b55a971, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-09062017-205414-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-09~1.BIN")) returned 1 [0152.294] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.294] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.294] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9095a9c2, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x9095a9c2, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x5a28d98a, ftLastWriteTime.dwHighDateTime=0x1d327b4, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-09062017-210137-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-09~2.BIN")) returned 1 [0152.294] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.295] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.295] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64211155, ftCreationTime.dwHighDateTime=0x1d327b4, ftLastAccessTime.dwLowDateTime=0x64211155, ftLastAccessTime.dwHighDateTime=0x1d327b4, ftLastWriteTime.dwLowDateTime=0xfd42c56a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-09072017-103625-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-09~3.BIN")) returned 1 [0152.295] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.295] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.295] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x65faa03, ftCreationTime.dwHighDateTime=0x1d327be, ftLastAccessTime.dwLowDateTime=0x65faa03, ftLastAccessTime.dwHighDateTime=0x1d327be, ftLastWriteTime.dwLowDateTime=0x8f6c25b7, ftLastWriteTime.dwHighDateTime=0x1d327cb, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-09072017-114522-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-09~4.BIN")) returned 1 [0152.295] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.295] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.295] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x98d63d64, ftCreationTime.dwHighDateTime=0x1d327cb, ftLastAccessTime.dwLowDateTime=0x98d63d64, ftLastAccessTime.dwHighDateTime=0x1d327cb, ftLastWriteTime.dwLowDateTime=0xffed8d7a, ftLastWriteTime.dwHighDateTime=0x1d327ec, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-09072017-132231-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SH3B08~1.BIN")) returned 1 [0152.295] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.295] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.296] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xd5f7bb1, ftCreationTime.dwHighDateTime=0x1d327ed, ftLastAccessTime.dwLowDateTime=0xd5f7bb1, ftLastAccessTime.dwHighDateTime=0x1d327ed, ftLastWriteTime.dwLowDateTime=0xd5f7bb1, ftLastWriteTime.dwHighDateTime=0x1d327ed, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-09072017-172200-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SH7EFA~1.BIN")) returned 1 [0152.296] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.296] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.296] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8361892b, ftCreationTime.dwHighDateTime=0x1d336c5, ftLastAccessTime.dwLowDateTime=0x8361892b, ftLastAccessTime.dwHighDateTime=0x1d336c5, ftLastWriteTime.dwLowDateTime=0x1e89ead9, ftLastWriteTime.dwHighDateTime=0x1d336e0, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-09262017-144646-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHFD17~1.BIN")) returned 1 [0152.296] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.296] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.296] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x291e9ee7, ftCreationTime.dwHighDateTime=0x1d336e0, ftLastAccessTime.dwLowDateTime=0x291e9ee7, ftLastAccessTime.dwHighDateTime=0x1d336e0, ftLastWriteTime.dwLowDateTime=0xbc53e837, ftLastWriteTime.dwHighDateTime=0x1d33839, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-09262017-175731-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SH8EDE~1.BIN")) returned 1 [0152.296] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.296] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.296] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa53a1f04, ftCreationTime.dwHighDateTime=0x1d461f2, ftLastAccessTime.dwLowDateTime=0xa53a1f04, ftLastAccessTime.dwHighDateTime=0x1d461f2, ftLastWriteTime.dwLowDateTime=0xc1465998, ftLastWriteTime.dwHighDateTime=0x1d461f2, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-10122018-081308-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-10~2.BIN")) returned 1 [0152.296] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.296] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.297] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x24b95208, ftCreationTime.dwHighDateTime=0x1d461fa, ftLastAccessTime.dwLowDateTime=0x24b95208, ftLastAccessTime.dwHighDateTime=0x1d461fa, ftLastWriteTime.dwLowDateTime=0x41cd2745, ftLastWriteTime.dwHighDateTime=0x1d461fa, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-10122018-090648-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-10~3.BIN")) returned 1 [0152.297] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.297] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.297] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb8d5846d, ftCreationTime.dwHighDateTime=0x1d34734, ftLastAccessTime.dwLowDateTime=0xb8d5846d, ftLastAccessTime.dwHighDateTime=0x1d34734, ftLastWriteTime.dwLowDateTime=0xcd7cd567, ftLastWriteTime.dwHighDateTime=0x1d34734, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-10172017-124308-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-10~1.BIN")) returned 1 [0152.297] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.297] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.297] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e427524, ftCreationTime.dwHighDateTime=0x1d47c27, ftLastAccessTime.dwLowDateTime=0x4e427524, ftLastAccessTime.dwHighDateTime=0x1d47c27, ftLastWriteTime.dwLowDateTime=0x76bc81c5, ftLastWriteTime.dwHighDateTime=0x1d47c27, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-11142018-153535-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-11~3.BIN")) returned 1 [0152.297] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.297] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.297] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x41355b6d, ftCreationTime.dwHighDateTime=0x1d47c31, ftLastAccessTime.dwLowDateTime=0x41355b6d, ftLastAccessTime.dwHighDateTime=0x1d47c31, ftLastWriteTime.dwLowDateTime=0x7313b7f3, ftLastWriteTime.dwHighDateTime=0x1d47c33, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-11142018-164648-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-11~4.BIN")) returned 1 [0152.298] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.298] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.298] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc44ebf9e, ftCreationTime.dwHighDateTime=0x1d47c33, ftLastAccessTime.dwLowDateTime=0xc44ebf9e, ftLastAccessTime.dwHighDateTime=0x1d47c33, ftLastWriteTime.dwLowDateTime=0xf7186f57, ftLastWriteTime.dwHighDateTime=0x1d47c36, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-11142018-170447-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHFCB7~1.BIN")) returned 1 [0152.298] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.298] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.298] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x444f8b5f, ftCreationTime.dwHighDateTime=0x1d35e02, ftLastAccessTime.dwLowDateTime=0x444f8b5f, ftLastAccessTime.dwHighDateTime=0x1d35e02, ftLastWriteTime.dwLowDateTime=0x57b398d2, ftLastWriteTime.dwHighDateTime=0x1d35e03, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-11152017-120955-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-11~1.BIN")) returned 1 [0152.298] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.298] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.298] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x69870cf2, ftCreationTime.dwHighDateTime=0x1d35e03, ftLastAccessTime.dwLowDateTime=0x69870cf2, ftLastAccessTime.dwHighDateTime=0x1d35e03, ftLastWriteTime.dwLowDateTime=0x13731c69, ftLastWriteTime.dwHighDateTime=0x1d35e04, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-11152017-121807-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-11~2.BIN")) returned 1 [0152.298] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.299] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.299] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x69870cf2, ftCreationTime.dwHighDateTime=0x1d35e03, ftLastAccessTime.dwLowDateTime=0x69870cf2, ftLastAccessTime.dwHighDateTime=0x1d35e03, ftLastWriteTime.dwLowDateTime=0x13731c69, ftLastWriteTime.dwHighDateTime=0x1d35e04, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="SHS-11152017-121807-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin", cAlternateFileName="SHS-11~2.BIN")) returned 0 [0152.299] GetLastError () returned 0x12 [0152.299] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.300] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xb47d9b3e, ftLastAccessTime.dwHighDateTime=0x1d5f12a, ftLastWriteTime.dwLowDateTime=0xb47d9b3e, ftLastWriteTime.dwHighDateTime=0x1d5f12a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Logs", cAlternateFileName="")) returned 0 [0152.300] GetLastError () returned 0x12 [0152.300] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0152.300] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cbef9a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinMSIPC", cAlternateFileName="")) returned 1 [0152.300] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.300] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.300] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="WinMSIPC", cchCount2=8) returned 1 [0152.300] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WinMSIPC", cchCount2=4) returned 1 [0152.300] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="WinMSIPC", cchCount2=8) returned 1 [0152.300] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WinMSIPC", cchCount2=4) returned 1 [0152.300] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="WinMSIPC", cchCount2=8) returned 1 [0152.301] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WinMSIPC", cchCount2=4) returned 1 [0152.301] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\WinMSIPC\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cbef9a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0152.306] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.306] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.306] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cbef9a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.306] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.306] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.306] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cbfa22, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Server", cAlternateFileName="")) returned 1 [0152.306] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.306] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.306] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Server", cchCount2=4) returned 1 [0152.306] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Server", cchCount2=4) returned 1 [0152.306] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Server", cchCount2=4) returned 1 [0152.306] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\WinMSIPC\\Server\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cbfa22, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d668 [0152.307] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.307] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.307] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cbfa22, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.307] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.307] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.307] FindNextFileW (in: hFindFile=0x94d668, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cbfa22, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0152.307] GetLastError () returned 0x12 [0152.307] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0152.307] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cbfa22, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Server", cAlternateFileName="")) returned 0 [0152.308] GetLastError () returned 0x12 [0152.308] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0152.308] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc002d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 1 [0152.308] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.308] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WwanSvc", cchCount2=4) returned 1 [0152.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WwanSvc", cchCount2=4) returned 1 [0152.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="WwanSvc", cchCount2=4) returned 1 [0152.308] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\WwanSvc\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc002d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0152.308] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.309] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.309] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc002d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.309] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.309] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.309] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc0928, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DMProfiles", cAlternateFileName="DMPROF~1")) returned 1 [0152.309] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.309] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.309] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DMProfiles", cchCount2=8) returned 1 [0152.309] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DMProfiles", cchCount2=4) returned 1 [0152.309] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DMProfiles", cchCount2=8) returned 1 [0152.309] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DMProfiles", cchCount2=4) returned 1 [0152.309] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="DMProfiles", cchCount2=8) returned 1 [0152.309] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="DMProfiles", cchCount2=4) returned 1 [0152.309] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\WwanSvc\\DMProfiles\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc0928, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0152.310] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.310] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.310] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc0928, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.310] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.310] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.310] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc0928, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0152.310] GetLastError () returned 0x12 [0152.310] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0152.310] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc1154, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0152.310] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.310] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.311] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Profiles", cchCount2=8) returned 1 [0152.311] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Profiles", cchCount2=4) returned 1 [0152.311] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Profiles", cchCount2=8) returned 1 [0152.311] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Profiles", cchCount2=4) returned 1 [0152.311] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Profiles", cchCount2=8) returned 1 [0152.311] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Profiles", cchCount2=4) returned 1 [0152.311] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\WwanSvc\\Profiles\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc1154, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0152.311] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.312] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.312] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc1154, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.312] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.312] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.312] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc1154, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0152.312] GetLastError () returned 0x12 [0152.312] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.312] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc1154, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 0 [0152.312] GetLastError () returned 0x12 [0152.312] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.312] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x17d079d0, ftCreationTime.dwHighDateTime=0x1d2a02b, ftLastAccessTime.dwLowDateTime=0xc2cc002d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x17d079d0, ftLastWriteTime.dwHighDateTime=0x1d2a02b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WwanSvc", cAlternateFileName="")) returned 0 [0152.313] GetLastError () returned 0x12 [0152.313] FindClose (in: hFindFile=0x94d3a8 | out: hFindFile=0x94d3a8) returned 1 [0152.313] FindNextFileW (in: hFindFile=0x94d1a8, lpFindFileData=0x19f750 | out: lpFindFileData=0x19f750*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ecd6462, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x3ecd6462, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x3ecd6462, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft OneDrive", cAlternateFileName="MICROS~2")) returned 1 [0152.313] FileTimeToLocalFileTime (in: lpFileTime=0x19f764, lpLocalFileTime=0x19f6d4 | out: lpLocalFileTime=0x19f6d4) returned 1 [0152.313] FileTimeToDosDateTime (in: lpFileTime=0x19f6d4, lpFatDate=0x19f732, lpFatTime=0x19f730 | out: lpFatDate=0x19f732, lpFatTime=0x19f730) returned 1 [0152.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft OneDrive", cchCount2=8) returned 1 [0152.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft OneDrive", cchCount2=4) returned 1 [0152.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft OneDrive", cchCount2=8) returned 1 [0152.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft OneDrive", cchCount2=4) returned 1 [0152.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Microsoft OneDrive", cchCount2=8) returned 1 [0152.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Microsoft OneDrive", cchCount2=4) returned 1 [0152.313] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft OneDrive\\*", lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ecd6462, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x3ecd6462, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x3ecd6462, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0152.316] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f424 | out: lpLocalFileTime=0x19f424) returned 1 [0152.316] FileTimeToDosDateTime (in: lpFileTime=0x19f424, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.316] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ecd6462, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0x3ecd6462, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x3ecd6462, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.316] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.316] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.316] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ecd6462, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xe877edbb, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xe877edbb, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup", cAlternateFileName="")) returned 1 [0152.316] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.316] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.316] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="setup", cchCount2=4) returned 1 [0152.316] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="setup", cchCount2=4) returned 1 [0152.316] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="setup", cchCount2=4) returned 1 [0152.316] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft OneDrive\\setup\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ecd6462, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xe877edbb, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xe877edbb, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0152.317] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.317] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.317] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ecd6462, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xe877edbb, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xe877edbb, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.317] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.317] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.317] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe877edbb, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xe877edbb, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xe877edbb, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="refcount.ini", cAlternateFileName="")) returned 1 [0152.317] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.317] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.317] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe877edbb, ftCreationTime.dwHighDateTime=0x1d38c43, ftLastAccessTime.dwLowDateTime=0xe877edbb, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xe877edbb, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="refcount.ini", cAlternateFileName="")) returned 0 [0152.317] GetLastError () returned 0x12 [0152.317] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.317] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3ecd6462, ftCreationTime.dwHighDateTime=0x1d32744, ftLastAccessTime.dwLowDateTime=0xe877edbb, ftLastAccessTime.dwHighDateTime=0x1d38c43, ftLastWriteTime.dwLowDateTime=0xe877edbb, ftLastWriteTime.dwHighDateTime=0x1d38c43, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup", cAlternateFileName="")) returned 0 [0152.318] GetLastError () returned 0x12 [0152.319] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0152.319] FindNextFileW (in: hFindFile=0x94d1a8, lpFindFileData=0x19f750 | out: lpFindFileData=0x19f750*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa2d56a03, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa2d56a03, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa2d56a03, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Oracle", cAlternateFileName="")) returned 1 [0152.319] FileTimeToLocalFileTime (in: lpFileTime=0x19f764, lpLocalFileTime=0x19f6d4 | out: lpLocalFileTime=0x19f6d4) returned 1 [0152.320] FileTimeToDosDateTime (in: lpFileTime=0x19f6d4, lpFatDate=0x19f732, lpFatTime=0x19f730 | out: lpFatDate=0x19f732, lpFatTime=0x19f730) returned 1 [0152.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Oracle", cchCount2=4) returned 1 [0152.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Oracle", cchCount2=4) returned 1 [0152.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Oracle", cchCount2=4) returned 1 [0152.320] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Oracle\\*", lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa2d56a03, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa2d56a03, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa2d56a03, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0152.320] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f424 | out: lpLocalFileTime=0x19f424) returned 1 [0152.320] FileTimeToDosDateTime (in: lpFileTime=0x19f424, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.320] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa2d56a03, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa2d56a03, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa2d56a03, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.321] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.321] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.321] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa2d56a03, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xad14ee36, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xad14ee36, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0152.321] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.321] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.321] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Java", cchCount2=4) returned 1 [0152.321] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Java", cchCount2=4) returned 1 [0152.321] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Java", cchCount2=4) returned 1 [0152.321] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Oracle\\Java\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa2d56a03, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xad14ee36, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xad14ee36, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0152.322] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.323] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.323] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa2d56a03, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xad14ee36, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xad14ee36, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.323] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.323] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.323] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xad14ee36, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xc2d63c47, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xad19b2ee, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".oracle_jre_usage", cAlternateFileName="ORACLE~1")) returned 1 [0152.323] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.323] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2=".oracle_jre_usage", cchCount2=8) returned 3 [0152.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2=".oracle_jre_usage", cchCount2=4) returned 3 [0152.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2=".oracle_jre_usage", cchCount2=8) returned 3 [0152.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2=".oracle_jre_usage", cchCount2=4) returned 3 [0152.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2=".oracle_jre_usage", cchCount2=8) returned 3 [0152.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2=".oracle_jre_usage", cchCount2=4) returned 3 [0152.323] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Oracle\\Java\\.oracle_jre_usage\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xad14ee36, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xc2d63c47, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xad19b2ee, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d3a8 [0152.325] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.325] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.325] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xad14ee36, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xc2d63c47, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xad19b2ee, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.325] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.325] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.325] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad19b2ee, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xad19b2ee, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0x70ca10d9, ftLastWriteTime.dwHighDateTime=0x1d35e02, nFileSizeHigh=0x0, nFileSizeLow=0x33, dwReserved0=0x0, dwReserved1=0x0, cFileName="17dfc292991c7c46.timestamp", cAlternateFileName="17DFC2~1.TIM")) returned 1 [0152.325] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.325] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.325] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad19b2ee, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xad19b2ee, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0x70ca10d9, ftLastWriteTime.dwHighDateTime=0x1d35e02, nFileSizeHigh=0x0, nFileSizeLow=0x33, dwReserved0=0x0, dwReserved1=0x0, cFileName="17dfc292991c7c46.timestamp", cAlternateFileName="17DFC2~1.TIM")) returned 0 [0152.326] GetLastError () returned 0x12 [0152.326] FindClose (in: hFindFile=0x94d3a8 | out: hFindFile=0x94d3a8) returned 1 [0152.326] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa2d7cc62, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8d35a5d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8d35a5d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="installcache_x64", cAlternateFileName="INSTAL~1")) returned 1 [0152.326] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.326] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.326] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="installcache_x64", cchCount2=8) returned 1 [0152.326] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="installcache_x64", cchCount2=4) returned 1 [0152.326] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="installcache_x64", cchCount2=8) returned 1 [0152.326] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="installcache_x64", cchCount2=4) returned 1 [0152.326] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="installcache_x64", cchCount2=8) returned 1 [0152.326] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="installcache_x64", cchCount2=4) returned 1 [0152.326] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Oracle\\Java\\installcache_x64\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa2d7cc62, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8d35a5d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8d35a5d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0152.327] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.327] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.327] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa2d7cc62, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa8d35a5d, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa8d35a5d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.327] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.327] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.327] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa33265df, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa33265df, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa315c98a, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4eba475, dwReserved0=0x0, dwReserved1=0x0, cFileName="baseimagefam8", cAlternateFileName="BASEIM~1")) returned 1 [0152.327] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.327] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.327] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa33265df, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xa33265df, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa315c98a, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4eba475, dwReserved0=0x0, dwReserved1=0x0, cFileName="baseimagefam8", cAlternateFileName="BASEIM~1")) returned 0 [0152.327] GetLastError () returned 0x12 [0152.328] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0152.328] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2410, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xac5d590c, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="javapath", cAlternateFileName="")) returned 1 [0152.328] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.328] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="javapath", cchCount2=8) returned 1 [0152.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="javapath", cchCount2=4) returned 1 [0152.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="javapath", cchCount2=8) returned 1 [0152.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="javapath", cchCount2=4) returned 1 [0152.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="javapath", cchCount2=8) returned 1 [0152.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="javapath", cchCount2=4) returned 1 [0152.328] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Oracle\\Java\\javapath\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xac5d590c, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0152.328] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.329] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.329] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xac5d590c, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.329] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.329] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.329] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x32840, dwReserved0=0x0, dwReserved1=0x0, cFileName="java.exe", cAlternateFileName="")) returned 1 [0152.329] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.329] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.329] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x32840, dwReserved0=0x0, dwReserved1=0x0, cFileName="javaw.exe", cAlternateFileName="")) returned 1 [0152.329] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.329] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.329] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4e040, dwReserved0=0x0, dwReserved1=0x0, cFileName="javaws.exe", cAlternateFileName="")) returned 1 [0152.329] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.329] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.329] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4e040, dwReserved0=0x0, dwReserved1=0x0, cFileName="javaws.exe", cAlternateFileName="")) returned 0 [0152.329] GetLastError () returned 0x12 [0152.330] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0152.330] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xac5d590c, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="javapath_target_474984", cAlternateFileName="JAVAPA~1")) returned 1 [0152.330] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.330] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="javapath_target_474984", cchCount2=8) returned 1 [0152.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="javapath_target_474984", cchCount2=4) returned 1 [0152.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="javapath_target_474984", cchCount2=8) returned 1 [0152.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="javapath_target_474984", cchCount2=4) returned 1 [0152.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="javapath_target_474984", cchCount2=8) returned 1 [0152.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="javapath_target_474984", cchCount2=4) returned 1 [0152.330] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Oracle\\Java\\javapath_target_474984\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xac5d590c, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d868 [0152.330] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.330] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.331] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xac5d590c, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.331] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.331] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.331] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa7453105, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x32840, dwReserved0=0x0, dwReserved1=0x0, cFileName="java.exe", cAlternateFileName="")) returned 1 [0152.331] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.331] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.331] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x32840, dwReserved0=0x0, dwReserved1=0x0, cFileName="javaw.exe", cAlternateFileName="")) returned 1 [0152.331] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.331] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.331] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4e040, dwReserved0=0x0, dwReserved1=0x0, cFileName="javaws.exe", cAlternateFileName="")) returned 1 [0152.331] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.331] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.332] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xa747934d, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x4e040, dwReserved0=0x0, dwReserved1=0x0, cFileName="javaws.exe", cAlternateFileName="")) returned 0 [0152.332] GetLastError () returned 0x12 [0152.332] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0152.332] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xac5d590c, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xac5d590c, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xac5d590c, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="javapath_target_474984", cAlternateFileName="JAVAPA~1")) returned 0 [0152.332] GetLastError () returned 0x12 [0152.332] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.332] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa2d56a03, ftCreationTime.dwHighDateTime=0x1d327cc, ftLastAccessTime.dwLowDateTime=0xad14ee36, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xad14ee36, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 0 [0152.332] GetLastError () returned 0x12 [0152.333] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0152.333] FindNextFileW (in: hFindFile=0x94d1a8, lpFindFileData=0x19f750 | out: lpFindFileData=0x19f750*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcf03b3d5, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdefc9a0c, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdefc9a0c, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0152.333] FileTimeToLocalFileTime (in: lpFileTime=0x19f764, lpLocalFileTime=0x19f6d4 | out: lpLocalFileTime=0x19f6d4) returned 1 [0152.333] FileTimeToDosDateTime (in: lpFileTime=0x19f6d4, lpFatDate=0x19f732, lpFatTime=0x19f730 | out: lpFatDate=0x19f732, lpFatTime=0x19f730) returned 1 [0152.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Package Cache", cchCount2=8) returned 1 [0152.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Package Cache", cchCount2=4) returned 1 [0152.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Package Cache", cchCount2=8) returned 1 [0152.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Package Cache", cchCount2=4) returned 1 [0152.409] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="Package Cache", cchCount2=8) returned 1 [0152.410] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="Package Cache", cchCount2=4) returned 1 [0152.410] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\*", lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcf03b3d5, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdefc9a0c, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdefc9a0c, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d4a8 [0152.413] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f424 | out: lpLocalFileTime=0x19f424) returned 1 [0152.413] FileTimeToDosDateTime (in: lpFileTime=0x19f424, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.413] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcf03b3d5, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdefc9a0c, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdefc9a0c, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.413] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.413] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.413] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd26065d8, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e0f451, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd262c839, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cAlternateFileName="{13A4E~1.210")) returned 1 [0152.413] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.413] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount2=8) returned 1 [0152.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount2=4) returned 1 [0152.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount2=8) returned 1 [0152.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount2=4) returned 1 [0152.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount2=8) returned 1 [0152.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount2=4) returned 1 [0152.414] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd26065d8, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e0f451, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd262c839, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0152.415] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.415] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.415] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd26065d8, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e0f451, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd262c839, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.415] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.415] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.415] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd262c839, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e72597, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd262c839, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0152.416] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.416] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.416] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd262c839, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e72597, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd262c839, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0152.417] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.418] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.418] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd262c839, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e72597, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd262c839, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.418] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.418] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.418] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd262c839, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e73631, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd2652a95, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0152.418] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.418] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeMinimum_x86", cchCount2=8) returned 1 [0152.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeMinimum_x86", cchCount2=4) returned 1 [0152.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeMinimum_x86", cchCount2=8) returned 1 [0152.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeMinimum_x86", cchCount2=4) returned 1 [0152.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeMinimum_x86", cchCount2=8) returned 1 [0152.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeMinimum_x86", cchCount2=4) returned 1 [0152.418] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd262c839, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e73631, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd2652a95, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0152.419] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.419] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.419] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd262c839, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e73631, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd2652a95, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.419] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.419] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.419] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5eefa500, ftCreationTime.dwHighDateTime=0x1cf3e16, ftLastAccessTime.dwLowDateTime=0x5eefa500, ftLastAccessTime.dwHighDateTime=0x1cf3e16, ftLastWriteTime.dwLowDateTime=0x5eefa500, ftLastWriteTime.dwHighDateTime=0x1cf3e16, nFileSizeHigh=0x0, nFileSizeLow=0xf36be, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0152.419] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.419] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.419] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5eefa500, ftCreationTime.dwHighDateTime=0x1cf3e16, ftLastAccessTime.dwLowDateTime=0x5eefa500, ftLastAccessTime.dwHighDateTime=0x1cf3e16, ftLastWriteTime.dwLowDateTime=0x5eefa500, ftLastWriteTime.dwHighDateTime=0x1cf3e16, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0152.419] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.419] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.419] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5eefa500, ftCreationTime.dwHighDateTime=0x1cf3e16, ftLastAccessTime.dwLowDateTime=0x5eefa500, ftLastAccessTime.dwHighDateTime=0x1cf3e16, ftLastWriteTime.dwLowDateTime=0x5eefa500, ftLastWriteTime.dwHighDateTime=0x1cf3e16, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0152.419] GetLastError () returned 0x12 [0152.419] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.420] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd262c839, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e73631, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd2652a95, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0152.420] GetLastError () returned 0x12 [0152.420] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0152.420] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd262c839, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e72597, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd262c839, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0152.420] GetLastError () returned 0x12 [0152.420] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.420] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf03b3d5, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e7475e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf03b3d5, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cAlternateFileName="{33D1F~1")) returned 1 [0152.420] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.420] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.420] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount2=8) returned 1 [0152.420] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount2=4) returned 1 [0152.420] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount2=8) returned 1 [0152.420] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount2=4) returned 1 [0152.420] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount2=8) returned 1 [0152.420] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount2=4) returned 1 [0152.421] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf03b3d5, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e7475e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf03b3d5, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d728 [0152.421] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.421] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.421] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf03b3d5, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e7475e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf03b3d5, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.421] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.421] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.421] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf03b3d5, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xcf03b3d5, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0x354d9570, ftLastWriteTime.dwHighDateTime=0x1d327be, nFileSizeHigh=0x0, nFileSizeLow=0x272, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0152.421] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.421] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.421] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf03b3d5, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xcf03b3d5, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xcef30371, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0152.421] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.422] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.422] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf03b3d5, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xcf03b3d5, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xcef30371, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x6f428, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x86.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0152.422] GetLastError () returned 0x12 [0152.422] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0152.422] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0ae7939, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e75aa9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0b0dbb0, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cAlternateFileName="{37B8F~1.610")) returned 1 [0152.422] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.422] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount2=8) returned 1 [0152.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount2=4) returned 1 [0152.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount2=8) returned 1 [0152.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount2=4) returned 1 [0152.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount2=8) returned 1 [0152.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount2=4) returned 1 [0152.422] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0ae7939, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e75aa9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0b0dbb0, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0152.427] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.427] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.427] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0ae7939, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2e75aa9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0b0dbb0, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.427] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.427] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.427] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b0dbb0, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebdead, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0b0dbb0, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0152.427] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.427] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.427] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.427] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.427] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.427] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.427] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.429] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b0dbb0, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebdead, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0b0dbb0, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d6e8 [0152.430] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.430] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.430] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b0dbb0, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebdead, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0b0dbb0, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.430] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.430] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.430] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b0dbb0, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebe532, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0b33e03, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0152.430] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.430] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeAdditional_amd64", cchCount2=8) returned 1 [0152.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeAdditional_amd64", cchCount2=4) returned 1 [0152.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeAdditional_amd64", cchCount2=8) returned 1 [0152.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeAdditional_amd64", cchCount2=4) returned 1 [0152.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeAdditional_amd64", cchCount2=8) returned 1 [0152.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeAdditional_amd64", cchCount2=4) returned 1 [0152.430] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b0dbb0, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebe532, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0b33e03, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0152.431] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.431] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.431] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b0dbb0, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebe532, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0b33e03, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.431] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.431] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.431] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb69f0b00, ftCreationTime.dwHighDateTime=0x1ced51c, ftLastAccessTime.dwLowDateTime=0xb69f0b00, ftLastAccessTime.dwHighDateTime=0x1ced51c, ftLastWriteTime.dwLowDateTime=0xb69f0b00, ftLastWriteTime.dwHighDateTime=0x1ced51c, nFileSizeHigh=0x0, nFileSizeLow=0x588124, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0152.431] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.431] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.431] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5197e500, ftCreationTime.dwHighDateTime=0x1ced51d, ftLastAccessTime.dwLowDateTime=0x5197e500, ftLastAccessTime.dwHighDateTime=0x1ced51d, ftLastWriteTime.dwLowDateTime=0x5197e500, ftLastWriteTime.dwHighDateTime=0x1ced51d, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0152.431] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.431] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.431] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5197e500, ftCreationTime.dwHighDateTime=0x1ced51d, ftLastAccessTime.dwLowDateTime=0x5197e500, ftLastAccessTime.dwHighDateTime=0x1ced51d, ftLastWriteTime.dwLowDateTime=0x5197e500, ftLastWriteTime.dwHighDateTime=0x1ced51d, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0152.431] GetLastError () returned 0x12 [0152.431] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0152.432] FindNextFileW (in: hFindFile=0x94d6e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b0dbb0, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebe532, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0b33e03, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0152.432] GetLastError () returned 0x12 [0152.432] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0152.432] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b0dbb0, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebdead, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0b0dbb0, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0152.432] GetLastError () returned 0x12 [0152.432] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.432] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd408c921, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebeed6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd40b2b5b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cAlternateFileName="{3C3AA~1")) returned 1 [0152.432] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.432] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.432] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount2=8) returned 1 [0152.432] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount2=4) returned 1 [0152.432] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount2=8) returned 1 [0152.432] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount2=4) returned 1 [0152.432] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount2=8) returned 1 [0152.432] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount2=4) returned 1 [0152.432] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd408c921, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebeed6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd40b2b5b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0152.433] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.433] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.433] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd408c921, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebeed6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd40b2b5b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.433] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.433] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.433] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd40b2b5b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xd40b2b5b, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0x3639a1f2, ftLastWriteTime.dwHighDateTime=0x1d327be, nFileSizeHigh=0x0, nFileSizeLow=0x27e, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0152.433] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.433] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.433] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd408c921, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xd408c921, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xd4040448, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0152.433] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.433] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.433] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd408c921, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xd408c921, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xd4040448, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x710a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0152.433] GetLastError () returned 0x12 [0152.433] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.439] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9affe46, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebf4ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9affe46, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cAlternateFileName="{582EA~1.250")) returned 1 [0152.439] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.439] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount2=8) returned 1 [0152.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount2=4) returned 1 [0152.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount2=8) returned 1 [0152.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount2=4) returned 1 [0152.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount2=8) returned 1 [0152.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount2=4) returned 1 [0152.440] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9affe46, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebf4ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9affe46, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0152.441] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.441] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.441] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9affe46, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebf4ad, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9affe46, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.441] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.441] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.441] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9affe46, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebfbe2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9affe46, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0152.441] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.441] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.442] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9affe46, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebfbe2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9affe46, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d368 [0152.442] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.442] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.442] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9affe46, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebfbe2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9affe46, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.442] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.442] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.442] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9affe46, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec031b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b26095, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0152.442] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.442] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeMinimum_x86", cchCount2=8) returned 1 [0152.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeMinimum_x86", cchCount2=4) returned 1 [0152.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeMinimum_x86", cchCount2=8) returned 1 [0152.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeMinimum_x86", cchCount2=4) returned 1 [0152.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeMinimum_x86", cchCount2=8) returned 1 [0152.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeMinimum_x86", cchCount2=4) returned 1 [0152.442] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9affe46, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec031b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b26095, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d868 [0152.443] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.443] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.443] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9affe46, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec031b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b26095, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.443] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.443] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.443] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf81cb00, ftCreationTime.dwHighDateTime=0x1d28867, ftLastAccessTime.dwLowDateTime=0xdf81cb00, ftLastAccessTime.dwHighDateTime=0x1d28867, ftLastWriteTime.dwLowDateTime=0xdf81cb00, ftLastWriteTime.dwHighDateTime=0x1d28867, nFileSizeHigh=0x0, nFileSizeLow=0x13babb, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0152.443] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.443] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.444] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93af200, ftCreationTime.dwHighDateTime=0x1d28868, ftLastAccessTime.dwLowDateTime=0x93af200, ftLastAccessTime.dwHighDateTime=0x1d28868, ftLastWriteTime.dwLowDateTime=0x93af200, ftLastWriteTime.dwHighDateTime=0x1d28868, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0152.444] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.444] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.444] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93af200, ftCreationTime.dwHighDateTime=0x1d28868, ftLastAccessTime.dwLowDateTime=0x93af200, ftLastAccessTime.dwHighDateTime=0x1d28868, ftLastWriteTime.dwLowDateTime=0x93af200, ftLastWriteTime.dwHighDateTime=0x1d28868, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0152.444] GetLastError () returned 0x12 [0152.444] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0152.444] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9affe46, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec031b, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b26095, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0152.444] GetLastError () returned 0x12 [0152.444] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0152.444] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9affe46, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ebfbe2, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9affe46, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0152.444] GetLastError () returned 0x12 [0152.444] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.444] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9b26095, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec0a31, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b26095, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cAlternateFileName="{68306~1.250")) returned 1 [0152.444] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.444] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount2=8) returned 1 [0152.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount2=4) returned 1 [0152.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount2=8) returned 1 [0152.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount2=4) returned 1 [0152.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount2=8) returned 1 [0152.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount2=4) returned 1 [0152.445] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9b26095, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec0a31, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b26095, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d628 [0152.446] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.446] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.446] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9b26095, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec0a31, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b26095, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.446] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.446] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.446] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9b26095, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec10ed, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b26095, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0152.446] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.446] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.446] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9b26095, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec10ed, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b26095, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0152.447] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.447] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.447] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9b26095, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec10ed, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b26095, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.447] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.447] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.447] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9b26095, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec173c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b4c2ed, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0152.447] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.447] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.447] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeAdditional_x86", cchCount2=8) returned 1 [0152.447] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeAdditional_x86", cchCount2=4) returned 1 [0152.447] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeAdditional_x86", cchCount2=8) returned 1 [0152.447] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeAdditional_x86", cchCount2=4) returned 1 [0152.447] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeAdditional_x86", cchCount2=8) returned 1 [0152.447] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeAdditional_x86", cchCount2=4) returned 1 [0152.447] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9b26095, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec173c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b4c2ed, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0152.448] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.448] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.448] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9b26095, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec173c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b4c2ed, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.448] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.448] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.448] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1e42500, ftCreationTime.dwHighDateTime=0x1d28867, ftLastAccessTime.dwLowDateTime=0xe1e42500, ftLastAccessTime.dwHighDateTime=0x1d28867, ftLastWriteTime.dwLowDateTime=0xe1e42500, ftLastWriteTime.dwHighDateTime=0x1d28867, nFileSizeHigh=0x0, nFileSizeLow=0x4f699e, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0152.448] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.448] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.448] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcce7900, ftCreationTime.dwHighDateTime=0x1d28868, ftLastAccessTime.dwLowDateTime=0xcce7900, ftLastAccessTime.dwHighDateTime=0x1d28868, ftLastWriteTime.dwLowDateTime=0xcce7900, ftLastWriteTime.dwHighDateTime=0x1d28868, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0152.448] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.448] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.448] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcce7900, ftCreationTime.dwHighDateTime=0x1d28868, ftLastAccessTime.dwLowDateTime=0xcce7900, ftLastAccessTime.dwHighDateTime=0x1d28868, ftLastWriteTime.dwLowDateTime=0xcce7900, ftLastWriteTime.dwHighDateTime=0x1d28868, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0152.448] GetLastError () returned 0x12 [0152.448] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.448] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9b26095, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec173c, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b4c2ed, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0152.448] GetLastError () returned 0x12 [0152.449] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0152.449] FindNextFileW (in: hFindFile=0x94d628, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9b26095, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2ec10ed, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd9b26095, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0152.449] GetLastError () returned 0x12 [0152.449] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0152.449] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc800531, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdc800531, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdc800531, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cAlternateFileName="{8D4F7~1.250")) returned 1 [0152.449] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.449] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.449] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount2=8) returned 1 [0152.449] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount2=4) returned 1 [0152.449] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount2=8) returned 1 [0152.449] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount2=4) returned 1 [0152.449] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount2=8) returned 1 [0152.449] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount2=4) returned 1 [0152.449] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc800531, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdc800531, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdc800531, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d368 [0152.450] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.450] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.450] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc800531, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdc800531, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdc800531, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.450] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.450] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.450] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc800531, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdc800531, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdc800531, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0152.450] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.450] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.451] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc800531, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdc800531, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdc800531, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0152.451] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.451] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.451] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc800531, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdc800531, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdc800531, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.451] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.451] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.451] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc800531, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdc8267ac, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdc8267ac, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0152.451] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.451] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeMinimum_amd64", cchCount2=8) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeMinimum_amd64", cchCount2=4) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeMinimum_amd64", cchCount2=8) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeMinimum_amd64", cchCount2=4) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeMinimum_amd64", cchCount2=8) returned 1 [0152.451] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeMinimum_amd64", cchCount2=4) returned 1 [0152.451] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc800531, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdc8267ac, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdc8267ac, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d3a8 [0152.536] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.536] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.536] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc800531, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdc8267ac, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdc8267ac, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.536] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.536] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.537] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1e42500, ftCreationTime.dwHighDateTime=0x1d28867, ftLastAccessTime.dwLowDateTime=0xe1e42500, ftLastAccessTime.dwHighDateTime=0x1d28867, ftLastWriteTime.dwLowDateTime=0xe1e42500, ftLastWriteTime.dwHighDateTime=0x1d28867, nFileSizeHigh=0x0, nFileSizeLow=0x165257, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0152.537] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.537] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.537] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9d4c00, ftCreationTime.dwHighDateTime=0x1d28868, ftLastAccessTime.dwLowDateTime=0xb9d4c00, ftLastAccessTime.dwHighDateTime=0x1d28868, ftLastWriteTime.dwLowDateTime=0xb9d4c00, ftLastWriteTime.dwHighDateTime=0x1d28868, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0152.537] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.537] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.537] FindNextFileW (in: hFindFile=0x94d3a8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9d4c00, ftCreationTime.dwHighDateTime=0x1d28868, ftLastAccessTime.dwLowDateTime=0xb9d4c00, ftLastAccessTime.dwHighDateTime=0x1d28868, ftLastWriteTime.dwLowDateTime=0xb9d4c00, ftLastWriteTime.dwHighDateTime=0x1d28868, nFileSizeHigh=0x0, nFileSizeLow=0x24000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0152.537] GetLastError () returned 0x12 [0152.537] FindClose (in: hFindFile=0x94d3a8 | out: hFindFile=0x94d3a8) returned 1 [0152.538] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc800531, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdc8267ac, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdc8267ac, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0152.538] GetLastError () returned 0x12 [0152.538] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.538] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc800531, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xdc800531, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xdc800531, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0152.538] GetLastError () returned 0x12 [0152.538] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0152.538] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd417172a, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f1d0bc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd417172a, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cAlternateFileName="{929FB~1.210")) returned 1 [0152.538] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.538] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount2=8) returned 1 [0152.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount2=4) returned 1 [0152.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount2=8) returned 1 [0152.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount2=4) returned 1 [0152.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount2=8) returned 1 [0152.539] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount2=4) returned 1 [0152.539] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd417172a, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f1d0bc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd417172a, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0152.540] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.540] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.540] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd417172a, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f1d0bc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd417172a, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.540] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.540] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.540] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd417172a, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f1dba9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd417172a, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0152.540] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.540] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.541] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd417172a, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f1dba9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd417172a, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0152.541] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.541] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.541] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd417172a, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f1dba9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd417172a, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.541] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.541] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.541] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd417172a, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f759d9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd41e3e2d, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0152.541] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.541] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.542] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeAdditional_amd64", cchCount2=8) returned 1 [0152.542] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeAdditional_amd64", cchCount2=4) returned 1 [0152.542] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeAdditional_amd64", cchCount2=8) returned 1 [0152.542] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeAdditional_amd64", cchCount2=4) returned 1 [0152.542] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="vcRuntimeAdditional_amd64", cchCount2=8) returned 1 [0152.542] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="vcRuntimeAdditional_amd64", cchCount2=4) returned 1 [0152.542] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\packages\\vcRuntimeAdditional_amd64\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd417172a, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f759d9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd41e3e2d, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d368 [0152.542] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.542] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.542] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd417172a, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f759d9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd41e3e2d, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.543] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.543] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.543] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8abe5b00, ftCreationTime.dwHighDateTime=0x1cf3e15, ftLastAccessTime.dwLowDateTime=0x8abe5b00, ftLastAccessTime.dwHighDateTime=0x1cf3e15, ftLastWriteTime.dwLowDateTime=0x8abe5b00, ftLastWriteTime.dwHighDateTime=0x1cf3e15, nFileSizeHigh=0x0, nFileSizeLow=0x554520, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0152.543] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.543] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.543] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x885c0100, ftCreationTime.dwHighDateTime=0x1cf3e15, ftLastAccessTime.dwLowDateTime=0x885c0100, ftLastAccessTime.dwHighDateTime=0x1cf3e15, ftLastWriteTime.dwLowDateTime=0x885c0100, ftLastWriteTime.dwHighDateTime=0x1cf3e15, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0152.543] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.543] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.543] FindNextFileW (in: hFindFile=0x94d368, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x885c0100, ftCreationTime.dwHighDateTime=0x1cf3e15, ftLastAccessTime.dwLowDateTime=0x885c0100, ftLastAccessTime.dwHighDateTime=0x1cf3e15, ftLastWriteTime.dwLowDateTime=0x885c0100, ftLastWriteTime.dwHighDateTime=0x1cf3e15, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0152.543] GetLastError () returned 0x12 [0152.543] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0152.543] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd417172a, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f759d9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd41e3e2d, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0152.544] GetLastError () returned 0x12 [0152.544] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.544] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd417172a, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f1dba9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd417172a, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0152.544] GetLastError () returned 0x12 [0152.544] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0152.544] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd40fefff, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f768c8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd414b4b9, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cAlternateFileName="{A749D~1.210")) returned 1 [0152.544] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.544] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.544] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount2=8) returned 1 [0152.544] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount2=4) returned 1 [0152.544] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount2=8) returned 1 [0152.544] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount2=4) returned 1 [0152.544] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount2=8) returned 1 [0152.545] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount2=4) returned 1 [0152.545] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd40fefff, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f768c8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd414b4b9, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d7e8 [0152.546] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.546] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.546] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd40fefff, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f768c8, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd414b4b9, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.546] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.546] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.546] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd414b4b9, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f76e30, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd414b4b9, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0152.546] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.546] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="packages", cchCount2=4) returned 1 [0152.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="packages", cchCount2=8) returned 1 [0152.547] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd414b4b9, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f76e30, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd414b4b9, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0152.547] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.547] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.547] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd414b4b9, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f76e30, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd414b4b9, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.547] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.547] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.547] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd414b4b9, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f7778e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd417172a, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0152.547] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.547] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.547] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd414b4b9, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f7778e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd417172a, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0152.548] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.548] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.548] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd414b4b9, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f7778e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd417172a, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.548] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.548] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.548] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x898d2e00, ftCreationTime.dwHighDateTime=0x1cf3e15, ftLastAccessTime.dwLowDateTime=0x898d2e00, ftLastAccessTime.dwHighDateTime=0x1cf3e15, ftLastWriteTime.dwLowDateTime=0x898d2e00, ftLastWriteTime.dwHighDateTime=0x1cf3e15, nFileSizeHigh=0x0, nFileSizeLow=0xfc90a, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0152.548] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.548] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.548] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x885c0100, ftCreationTime.dwHighDateTime=0x1cf3e15, ftLastAccessTime.dwLowDateTime=0x885c0100, ftLastAccessTime.dwHighDateTime=0x1cf3e15, ftLastWriteTime.dwLowDateTime=0x885c0100, ftLastWriteTime.dwHighDateTime=0x1cf3e15, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0152.548] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.548] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.548] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x885c0100, ftCreationTime.dwHighDateTime=0x1cf3e15, ftLastAccessTime.dwLowDateTime=0x885c0100, ftLastAccessTime.dwHighDateTime=0x1cf3e15, ftLastWriteTime.dwLowDateTime=0x885c0100, ftLastWriteTime.dwHighDateTime=0x1cf3e15, nFileSizeHigh=0x0, nFileSizeLow=0x23000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0152.549] GetLastError () returned 0x12 [0152.549] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.549] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd414b4b9, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f7778e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd417172a, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 0 [0152.549] GetLastError () returned 0x12 [0152.549] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.549] FindNextFileW (in: hFindFile=0x94d7e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd414b4b9, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2f76e30, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd414b4b9, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0152.549] GetLastError () returned 0x12 [0152.549] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0152.549] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0f9f9b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2fe5a20, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0f9f9b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cAlternateFileName="{B1755~1.610")) returned 1 [0152.549] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.549] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.549] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0f9f9b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2fe5a20, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0f9f9b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0152.551] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.551] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.551] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0f9f9b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2fe5a20, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0f9f9b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.551] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.551] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.551] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0f9f9b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2fe636a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0f9f9b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0152.551] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.551] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.551] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0f9f9b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2fe636a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0f9f9b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d328 [0152.551] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.551] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.551] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0f9f9b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2fe636a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0f9f9b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.552] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.552] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.552] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0f9f9b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3030713, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf14644f, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0152.552] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.552] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.552] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0f9f9b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3030713, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf14644f, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d728 [0152.553] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.553] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.553] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0f9f9b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3030713, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf14644f, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.553] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.553] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.553] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98d1a600, ftCreationTime.dwHighDateTime=0x1ced51c, ftLastAccessTime.dwLowDateTime=0x98d1a600, ftLastAccessTime.dwHighDateTime=0x1ced51c, ftLastWriteTime.dwLowDateTime=0x98d1a600, ftLastWriteTime.dwHighDateTime=0x1ced51c, nFileSizeHigh=0x0, nFileSizeLow=0x4ea418, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0152.553] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.553] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.553] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x565c9900, ftCreationTime.dwHighDateTime=0x1ced51d, ftLastAccessTime.dwLowDateTime=0x565c9900, ftLastAccessTime.dwHighDateTime=0x1ced51d, ftLastWriteTime.dwLowDateTime=0x565c9900, ftLastWriteTime.dwHighDateTime=0x1ced51d, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0152.553] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.553] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.553] FindNextFileW (in: hFindFile=0x94d728, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x565c9900, ftCreationTime.dwHighDateTime=0x1ced51d, ftLastAccessTime.dwLowDateTime=0x565c9900, ftLastAccessTime.dwHighDateTime=0x1ced51d, ftLastWriteTime.dwLowDateTime=0x565c9900, ftLastWriteTime.dwHighDateTime=0x1ced51d, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeAdditional_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0152.554] GetLastError () returned 0x12 [0152.554] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0152.554] FindNextFileW (in: hFindFile=0x94d328, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0f9f9b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3030713, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf14644f, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0152.554] GetLastError () returned 0x12 [0152.554] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0152.554] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0f9f9b, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc2fe636a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0f9f9b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0152.554] GetLastError () returned 0x12 [0152.554] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.554] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf087898, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3032038, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0d3d43, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cAlternateFileName="{BD95A~1.610")) returned 1 [0152.554] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.554] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.554] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf087898, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3032038, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0d3d43, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d868 [0152.556] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.556] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.556] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf087898, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3032038, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0d3d43, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.556] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.556] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.556] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0d3d43, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3033181, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0d3d43, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0152.556] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.556] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.556] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0d3d43, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3033181, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0d3d43, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d2e8 [0152.556] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.556] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.556] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0d3d43, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3033181, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0d3d43, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.556] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.557] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.557] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0d3d43, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3033a9d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0f9f9b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0152.557] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.557] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.557] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\packages\\vcRuntimeMinimum_x86\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0d3d43, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3033a9d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0f9f9b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0152.557] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.557] FileTimeToDosDateTime (in: lpFileTime=0x19ec08, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.557] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0d3d43, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3033a9d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0f9f9b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.557] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.557] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.557] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x966f4c00, ftCreationTime.dwHighDateTime=0x1ced51c, ftLastAccessTime.dwLowDateTime=0x966f4c00, ftLastAccessTime.dwHighDateTime=0x1ced51c, ftLastWriteTime.dwLowDateTime=0x966f4c00, ftLastWriteTime.dwHighDateTime=0x1ced51c, nFileSizeHigh=0x0, nFileSizeLow=0xc89b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0152.557] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.557] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.558] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x565c9900, ftCreationTime.dwHighDateTime=0x1ced51d, ftLastAccessTime.dwLowDateTime=0x565c9900, ftLastAccessTime.dwHighDateTime=0x1ced51d, ftLastWriteTime.dwLowDateTime=0x565c9900, ftLastWriteTime.dwHighDateTime=0x1ced51d, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0152.558] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.558] FileTimeToDosDateTime (in: lpFileTime=0x19ec04, lpFatDate=0x19ec62, lpFatTime=0x19ec60 | out: lpFatDate=0x19ec62, lpFatTime=0x19ec60) returned 1 [0152.558] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x565c9900, ftCreationTime.dwHighDateTime=0x1ced51d, ftLastAccessTime.dwLowDateTime=0x565c9900, ftLastAccessTime.dwHighDateTime=0x1ced51d, ftLastWriteTime.dwLowDateTime=0x565c9900, ftLastWriteTime.dwHighDateTime=0x1ced51d, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x86.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 0 [0152.558] GetLastError () returned 0x12 [0152.558] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.558] FindNextFileW (in: hFindFile=0x94d2e8, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0d3d43, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3033a9d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0f9f9b, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0152.558] GetLastError () returned 0x12 [0152.558] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.558] FindNextFileW (in: hFindFile=0x94d868, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcf0d3d43, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3033181, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xcf0d3d43, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0152.558] GetLastError () returned 0x12 [0152.558] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0152.559] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0a28d82, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc307e4cc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0a28d82, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cAlternateFileName="{CA675~1")) returned 1 [0152.559] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.559] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.559] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0a28d82, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc307e4cc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0a28d82, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0152.561] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.561] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.561] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0a28d82, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc307e4cc, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0a28d82, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.561] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.561] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.562] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a28d82, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xd0a28d82, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0x359ea6b6, ftLastWriteTime.dwHighDateTime=0x1d327be, nFileSizeHigh=0x0, nFileSizeLow=0x272, dwReserved0=0x0, dwReserved1=0x0, cFileName="state.rsm", cAlternateFileName="")) returned 1 [0152.562] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.562] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.562] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a28d82, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xd0a28d82, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xd0a02b30, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 1 [0152.562] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.562] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.562] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a28d82, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xd0a28d82, ftLastAccessTime.dwHighDateTime=0x1d327b7, ftLastWriteTime.dwLowDateTime=0xd0a02b30, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x6f398, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcredist_x64.exe", cAlternateFileName="VCREDI~1.EXE")) returned 0 [0152.562] GetLastError () returned 0x12 [0152.562] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.562] FindNextFileW (in: hFindFile=0x94d4a8, lpFindFileData=0x19f49c | out: lpFindFileData=0x19f49c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0a9b495, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc307f5ec, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0ae7939, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cAlternateFileName="{CF2BE~1.610")) returned 1 [0152.562] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f420 | out: lpLocalFileTime=0x19f420) returned 1 [0152.562] FileTimeToDosDateTime (in: lpFileTime=0x19f420, lpFatDate=0x19f47e, lpFatTime=0x19f47c | out: lpFatDate=0x19f47e, lpFatTime=0x19f47c) returned 1 [0152.562] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\*", lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0a9b495, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc307f5ec, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0ae7939, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d8a8 [0152.564] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f170 | out: lpLocalFileTime=0x19f170) returned 1 [0152.564] FileTimeToDosDateTime (in: lpFileTime=0x19f170, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.564] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0a9b495, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc307f5ec, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0ae7939, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.564] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.564] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.564] FindNextFileW (in: hFindFile=0x94d8a8, lpFindFileData=0x19f1e8 | out: lpFindFileData=0x19f1e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0ae7939, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc308016e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0ae7939, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0152.564] FileTimeToLocalFileTime (in: lpFileTime=0x19f1fc, lpLocalFileTime=0x19f16c | out: lpLocalFileTime=0x19f16c) returned 1 [0152.564] FileTimeToDosDateTime (in: lpFileTime=0x19f16c, lpFatDate=0x19f1ca, lpFatTime=0x19f1c8 | out: lpFatDate=0x19f1ca, lpFatTime=0x19f1c8) returned 1 [0152.564] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\*", lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0ae7939, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc308016e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0ae7939, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d168 [0152.564] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eebc | out: lpLocalFileTime=0x19eebc) returned 1 [0152.564] FileTimeToDosDateTime (in: lpFileTime=0x19eebc, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.564] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0ae7939, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc308016e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0ae7939, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.564] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.564] FileTimeToDosDateTime (in: lpFileTime=0x19eeb8, lpFatDate=0x19ef16, lpFatTime=0x19ef14 | out: lpFatDate=0x19ef16, lpFatTime=0x19ef14) returned 1 [0152.564] FindNextFileW (in: hFindFile=0x94d168, lpFindFileData=0x19ef34 | out: lpFindFileData=0x19ef34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0ae7939, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3080926, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0ae7939, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vcRuntimeMinimum_amd64", cAlternateFileName="VCRUNT~1")) returned 1 [0152.565] FileTimeToLocalFileTime (in: lpFileTime=0x19ef48, lpLocalFileTime=0x19eeb8 | out: lpLocalFileTime=0x19eeb8) returned 1 [0152.565] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\*", lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0ae7939, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3080926, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0ae7939, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x94d5e8 [0152.565] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec08 | out: lpLocalFileTime=0x19ec08) returned 1 [0152.565] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0ae7939, ftCreationTime.dwHighDateTime=0x1d327b7, ftLastAccessTime.dwLowDateTime=0xc3080926, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xd0ae7939, ftLastWriteTime.dwHighDateTime=0x1d327b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0152.565] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.565] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4bd6800, ftCreationTime.dwHighDateTime=0x1ced51c, ftLastAccessTime.dwLowDateTime=0xa4bd6800, ftLastAccessTime.dwHighDateTime=0x1ced51c, ftLastWriteTime.dwLowDateTime=0xa4bd6800, ftLastWriteTime.dwHighDateTime=0x1ced51c, nFileSizeHigh=0x0, nFileSizeLow=0xc5b25, dwReserved0=0x0, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0152.565] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.565] FindNextFileW (in: hFindFile=0x94d5e8, lpFindFileData=0x19ec80 | out: lpFindFileData=0x19ec80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x683e3c00, ftCreationTime.dwHighDateTime=0x1ced51d, ftLastAccessTime.dwLowDateTime=0x683e3c00, ftLastAccessTime.dwHighDateTime=0x1ced51d, ftLastWriteTime.dwLowDateTime=0x683e3c00, ftLastWriteTime.dwHighDateTime=0x1ced51d, nFileSizeHigh=0x0, nFileSizeLow=0x25000, dwReserved0=0x0, dwReserved1=0x0, cFileName="vc_runtimeMinimum_x64.msi", cAlternateFileName="VC_RUN~1.MSI")) returned 1 [0152.565] FileTimeToLocalFileTime (in: lpFileTime=0x19ec94, lpLocalFileTime=0x19ec04 | out: lpLocalFileTime=0x19ec04) returned 1 [0152.567] GetLastError () returned 0x12 [0152.567] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.567] GetLastError () returned 0x12 [0152.567] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.567] GetLastError () returned 0x12 [0152.567] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0152.573] GetLastError () returned 0x12 [0152.573] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0152.573] GetLastError () returned 0x12 [0152.573] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0152.574] GetLastError () returned 0x12 [0152.574] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.574] GetLastError () returned 0x12 [0152.574] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.575] GetLastError () returned 0x12 [0152.575] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0152.575] GetLastError () returned 0x12 [0152.575] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0152.577] GetLastError () returned 0x12 [0152.577] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0152.577] GetLastError () returned 0x12 [0152.577] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0152.577] GetLastError () returned 0x12 [0152.577] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.577] GetLastError () returned 0x12 [0152.577] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0152.678] FileTimeToLocalFileTime (in: lpFileTime=0x19f4b0, lpLocalFileTime=0x19f424 | out: lpLocalFileTime=0x19f424) returned 1 [0152.678] GetLastError () returned 0x12 [0152.678] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.679] GetLastError () returned 0x12 [0152.679] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.680] GetLastError () returned 0x5 [0152.680] GetLastError () returned 0x5 [0152.681] GetLastError () returned 0x12 [0152.681] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0152.681] GetLastError () returned 0x12 [0152.681] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.690] GetLastError () returned 0x12 [0152.690] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0152.690] GetLastError () returned 0x12 [0152.690] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.691] GetLastError () returned 0x12 [0152.691] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.691] GetLastError () returned 0x12 [0152.691] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0152.691] GetLastError () returned 0x12 [0152.691] FindClose (in: hFindFile=0x94d1a8 | out: hFindFile=0x94d1a8) returned 1 [0152.794] GetLastError () returned 0x5 [0152.795] GetLastError () returned 0x5 [0152.817] GetLastError () returned 0x12 [0152.817] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0152.817] GetLastError () returned 0x12 [0152.817] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.819] GetLastError () returned 0x12 [0152.819] FindClose (in: hFindFile=0x94d3a8 | out: hFindFile=0x94d3a8) returned 1 [0152.820] GetLastError () returned 0x12 [0152.820] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.820] GetLastError () returned 0x12 [0152.820] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0152.820] GetLastError () returned 0x12 [0152.820] FindClose (in: hFindFile=0x94d3a8 | out: hFindFile=0x94d3a8) returned 1 [0152.826] GetLastError () returned 0x12 [0152.826] FindClose (in: hFindFile=0x94d3a8 | out: hFindFile=0x94d3a8) returned 1 [0152.827] GetLastError () returned 0x12 [0152.827] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0152.827] GetLastError () returned 0x5 [0152.828] GetLastError () returned 0x12 [0152.828] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0152.845] GetLastError () returned 0x12 [0152.845] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0152.851] GetLastError () returned 0x12 [0152.851] FindClose (in: hFindFile=0x94d1a8 | out: hFindFile=0x94d1a8) returned 1 [0152.853] GetLastError () returned 0x12 [0152.853] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0152.853] GetLastError () returned 0x12 [0152.853] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0152.854] GetLastError () returned 0x12 [0152.854] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0152.854] GetLastError () returned 0x12 [0152.855] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0152.858] GetLastError () returned 0x12 [0152.859] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0152.859] GetLastError () returned 0x12 [0152.859] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0152.859] GetLastError () returned 0x12 [0152.859] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0152.860] GetLastError () returned 0x5 [0152.860] GetLastError () returned 0x12 [0152.860] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0152.861] GetLastError () returned 0x12 [0152.861] FindClose (in: hFindFile=0x94d1a8 | out: hFindFile=0x94d1a8) returned 1 [0152.861] GetLastError () returned 0x12 [0152.861] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0152.863] GetLastError () returned 0x12 [0152.863] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0152.863] GetLastError () returned 0x12 [0152.863] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0152.863] GetLastError () returned 0x12 [0152.863] FindClose (in: hFindFile=0x94d1a8 | out: hFindFile=0x94d1a8) returned 1 [0152.863] GetLastError () returned 0x12 [0152.863] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0152.875] GetLastError () returned 0x12 [0152.876] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0152.876] GetLastError () returned 0x12 [0152.876] FindClose (in: hFindFile=0x94d1a8 | out: hFindFile=0x94d1a8) returned 1 [0152.876] GetLastError () returned 0x12 [0152.876] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0152.897] GetLastError () returned 0x12 [0152.897] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0152.902] GetLastError () returned 0x12 [0152.902] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0153.011] GetLastError () returned 0x12 [0153.011] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.011] GetLastError () returned 0x12 [0153.011] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0153.012] GetLastError () returned 0x12 [0153.012] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.012] GetLastError () returned 0x12 [0153.012] FindClose (in: hFindFile=0x94d1a8 | out: hFindFile=0x94d1a8) returned 1 [0153.016] GetLastError () returned 0x12 [0153.016] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.022] GetLastError () returned 0x12 [0153.022] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0153.023] GetLastError () returned 0x12 [0153.023] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0153.024] GetLastError () returned 0x12 [0153.024] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.024] GetLastError () returned 0x12 [0153.024] FindClose (in: hFindFile=0x94d368 | out: hFindFile=0x94d368) returned 1 [0153.024] GetLastError () returned 0x12 [0153.024] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0153.024] GetLastError () returned 0x12 [0153.024] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0153.025] GetLastError () returned 0x12 [0153.025] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0153.025] GetLastError () returned 0x12 [0153.025] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.025] GetLastError () returned 0x5 [0153.025] GetLastError () returned 0x5 [0153.026] GetLastError () returned 0x12 [0153.026] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0153.031] GetLastError () returned 0x5 [0153.031] GetLastError () returned 0x5 [0153.031] GetLastError () returned 0x5 [0153.031] GetLastError () returned 0x12 [0153.031] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.033] GetLastError () returned 0x12 [0153.033] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0153.034] GetLastError () returned 0x12 [0153.034] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.035] GetLastError () returned 0x12 [0153.035] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.035] GetLastError () returned 0x5 [0153.036] GetLastError () returned 0x12 [0153.036] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0153.036] GetLastError () returned 0x5 [0153.036] GetLastError () returned 0x5 [0153.039] GetLastError () returned 0x12 [0153.039] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0153.039] GetLastError () returned 0x5 [0153.040] GetLastError () returned 0x5 [0153.040] GetLastError () returned 0x12 [0153.040] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.040] GetLastError () returned 0x5 [0153.040] GetLastError () returned 0x5 [0153.040] GetLastError () returned 0x5 [0153.040] GetLastError () returned 0x12 [0153.040] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0153.041] GetLastError () returned 0x12 [0153.041] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0153.041] GetLastError () returned 0x5 [0153.150] GetLastError () returned 0x5 [0153.150] GetLastError () returned 0x12 [0153.150] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.152] GetLastError () returned 0x12 [0153.152] FindClose (in: hFindFile=0x94d5e8 | out: hFindFile=0x94d5e8) returned 1 [0153.152] GetLastError () returned 0x12 [0153.152] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.152] GetLastError () returned 0x12 [0153.153] FindClose (in: hFindFile=0x94d168 | out: hFindFile=0x94d168) returned 1 [0153.157] GetLastError () returned 0x5 [0153.157] GetLastError () returned 0x5 [0153.157] GetLastError () returned 0x5 [0153.157] GetLastError () returned 0x12 [0153.157] FindClose (in: hFindFile=0x94d1a8 | out: hFindFile=0x94d1a8) returned 1 [0153.160] GetLastError () returned 0x12 [0153.160] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0153.161] GetLastError () returned 0x12 [0153.161] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0153.170] GetLastError () returned 0x12 [0153.170] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0153.170] GetLastError () returned 0x12 [0153.170] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.171] GetLastError () returned 0x12 [0153.171] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0153.171] GetLastError () returned 0x12 [0153.171] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.175] GetLastError () returned 0x12 [0153.175] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0153.176] GetLastError () returned 0x12 [0153.176] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0153.176] GetLastError () returned 0x12 [0153.176] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0153.176] GetLastError () returned 0x12 [0153.176] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0153.176] GetLastError () returned 0x12 [0153.176] FindClose (in: hFindFile=0x94d6a8 | out: hFindFile=0x94d6a8) returned 1 [0153.178] GetLastError () returned 0x12 [0153.178] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0153.178] GetLastError () returned 0x12 [0153.178] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.178] GetLastError () returned 0x12 [0153.178] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.180] GetLastError () returned 0x5 [0153.181] GetLastError () returned 0x12 [0153.181] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0153.181] GetLastError () returned 0x12 [0153.181] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0153.181] GetLastError () returned 0x12 [0153.181] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.272] GetLastError () returned 0x12 [0153.272] FindClose (in: hFindFile=0x94d3a8 | out: hFindFile=0x94d3a8) returned 1 [0153.274] GetLastError () returned 0x12 [0153.274] FindClose (in: hFindFile=0x94d2e8 | out: hFindFile=0x94d2e8) returned 1 [0153.274] GetLastError () returned 0x12 [0153.274] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.278] GetLastError () returned 0x12 [0153.278] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0153.280] GetLastError () returned 0x12 [0153.280] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.280] GetLastError () returned 0x12 [0153.280] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.285] GetLastError () returned 0x12 [0153.285] FindClose (in: hFindFile=0x94d328 | out: hFindFile=0x94d328) returned 1 [0153.285] GetLastError () returned 0x12 [0153.285] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0153.285] GetLastError () returned 0x12 [0153.285] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.293] GetLastError () returned 0x12 [0153.294] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.298] GetLastError () returned 0x12 [0153.298] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0153.303] GetLastError () returned 0x12 [0153.303] FindClose (in: hFindFile=0x94d3a8 | out: hFindFile=0x94d3a8) returned 1 [0153.308] GetLastError () returned 0x12 [0153.308] FindClose (in: hFindFile=0x94d3a8 | out: hFindFile=0x94d3a8) returned 1 [0153.488] GetLastError () returned 0x12 [0153.488] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.491] GetLastError () returned 0x12 [0153.491] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.492] GetLastError () returned 0x12 [0153.492] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.493] GetLastError () returned 0x12 [0153.493] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.494] GetLastError () returned 0x12 [0153.494] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.494] GetLastError () returned 0x12 [0153.494] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.495] GetLastError () returned 0x12 [0153.496] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.497] GetLastError () returned 0x12 [0153.497] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0153.498] GetLastError () returned 0x12 [0153.498] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0153.499] GetLastError () returned 0x12 [0153.499] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0153.500] GetLastError () returned 0x12 [0153.500] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.501] GetLastError () returned 0x12 [0153.501] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.501] GetLastError () returned 0x12 [0153.501] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.503] GetLastError () returned 0x12 [0153.503] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.504] GetLastError () returned 0x12 [0153.504] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.504] GetLastError () returned 0x12 [0153.504] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0153.506] GetLastError () returned 0x12 [0153.506] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.507] GetLastError () returned 0x12 [0153.507] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.507] GetLastError () returned 0x12 [0153.507] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.508] GetLastError () returned 0x12 [0153.508] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.510] GetLastError () returned 0x12 [0153.510] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.510] GetLastError () returned 0x12 [0153.510] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.511] GetLastError () returned 0x12 [0153.511] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.512] GetLastError () returned 0x12 [0153.513] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.513] GetLastError () returned 0x12 [0153.513] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.514] GetLastError () returned 0x12 [0153.514] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.515] GetLastError () returned 0x12 [0153.515] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.516] GetLastError () returned 0x12 [0153.516] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.516] GetLastError () returned 0x12 [0153.516] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.517] GetLastError () returned 0x12 [0153.517] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0153.518] GetLastError () returned 0x12 [0153.518] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.518] GetLastError () returned 0x12 [0153.518] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.519] GetLastError () returned 0x12 [0153.519] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.521] GetLastError () returned 0x12 [0153.521] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.521] GetLastError () returned 0x12 [0153.521] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.522] GetLastError () returned 0x12 [0153.522] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.523] GetLastError () returned 0x12 [0153.523] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.524] GetLastError () returned 0x12 [0153.524] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.524] GetLastError () returned 0x12 [0153.524] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.525] GetLastError () returned 0x12 [0153.525] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.585] GetLastError () returned 0x12 [0153.585] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.587] GetLastError () returned 0x12 [0153.587] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.587] GetLastError () returned 0x12 [0153.587] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0153.588] GetLastError () returned 0x12 [0153.588] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0153.593] GetLastError () returned 0x12 [0153.593] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.593] GetLastError () returned 0x12 [0153.593] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.601] GetLastError () returned 0x12 [0153.601] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.602] GetLastError () returned 0x12 [0153.602] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.603] GetLastError () returned 0x12 [0153.603] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.604] GetLastError () returned 0x12 [0153.604] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.604] GetLastError () returned 0x12 [0153.604] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.605] GetLastError () returned 0x12 [0153.605] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.606] GetLastError () returned 0x12 [0153.606] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.608] GetLastError () returned 0x12 [0153.608] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.608] GetLastError () returned 0x12 [0153.608] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.609] GetLastError () returned 0x12 [0153.609] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.610] GetLastError () returned 0x12 [0153.610] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.610] GetLastError () returned 0x12 [0153.610] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.611] GetLastError () returned 0x12 [0153.611] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.612] GetLastError () returned 0x12 [0153.612] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0153.613] GetLastError () returned 0x12 [0153.613] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.613] GetLastError () returned 0x12 [0153.613] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.614] GetLastError () returned 0x12 [0153.614] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.685] GetLastError () returned 0x12 [0153.685] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.685] GetLastError () returned 0x12 [0153.685] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.688] GetLastError () returned 0x12 [0153.688] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.688] GetLastError () returned 0x12 [0153.688] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0153.689] GetLastError () returned 0x12 [0153.689] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.690] GetLastError () returned 0x12 [0153.690] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.691] GetLastError () returned 0x12 [0153.691] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.692] GetLastError () returned 0x12 [0153.692] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.692] GetLastError () returned 0x12 [0153.692] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0153.694] GetLastError () returned 0x12 [0153.694] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.694] GetLastError () returned 0x12 [0153.694] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.695] GetLastError () returned 0x12 [0153.695] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.696] GetLastError () returned 0x12 [0153.696] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.697] GetLastError () returned 0x12 [0153.697] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.698] GetLastError () returned 0x12 [0153.698] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.698] GetLastError () returned 0x12 [0153.698] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.699] GetLastError () returned 0x12 [0153.699] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.700] GetLastError () returned 0x12 [0153.700] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0153.701] GetLastError () returned 0x12 [0153.701] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.825] GetLastError () returned 0x12 [0153.825] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.826] GetLastError () returned 0x12 [0153.826] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.828] GetLastError () returned 0x12 [0153.828] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.829] GetLastError () returned 0x12 [0153.829] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.829] GetLastError () returned 0x12 [0153.829] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.830] GetLastError () returned 0x12 [0153.830] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0153.830] GetLastError () returned 0x12 [0153.831] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0153.832] GetLastError () returned 0x12 [0153.832] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.832] GetLastError () returned 0x12 [0153.832] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0153.832] GetLastError () returned 0x12 [0153.832] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.843] GetLastError () returned 0x12 [0153.843] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.844] GetLastError () returned 0x12 [0153.844] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0153.846] GetLastError () returned 0x12 [0153.846] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.846] GetLastError () returned 0x12 [0153.846] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.847] GetLastError () returned 0x12 [0153.848] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.848] GetLastError () returned 0x12 [0153.848] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0153.850] GetLastError () returned 0x12 [0153.850] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.855] GetLastError () returned 0x12 [0153.855] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.856] GetLastError () returned 0x12 [0153.856] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.857] GetLastError () returned 0x12 [0153.857] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.857] GetLastError () returned 0x12 [0153.857] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.858] GetLastError () returned 0x12 [0153.858] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.859] GetLastError () returned 0x12 [0153.859] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.860] GetLastError () returned 0x12 [0153.860] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.860] GetLastError () returned 0x12 [0153.860] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0153.861] GetLastError () returned 0x12 [0153.861] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.862] GetLastError () returned 0x12 [0153.862] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0153.863] GetLastError () returned 0x12 [0153.863] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.863] GetLastError () returned 0x12 [0153.863] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0153.864] GetLastError () returned 0x12 [0153.864] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.865] GetLastError () returned 0x12 [0153.865] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.866] GetLastError () returned 0x12 [0153.866] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.867] GetLastError () returned 0x12 [0153.867] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.867] GetLastError () returned 0x12 [0153.867] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.868] GetLastError () returned 0x12 [0153.868] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.870] GetLastError () returned 0x12 [0153.870] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.870] GetLastError () returned 0x12 [0153.870] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0153.871] GetLastError () returned 0x12 [0153.871] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.872] GetLastError () returned 0x12 [0153.872] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.873] GetLastError () returned 0x12 [0153.873] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0153.874] GetLastError () returned 0x12 [0153.874] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.414] GetLastError () returned 0x12 [0154.414] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.415] GetLastError () returned 0x12 [0154.416] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.416] GetLastError () returned 0x12 [0154.416] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.417] GetLastError () returned 0x12 [0154.417] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.418] GetLastError () returned 0x12 [0154.418] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.419] GetLastError () returned 0x12 [0154.419] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.420] GetLastError () returned 0x12 [0154.420] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.420] GetLastError () returned 0x12 [0154.420] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.421] GetLastError () returned 0x12 [0154.421] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.442] GetLastError () returned 0x12 [0154.442] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0154.443] GetLastError () returned 0x12 [0154.443] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.444] GetLastError () returned 0x12 [0154.444] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0154.445] GetLastError () returned 0x12 [0154.445] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.445] GetLastError () returned 0x12 [0154.445] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.446] GetLastError () returned 0x12 [0154.446] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.447] GetLastError () returned 0x12 [0154.447] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0154.447] GetLastError () returned 0x12 [0154.447] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.457] GetLastError () returned 0x12 [0154.457] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.458] GetLastError () returned 0x12 [0154.458] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.459] GetLastError () returned 0x12 [0154.459] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.460] GetLastError () returned 0x12 [0154.460] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.460] GetLastError () returned 0x12 [0154.460] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.461] GetLastError () returned 0x12 [0154.462] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0154.462] GetLastError () returned 0x12 [0154.462] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.463] GetLastError () returned 0x12 [0154.463] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.464] GetLastError () returned 0x12 [0154.464] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.465] GetLastError () returned 0x12 [0154.465] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.465] GetLastError () returned 0x12 [0154.465] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.466] GetLastError () returned 0x12 [0154.467] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.467] GetLastError () returned 0x12 [0154.468] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.475] GetLastError () returned 0x12 [0154.475] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.476] GetLastError () returned 0x12 [0154.476] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.477] GetLastError () returned 0x12 [0154.477] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.478] GetLastError () returned 0x12 [0154.478] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.478] GetLastError () returned 0x12 [0154.479] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.481] GetLastError () returned 0x12 [0154.481] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.481] GetLastError () returned 0x12 [0154.481] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0154.483] GetLastError () returned 0x12 [0154.483] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.483] GetLastError () returned 0x12 [0154.483] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.484] GetLastError () returned 0x12 [0154.484] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.485] GetLastError () returned 0x12 [0154.485] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.609] GetLastError () returned 0x12 [0154.609] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.610] GetLastError () returned 0x12 [0154.610] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.611] GetLastError () returned 0x12 [0154.611] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.612] GetLastError () returned 0x12 [0154.612] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.612] GetLastError () returned 0x12 [0154.612] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.613] GetLastError () returned 0x12 [0154.613] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.613] GetLastError () returned 0x12 [0154.613] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.614] GetLastError () returned 0x12 [0154.614] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.616] GetLastError () returned 0x12 [0154.616] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.616] GetLastError () returned 0x12 [0154.616] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.617] GetLastError () returned 0x12 [0154.617] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.618] GetLastError () returned 0x12 [0154.618] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.618] GetLastError () returned 0x12 [0154.619] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.620] GetLastError () returned 0x12 [0154.620] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.621] GetLastError () returned 0x12 [0154.621] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.621] GetLastError () returned 0x12 [0154.621] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.623] GetLastError () returned 0x12 [0154.623] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.623] GetLastError () returned 0x12 [0154.623] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.623] GetLastError () returned 0x12 [0154.623] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.633] GetLastError () returned 0x12 [0154.633] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.634] GetLastError () returned 0x12 [0154.635] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.636] GetLastError () returned 0x12 [0154.636] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.637] GetLastError () returned 0x12 [0154.637] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.637] GetLastError () returned 0x12 [0154.637] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.638] GetLastError () returned 0x12 [0154.638] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.639] GetLastError () returned 0x12 [0154.639] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.640] GetLastError () returned 0x12 [0154.640] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.641] GetLastError () returned 0x12 [0154.641] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.642] GetLastError () returned 0x12 [0154.642] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.643] GetLastError () returned 0x12 [0154.643] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.644] GetLastError () returned 0x12 [0154.644] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.646] GetLastError () returned 0x12 [0154.646] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.647] GetLastError () returned 0x12 [0154.647] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.647] GetLastError () returned 0x12 [0154.647] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.648] GetLastError () returned 0x12 [0154.648] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0154.650] GetLastError () returned 0x12 [0154.650] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.650] GetLastError () returned 0x12 [0154.650] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.652] GetLastError () returned 0x12 [0154.652] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.653] GetLastError () returned 0x12 [0154.653] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.654] GetLastError () returned 0x12 [0154.654] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.655] GetLastError () returned 0x12 [0154.655] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.656] GetLastError () returned 0x12 [0154.656] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.657] GetLastError () returned 0x12 [0154.657] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0154.697] GetLastError () returned 0x12 [0154.697] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.702] GetLastError () returned 0x12 [0154.702] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.704] GetLastError () returned 0x12 [0154.704] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.705] GetLastError () returned 0x12 [0154.705] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.706] GetLastError () returned 0x12 [0154.707] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.708] GetLastError () returned 0x12 [0154.708] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.709] GetLastError () returned 0x12 [0154.709] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.710] GetLastError () returned 0x12 [0154.710] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.710] GetLastError () returned 0x12 [0154.710] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.711] GetLastError () returned 0x12 [0154.711] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0154.713] GetLastError () returned 0x12 [0154.713] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.713] GetLastError () returned 0x12 [0154.713] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.714] GetLastError () returned 0x12 [0154.714] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.714] GetLastError () returned 0x12 [0154.715] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.716] GetLastError () returned 0x12 [0154.717] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.717] GetLastError () returned 0x12 [0154.717] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0154.717] GetLastError () returned 0x12 [0154.717] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.718] GetLastError () returned 0x12 [0154.718] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.719] GetLastError () returned 0x12 [0154.719] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.720] GetLastError () returned 0x12 [0154.720] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.721] GetLastError () returned 0x12 [0154.721] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.722] GetLastError () returned 0x12 [0154.722] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.723] GetLastError () returned 0x12 [0154.723] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.723] GetLastError () returned 0x12 [0154.723] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.725] GetLastError () returned 0x12 [0154.725] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.725] GetLastError () returned 0x12 [0154.725] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.726] GetLastError () returned 0x12 [0154.726] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.727] GetLastError () returned 0x12 [0154.727] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.728] GetLastError () returned 0x12 [0154.728] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.728] GetLastError () returned 0x12 [0154.728] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0154.729] GetLastError () returned 0x12 [0154.729] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.729] GetLastError () returned 0x12 [0154.729] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.730] GetLastError () returned 0x12 [0154.730] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.730] GetLastError () returned 0x12 [0154.731] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.731] GetLastError () returned 0x12 [0154.732] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.732] GetLastError () returned 0x12 [0154.732] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.733] GetLastError () returned 0x12 [0154.733] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.733] GetLastError () returned 0x12 [0154.733] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.734] GetLastError () returned 0x12 [0154.734] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.735] GetLastError () returned 0x12 [0154.735] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.736] GetLastError () returned 0x12 [0154.736] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.736] GetLastError () returned 0x12 [0154.736] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.736] GetLastError () returned 0x12 [0154.736] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.738] GetLastError () returned 0x12 [0154.738] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.738] GetLastError () returned 0x12 [0154.738] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.738] GetLastError () returned 0x12 [0154.738] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.740] GetLastError () returned 0x12 [0154.740] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.740] GetLastError () returned 0x12 [0154.741] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.741] GetLastError () returned 0x12 [0154.741] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.745] GetLastError () returned 0x12 [0154.745] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0154.746] GetLastError () returned 0x12 [0154.746] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.790] GetLastError () returned 0x12 [0154.790] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.796] GetLastError () returned 0x12 [0154.796] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.797] GetLastError () returned 0x12 [0154.797] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.798] GetLastError () returned 0x12 [0154.798] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0154.798] GetLastError () returned 0x12 [0154.798] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.800] GetLastError () returned 0x12 [0154.801] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.805] GetLastError () returned 0x12 [0154.805] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.806] GetLastError () returned 0x12 [0154.806] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.806] GetLastError () returned 0x12 [0154.806] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.808] GetLastError () returned 0x12 [0154.808] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.809] GetLastError () returned 0x12 [0154.809] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.809] GetLastError () returned 0x12 [0154.809] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.810] GetLastError () returned 0x12 [0154.810] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.811] GetLastError () returned 0x12 [0154.811] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.812] GetLastError () returned 0x12 [0154.812] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.812] GetLastError () returned 0x12 [0154.812] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0154.813] GetLastError () returned 0x12 [0154.813] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.814] GetLastError () returned 0x12 [0154.814] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.815] GetLastError () returned 0x12 [0154.815] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.815] GetLastError () returned 0x12 [0154.815] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.817] GetLastError () returned 0x12 [0154.817] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.817] GetLastError () returned 0x12 [0154.817] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.819] GetLastError () returned 0x12 [0154.819] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.820] GetLastError () returned 0x12 [0154.820] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.821] GetLastError () returned 0x12 [0154.821] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.822] GetLastError () returned 0x12 [0154.822] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.823] GetLastError () returned 0x12 [0154.823] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.823] GetLastError () returned 0x12 [0154.823] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.824] GetLastError () returned 0x12 [0154.824] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.827] GetLastError () returned 0x12 [0154.827] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.828] GetLastError () returned 0x12 [0154.828] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0154.829] GetLastError () returned 0x12 [0154.829] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.830] GetLastError () returned 0x12 [0154.830] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.831] GetLastError () returned 0x12 [0154.831] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.832] GetLastError () returned 0x12 [0154.832] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.833] GetLastError () returned 0x12 [0154.833] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.834] GetLastError () returned 0x12 [0154.834] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.834] GetLastError () returned 0x12 [0154.835] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.836] GetLastError () returned 0x12 [0154.836] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.837] GetLastError () returned 0x12 [0154.837] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.838] GetLastError () returned 0x12 [0154.838] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.838] GetLastError () returned 0x12 [0154.838] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.840] GetLastError () returned 0x12 [0154.840] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.840] GetLastError () returned 0x12 [0154.840] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.841] GetLastError () returned 0x12 [0154.841] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.950] GetLastError () returned 0x12 [0154.950] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.950] GetLastError () returned 0x12 [0154.950] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.952] GetLastError () returned 0x12 [0154.952] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.953] GetLastError () returned 0x12 [0154.953] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0154.955] GetLastError () returned 0x12 [0154.955] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.956] GetLastError () returned 0x12 [0154.956] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.957] GetLastError () returned 0x12 [0154.957] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.957] GetLastError () returned 0x12 [0154.957] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.958] GetLastError () returned 0x12 [0154.958] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.960] GetLastError () returned 0x12 [0154.960] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.962] GetLastError () returned 0x12 [0154.962] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.962] GetLastError () returned 0x12 [0154.962] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.963] GetLastError () returned 0x12 [0154.963] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.963] GetLastError () returned 0x12 [0154.963] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.966] GetLastError () returned 0x12 [0154.966] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.968] GetLastError () returned 0x12 [0154.968] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.968] GetLastError () returned 0x12 [0154.968] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.968] GetLastError () returned 0x12 [0154.968] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0154.970] GetLastError () returned 0x12 [0154.970] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.971] GetLastError () returned 0x12 [0154.971] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.972] GetLastError () returned 0x12 [0154.972] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.972] GetLastError () returned 0x12 [0154.972] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.973] GetLastError () returned 0x12 [0154.973] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0154.973] GetLastError () returned 0x12 [0154.973] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.973] GetLastError () returned 0x12 [0154.973] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.974] GetLastError () returned 0x12 [0154.974] FindClose (in: hFindFile=0x94d7e8 | out: hFindFile=0x94d7e8) returned 1 [0154.975] GetLastError () returned 0x12 [0154.975] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.975] GetLastError () returned 0x12 [0154.975] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.976] GetLastError () returned 0x12 [0154.976] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.976] GetLastError () returned 0x12 [0154.976] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0154.976] GetLastError () returned 0x12 [0154.976] FindClose (in: hFindFile=0x94d728 | out: hFindFile=0x94d728) returned 1 [0154.977] GetLastError () returned 0x12 [0154.977] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.977] GetLastError () returned 0x12 [0154.977] FindClose (in: hFindFile=0x94d8a8 | out: hFindFile=0x94d8a8) returned 1 [0154.977] GetLastError () returned 0x12 [0154.977] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.978] GetLastError () returned 0x12 [0154.978] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.978] GetLastError () returned 0x12 [0154.978] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.979] GetLastError () returned 0x12 [0154.979] FindClose (in: hFindFile=0x94d768 | out: hFindFile=0x94d768) returned 1 [0154.979] GetLastError () returned 0x12 [0154.979] FindClose (in: hFindFile=0x94d668 | out: hFindFile=0x94d668) returned 1 [0154.979] GetLastError () returned 0x12 [0154.979] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.981] GetLastError () returned 0x12 [0154.981] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.981] GetLastError () returned 0x12 [0154.981] FindClose (in: hFindFile=0x94d4a8 | out: hFindFile=0x94d4a8) returned 1 [0154.981] GetLastError () returned 0x12 [0154.981] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0154.993] GetLastError () returned 0x12 [0154.993] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0154.996] GetLastError () returned 0x12 [0154.996] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.078] GetLastError () returned 0x12 [0155.078] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0155.078] GetLastError () returned 0x12 [0155.078] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0155.080] GetLastError () returned 0x12 [0155.080] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.081] GetLastError () returned 0x12 [0155.082] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.082] GetLastError () returned 0x12 [0155.082] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.149] GetLastError () returned 0x12 [0155.149] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0155.151] GetLastError () returned 0x12 [0155.151] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.152] GetLastError () returned 0x12 [0155.152] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.153] GetLastError () returned 0x12 [0155.153] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.154] GetLastError () returned 0x12 [0155.154] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.155] GetLastError () returned 0x12 [0155.155] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.156] GetLastError () returned 0x12 [0155.156] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.157] GetLastError () returned 0x12 [0155.157] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0155.158] GetLastError () returned 0x12 [0155.158] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0155.160] GetLastError () returned 0x12 [0155.160] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.160] GetLastError () returned 0x12 [0155.160] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0155.162] GetLastError () returned 0x12 [0155.162] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.163] GetLastError () returned 0x12 [0155.163] FindClose (in: hFindFile=0x94d868 | out: hFindFile=0x94d868) returned 1 [0155.164] GetLastError () returned 0x12 [0155.164] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.165] GetLastError () returned 0x12 [0155.165] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0155.165] GetLastError () returned 0x12 [0155.165] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0155.167] GetLastError () returned 0x12 [0155.167] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.168] GetLastError () returned 0x12 [0155.168] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0155.169] GetLastError () returned 0x12 [0155.169] FindClose (in: hFindFile=0x94d6e8 | out: hFindFile=0x94d6e8) returned 1 [0155.170] GetLastError () returned 0x12 [0155.170] FindClose (in: hFindFile=0x94d628 | out: hFindFile=0x94d628) returned 1 [0166.938] SetErrorMode (uMode=0x8000) returned 0x0 [0167.184] LoadLibraryW (lpLibFileName="libeay32.dll") returned 0x10000000 [0169.202] _malloc_crt () returned 0x1d1058 [0169.202] _encode_pointer () returned 0x3b58f97f [0169.202] _decode_pointer () returned 0x1d1058 [0169.203] _decode_pointer () returned 0x1d1058 [0169.203] _decode_pointer () returned 0x1d1058 [0169.203] _encode_pointer () returned 0x59d8b93b [0169.203] __dllonexit () returned 0x59d8b93b [0169.203] _encode_pointer () returned 0x3b58f97f [0169.203] _encode_pointer () returned 0x3b48f97f [0169.203] _decode_pointer () returned 0x1d1058 [0169.203] _decode_pointer () returned 0x1d1058 [0169.203] _decode_pointer () returned 0x1d105c [0169.203] _encode_pointer () returned 0x5a10b93b [0169.203] __dllonexit () returned 0x5a10b93b [0169.203] _encode_pointer () returned 0x3b58f97f [0169.203] _encode_pointer () returned 0x3bb8f97f [0169.204] getenv (_VarName="OPENSSL_ia32cap") returned 0x0 [0169.205] SetErrorMode (uMode=0x0) returned 0x8000 [0169.205] SetErrorMode (uMode=0x8000) returned 0x0 [0169.205] LoadLibraryW (lpLibFileName="ssleay32.dll") returned 0xb00000 [0169.354] _malloc_crt () returned 0x1d10e0 [0169.354] _encode_pointer () returned 0x39b8f97f [0169.354] _decode_pointer () returned 0x1d10e0 [0169.354] _decode_pointer () returned 0x1d10e0 [0169.354] _decode_pointer () returned 0x1d10e0 [0169.354] _encode_pointer () returned 0xede4fbc7 [0169.354] __dllonexit () returned 0xede4fbc7 [0169.354] _encode_pointer () returned 0x39b8f97f [0169.354] _encode_pointer () returned 0x39a8f97f [0169.355] _decode_pointer () returned 0x1d10e0 [0169.355] _decode_pointer () returned 0x1d10e0 [0169.355] _decode_pointer () returned 0x1d10e4 [0169.355] _encode_pointer () returned 0xee1cfbc7 [0169.355] __dllonexit () returned 0xee1cfbc7 [0169.355] _encode_pointer () returned 0x39b8f97f [0169.355] _encode_pointer () returned 0x3998f97f [0169.355] DisableThreadLibraryCalls (hLibModule=0xb00000) returned 1 [0169.356] SetErrorMode (uMode=0x0) returned 0x8000 [0169.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_cipher_list", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0169.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_cipher_list", cchWideChar=23, lpMultiByteStr=0x2508514, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_set_cipher_list", lpUsedDefaultChar=0x0) returned 23 [0169.356] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_set_cipher_list") returned 0xb24370 [0169.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_new", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0169.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_new", cchWideChar=11, lpMultiByteStr=0x24eb1ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_new", lpUsedDefaultChar=0x0) returned 11 [0169.356] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_new") returned 0xb262f0 [0169.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_free", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0169.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_free", cchWideChar=12, lpMultiByteStr=0x24eb1ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_free", lpUsedDefaultChar=0x0) returned 12 [0169.357] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_free") returned 0xb24ae0 [0169.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_set_fd", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0169.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_set_fd", cchWideChar=10, lpMultiByteStr=0x24eb1ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_set_fd", lpUsedDefaultChar=0x0) returned 10 [0169.357] GetProcAddress (hModule=0xb00000, lpProcName="SSL_set_fd") returned 0xb236f0 [0169.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_use_PrivateKey_file", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0169.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_use_PrivateKey_file", cchWideChar=27, lpMultiByteStr=0x250f60c, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_use_PrivateKey_file", lpUsedDefaultChar=0x0) returned 27 [0169.357] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_use_PrivateKey_file") returned 0xb2cfa0 [0169.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_use_PrivateKey", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0169.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_use_PrivateKey", cchWideChar=22, lpMultiByteStr=0x2508514, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_use_PrivateKey", lpUsedDefaultChar=0x0) returned 22 [0169.358] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_use_PrivateKey") returned 0xb2cf30 [0169.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_use_certificate", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0169.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_use_certificate", cchWideChar=23, lpMultiByteStr=0x2508514, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_use_certificate", lpUsedDefaultChar=0x0) returned 23 [0169.358] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_use_certificate") returned 0xb2d5c0 [0169.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_use_certificate_file", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0169.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_use_certificate_file", cchWideChar=28, lpMultiByteStr=0x250f60c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_use_certificate_file", lpUsedDefaultChar=0x0) returned 28 [0169.358] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_use_certificate_file") returned 0xb2d630 [0169.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_use_certificate_chain_file", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0169.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_use_certificate_chain_file", cchWideChar=34, lpMultiByteStr=0x2524fd4, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_use_certificate_chain_file", lpUsedDefaultChar=0x0) returned 34 [0169.358] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_use_certificate_chain_file") returned 0xb2d7e0 [0169.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_load_error_strings", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0169.358] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_load_error_strings", cchWideChar=22, lpMultiByteStr=0x2508514, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_load_error_strings", lpUsedDefaultChar=0x0) returned 22 [0169.359] GetProcAddress (hModule=0xb00000, lpProcName="SSL_load_error_strings") returned 0xb26f00 [0169.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_state_string_long", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0169.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_state_string_long", cchWideChar=21, lpMultiByteStr=0x2508514, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_state_string_long", lpUsedDefaultChar=0x0) returned 21 [0169.359] GetProcAddress (hModule=0xb00000, lpProcName="SSL_state_string_long") returned 0xb2b340 [0169.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_alert_desc_string_long", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0169.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_alert_desc_string_long", cchWideChar=26, lpMultiByteStr=0x250f60c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_alert_desc_string_long", lpUsedDefaultChar=0x0) returned 26 [0169.359] GetProcAddress (hModule=0xb00000, lpProcName="SSL_alert_desc_string_long") returned 0xb2c690 [0169.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_alert_type_string_long", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0169.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_alert_type_string_long", cchWideChar=26, lpMultiByteStr=0x250f60c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_alert_type_string_long", lpUsedDefaultChar=0x0) returned 26 [0169.360] GetProcAddress (hModule=0xb00000, lpProcName="SSL_alert_type_string_long") returned 0xb2c460 [0169.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_get_peer_certificate", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0169.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_get_peer_certificate", cchWideChar=24, lpMultiByteStr=0x250f60c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_get_peer_certificate", lpUsedDefaultChar=0x0) returned 24 [0169.360] GetProcAddress (hModule=0xb00000, lpProcName="SSL_get_peer_certificate") returned 0xb23a00 [0169.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_verify", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0169.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_verify", cchWideChar=18, lpMultiByteStr=0x2508514, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_set_verify", lpUsedDefaultChar=0x0) returned 18 [0169.360] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_set_verify") returned 0xb24c80 [0169.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_verify_depth", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0169.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_verify_depth", cchWideChar=24, lpMultiByteStr=0x250f60c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_set_verify_depth", lpUsedDefaultChar=0x0) returned 24 [0169.360] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_set_verify_depth") returned 0xb24ca0 [0169.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_get_verify_depth", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0169.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_get_verify_depth", cchWideChar=24, lpMultiByteStr=0x250f60c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_get_verify_depth", lpUsedDefaultChar=0x0) returned 24 [0169.361] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_get_verify_depth") returned 0xb23970 [0169.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_default_passwd_cb", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0169.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_default_passwd_cb", cchWideChar=29, lpMultiByteStr=0x250f60c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_set_default_passwd_cb", lpUsedDefaultChar=0x0) returned 29 [0169.361] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_set_default_passwd_cb") returned 0xb24c40 [0169.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_default_passwd_cb_userdata", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0169.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_default_passwd_cb_userdata", cchWideChar=38, lpMultiByteStr=0x2524fd4, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_set_default_passwd_cb_userdata", lpUsedDefaultChar=0x0) returned 38 [0169.361] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_set_default_passwd_cb_userdata") returned 0xb24c50 [0169.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_check_private_key", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0169.361] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_check_private_key", cchWideChar=25, lpMultiByteStr=0x250f60c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_check_private_key", lpUsedDefaultChar=0x0) returned 25 [0169.362] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_check_private_key") returned 0xb23b50 [0169.362] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_new", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0169.362] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_new", cchWideChar=7, lpMultiByteStr=0x24f3a8c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_new", lpUsedDefaultChar=0x0) returned 7 [0169.362] GetProcAddress (hModule=0xb00000, lpProcName="SSL_new") returned 0xb26950 [0169.362] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_free", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0169.362] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_free", cchWideChar=8, lpMultiByteStr=0x24eb1ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_free", lpUsedDefaultChar=0x0) returned 8 [0169.362] GetProcAddress (hModule=0xb00000, lpProcName="SSL_free") returned 0xb26040 [0169.362] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_accept", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0169.362] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_accept", cchWideChar=10, lpMultiByteStr=0x24eb1ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_accept", lpUsedDefaultChar=0x0) returned 10 [0169.362] GetProcAddress (hModule=0xb00000, lpProcName="SSL_accept") returned 0xb26bf0 [0169.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_connect", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0169.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_connect", cchWideChar=11, lpMultiByteStr=0x24eb1ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_connect", lpUsedDefaultChar=0x0) returned 11 [0169.363] GetProcAddress (hModule=0xb00000, lpProcName="SSL_connect") returned 0xb26c20 [0169.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_read", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0169.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_read", cchWideChar=8, lpMultiByteStr=0x24eb1ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_read", lpUsedDefaultChar=0x0) returned 8 [0169.363] GetProcAddress (hModule=0xb00000, lpProcName="SSL_read") returned 0xb23ca0 [0169.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_peek", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0169.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_peek", cchWideChar=8, lpMultiByteStr=0x24eb1ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_peek", lpUsedDefaultChar=0x0) returned 8 [0169.363] GetProcAddress (hModule=0xb00000, lpProcName="SSL_peek") returned 0xb23cf0 [0169.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_pending", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0169.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_pending", cchWideChar=11, lpMultiByteStr=0x24eb1ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_pending", lpUsedDefaultChar=0x0) returned 11 [0169.364] GetProcAddress (hModule=0xb00000, lpProcName="SSL_pending") returned 0xb239f0 [0169.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_write", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0169.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_write", cchWideChar=9, lpMultiByteStr=0x24eb1ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_write", lpUsedDefaultChar=0x0) returned 9 [0169.364] GetProcAddress (hModule=0xb00000, lpProcName="SSL_write") returned 0xb23d40 [0169.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_ctrl", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0169.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_ctrl", cchWideChar=8, lpMultiByteStr=0x24eb1ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_ctrl", lpUsedDefaultChar=0x0) returned 8 [0169.364] GetProcAddress (hModule=0xb00000, lpProcName="SSL_ctrl") returned 0xb23e20 [0169.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_callback_ctrl", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0169.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_callback_ctrl", cchWideChar=17, lpMultiByteStr=0x2508514, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_callback_ctrl", lpUsedDefaultChar=0x0) returned 17 [0169.365] GetProcAddress (hModule=0xb00000, lpProcName="SSL_callback_ctrl") returned 0xb23fb0 [0169.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_ctrl", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0169.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_ctrl", cchWideChar=12, lpMultiByteStr=0x24eb1ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_ctrl", lpUsedDefaultChar=0x0) returned 12 [0169.365] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_ctrl") returned 0xb24000 [0169.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_callback_ctrl", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0169.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_callback_ctrl", cchWideChar=21, lpMultiByteStr=0x2508514, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_callback_ctrl", lpUsedDefaultChar=0x0) returned 21 [0169.365] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_callback_ctrl") returned 0xb24250 [0169.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_get_error", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_get_error", cchWideChar=13, lpMultiByteStr=0x24eb1ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_get_error", lpUsedDefaultChar=0x0) returned 13 [0169.366] GetProcAddress (hModule=0xb00000, lpProcName="SSL_get_error") returned 0xb266d0 [0169.366] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv2_method", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0169.366] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv2_method", cchWideChar=12, lpMultiByteStr=0x24eb1ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSLv2_method", lpUsedDefaultChar=0x0) returned 12 [0169.366] GetProcAddress (hModule=0xb00000, lpProcName="SSLv2_method") returned 0xb01020 [0169.366] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv2_server_method", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.366] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv2_server_method", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSLv2_server_method", lpUsedDefaultChar=0x0) returned 19 [0169.367] GetProcAddress (hModule=0xb00000, lpProcName="SSLv2_server_method") returned 0xb02750 [0169.367] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv2_client_method", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.367] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv2_client_method", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSLv2_client_method", lpUsedDefaultChar=0x0) returned 19 [0169.367] GetProcAddress (hModule=0xb00000, lpProcName="SSLv2_client_method") returned 0xb03e00 [0169.367] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv3_method", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0169.367] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv3_method", cchWideChar=12, lpMultiByteStr=0x24eb1ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSLv3_method", lpUsedDefaultChar=0x0) returned 12 [0169.367] GetProcAddress (hModule=0xb00000, lpProcName="SSLv3_method") returned 0xb051b0 [0169.367] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv3_server_method", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.367] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv3_server_method", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSLv3_server_method", lpUsedDefaultChar=0x0) returned 19 [0169.367] GetProcAddress (hModule=0xb00000, lpProcName="SSLv3_server_method") returned 0xb09650 [0169.367] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv3_client_method", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.368] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv3_client_method", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSLv3_client_method", lpUsedDefaultChar=0x0) returned 19 [0169.368] GetProcAddress (hModule=0xb00000, lpProcName="SSLv3_client_method") returned 0xb0d960 [0169.368] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv23_method", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.368] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv23_method", cchWideChar=13, lpMultiByteStr=0x24eb1ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSLv23_method", lpUsedDefaultChar=0x0) returned 13 [0169.368] GetProcAddress (hModule=0xb00000, lpProcName="SSLv23_method") returned 0xb14620 [0169.368] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv23_server_method", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0169.368] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv23_server_method", cchWideChar=20, lpMultiByteStr=0x2508514, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSLv23_server_method", lpUsedDefaultChar=0x0) returned 20 [0169.368] GetProcAddress (hModule=0xb00000, lpProcName="SSLv23_server_method") returned 0xb14f60 [0169.368] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv23_client_method", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0169.368] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLv23_client_method", cchWideChar=20, lpMultiByteStr=0x2508514, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSLv23_client_method", lpUsedDefaultChar=0x0) returned 20 [0169.369] GetProcAddress (hModule=0xb00000, lpProcName="SSLv23_client_method") returned 0xb15c20 [0169.369] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_method", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0169.369] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_method", cchWideChar=12, lpMultiByteStr=0x24eb1ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TLSv1_method", lpUsedDefaultChar=0x0) returned 12 [0169.369] GetProcAddress (hModule=0xb00000, lpProcName="TLSv1_method") returned 0xb15fc0 [0169.369] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_server_method", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.369] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_server_method", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TLSv1_server_method", lpUsedDefaultChar=0x0) returned 19 [0169.369] GetProcAddress (hModule=0xb00000, lpProcName="TLSv1_server_method") returned 0xb16030 [0169.369] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_client_method", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.369] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_client_method", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TLSv1_client_method", lpUsedDefaultChar=0x0) returned 19 [0169.369] GetProcAddress (hModule=0xb00000, lpProcName="TLSv1_client_method") returned 0xb160a0 [0169.369] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_1_method", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0169.369] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_1_method", cchWideChar=14, lpMultiByteStr=0x24eb1ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TLSv1_1_method", lpUsedDefaultChar=0x0) returned 14 [0169.370] GetProcAddress (hModule=0xb00000, lpProcName="TLSv1_1_method") returned 0xb15f70 [0169.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_1_server_method", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0169.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_1_server_method", cchWideChar=21, lpMultiByteStr=0x2508514, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TLSv1_1_server_method", lpUsedDefaultChar=0x0) returned 21 [0169.370] GetProcAddress (hModule=0xb00000, lpProcName="TLSv1_1_server_method") returned 0xb15fe0 [0169.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_1_client_method", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0169.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_1_client_method", cchWideChar=21, lpMultiByteStr=0x2508514, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TLSv1_1_client_method", lpUsedDefaultChar=0x0) returned 21 [0169.370] GetProcAddress (hModule=0xb00000, lpProcName="TLSv1_1_client_method") returned 0xb16050 [0169.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_2_method", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0169.370] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_2_method", cchWideChar=14, lpMultiByteStr=0x24eb1ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TLSv1_2_method", lpUsedDefaultChar=0x0) returned 14 [0169.370] GetProcAddress (hModule=0xb00000, lpProcName="TLSv1_2_method") returned 0xb15f60 [0169.371] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_2_server_method", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0169.371] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_2_server_method", cchWideChar=21, lpMultiByteStr=0x2508514, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TLSv1_2_server_method", lpUsedDefaultChar=0x0) returned 21 [0169.371] GetProcAddress (hModule=0xb00000, lpProcName="TLSv1_2_server_method") returned 0xb15fd0 [0169.371] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_2_client_method", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0169.371] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="TLSv1_2_client_method", cchWideChar=21, lpMultiByteStr=0x2508514, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TLSv1_2_client_method", lpUsedDefaultChar=0x0) returned 21 [0169.371] GetProcAddress (hModule=0xb00000, lpProcName="TLSv1_2_client_method") returned 0xb16040 [0169.371] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DTLSv1_method", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.371] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DTLSv1_method", cchWideChar=13, lpMultiByteStr=0x24eb1ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DTLSv1_method", lpUsedDefaultChar=0x0) returned 13 [0169.371] GetProcAddress (hModule=0xb00000, lpProcName="DTLSv1_method") returned 0xb1ab00 [0169.371] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DTLSv1_server_method", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0169.371] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DTLSv1_server_method", cchWideChar=20, lpMultiByteStr=0x2508514, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DTLSv1_server_method", lpUsedDefaultChar=0x0) returned 20 [0169.372] GetProcAddress (hModule=0xb00000, lpProcName="DTLSv1_server_method") returned 0xb1ca40 [0169.372] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DTLSv1_client_method", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0169.372] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DTLSv1_client_method", cchWideChar=20, lpMultiByteStr=0x2508514, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DTLSv1_client_method", lpUsedDefaultChar=0x0) returned 20 [0169.372] GetProcAddress (hModule=0xb00000, lpProcName="DTLSv1_client_method") returned 0xb1e3d0 [0169.372] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_shutdown", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0169.372] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_shutdown", cchWideChar=12, lpMultiByteStr=0x24eb1ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_shutdown", lpUsedDefaultChar=0x0) returned 12 [0169.372] GetProcAddress (hModule=0xb00000, lpProcName="SSL_shutdown") returned 0xb262a0 [0169.372] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_set_connect_state", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0169.372] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_set_connect_state", cchWideChar=21, lpMultiByteStr=0x2508514, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_set_connect_state", lpUsedDefaultChar=0x0) returned 21 [0169.373] GetProcAddress (hModule=0xb00000, lpProcName="SSL_set_connect_state") returned 0xb268b0 [0169.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_set_accept_state", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0169.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_set_accept_state", cchWideChar=20, lpMultiByteStr=0x2508514, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_set_accept_state", lpUsedDefaultChar=0x0) returned 20 [0169.373] GetProcAddress (hModule=0xb00000, lpProcName="SSL_set_accept_state") returned 0xb26850 [0169.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_set_shutdown", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0169.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_set_shutdown", cchWideChar=16, lpMultiByteStr=0x2508514, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_set_shutdown", lpUsedDefaultChar=0x0) returned 16 [0169.373] GetProcAddress (hModule=0xb00000, lpProcName="SSL_set_shutdown") returned 0xb28420 [0169.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_load_verify_locations", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0169.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_load_verify_locations", cchWideChar=29, lpMultiByteStr=0x250f60c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_load_verify_locations", lpUsedDefaultChar=0x0) returned 29 [0169.373] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_load_verify_locations") returned 0xb25a30 [0169.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_get_session", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0169.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_get_session", cchWideChar=15, lpMultiByteStr=0x24eb1ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_get_session", lpUsedDefaultChar=0x0) returned 15 [0169.374] GetProcAddress (hModule=0xb00000, lpProcName="SSL_get_session") returned 0xb23960 [0169.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_library_init", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0169.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_library_init", cchWideChar=16, lpMultiByteStr=0x2508514, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_library_init", lpUsedDefaultChar=0x0) returned 16 [0169.374] GetProcAddress (hModule=0xb00000, lpProcName="SSL_library_init") returned 0xb2f8d0 [0169.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_SESSION_get_id", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0169.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_SESSION_get_id", cchWideChar=18, lpMultiByteStr=0x2508514, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_SESSION_get_id", lpUsedDefaultChar=0x0) returned 18 [0169.374] GetProcAddress (hModule=0xb00000, lpProcName="SSL_SESSION_get_id") returned 0xb27e20 [0169.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_copy_session_id", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_copy_session_id", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_copy_session_id", lpUsedDefaultChar=0x0) returned 19 [0169.375] GetProcAddress (hModule=0xb00000, lpProcName="SSL_copy_session_id") returned 0xb23a70 [0169.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLeay_version", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0169.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLeay_version", cchWideChar=14, lpMultiByteStr=0x24eb1ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSLeay_version", lpUsedDefaultChar=0x0) returned 14 [0169.375] GetProcAddress (hModule=0x10000000, lpProcName="SSLeay_version") returned 0x10003870 [0169.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLeay", cchWideChar=6, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0169.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSLeay", cchWideChar=6, lpMultiByteStr=0x24f3a8c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSLeay", lpUsedDefaultChar=0x0) returned 6 [0169.375] GetProcAddress (hModule=0x10000000, lpProcName="SSLeay") returned 0x100038b0 [0169.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="d2i_X509_NAME", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="d2i_X509_NAME", cchWideChar=13, lpMultiByteStr=0x24eb1ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="d2i_X509_NAME", lpUsedDefaultChar=0x0) returned 13 [0169.375] GetProcAddress (hModule=0x10000000, lpProcName="d2i_X509_NAME") returned 0x100746a0 [0169.376] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="i2d_X509_NAME", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.376] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="i2d_X509_NAME", cchWideChar=13, lpMultiByteStr=0x24eb1ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="i2d_X509_NAME", lpUsedDefaultChar=0x0) returned 13 [0169.376] GetProcAddress (hModule=0x10000000, lpProcName="i2d_X509_NAME") returned 0x100746c0 [0169.376] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_NAME_oneline", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0169.376] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_NAME_oneline", cchWideChar=17, lpMultiByteStr=0x2508514, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_NAME_oneline", lpUsedDefaultChar=0x0) returned 17 [0169.376] GetProcAddress (hModule=0x10000000, lpProcName="X509_NAME_oneline") returned 0x1008a860 [0169.376] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_NAME_cmp", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.376] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_NAME_cmp", cchWideChar=13, lpMultiByteStr=0x24eb1ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_NAME_cmp", lpUsedDefaultChar=0x0) returned 13 [0169.376] GetProcAddress (hModule=0x10000000, lpProcName="X509_NAME_cmp") returned 0x1008a350 [0169.376] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_NAME_hash", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0169.376] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_NAME_hash", cchWideChar=14, lpMultiByteStr=0x24eb1ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_NAME_hash", lpUsedDefaultChar=0x0) returned 14 [0169.377] GetProcAddress (hModule=0x10000000, lpProcName="X509_NAME_hash") returned 0x1008a420 [0169.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_set_issuer_name", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0169.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_set_issuer_name", cchWideChar=20, lpMultiByteStr=0x2508514, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_set_issuer_name", lpUsedDefaultChar=0x0) returned 20 [0169.377] GetProcAddress (hModule=0x10000000, lpProcName="X509_set_issuer_name") returned 0x1008d8d0 [0169.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_get_issuer_name", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0169.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_get_issuer_name", cchWideChar=20, lpMultiByteStr=0x2508514, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_get_issuer_name", lpUsedDefaultChar=0x0) returned 20 [0169.377] GetProcAddress (hModule=0x10000000, lpProcName="X509_get_issuer_name") returned 0x1006a870 [0169.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_set_subject_name", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0169.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_set_subject_name", cchWideChar=21, lpMultiByteStr=0x2508514, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_set_subject_name", lpUsedDefaultChar=0x0) returned 21 [0169.377] GetProcAddress (hModule=0x10000000, lpProcName="X509_set_subject_name") returned 0x1008d8f0 [0169.377] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_get_subject_name", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0169.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_get_subject_name", cchWideChar=21, lpMultiByteStr=0x2508514, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_get_subject_name", lpUsedDefaultChar=0x0) returned 21 [0169.378] GetProcAddress (hModule=0x10000000, lpProcName="X509_get_subject_name") returned 0x1008a2c0 [0169.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_digest", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0169.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_digest", cchWideChar=11, lpMultiByteStr=0x24eb1ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_digest", lpUsedDefaultChar=0x0) returned 11 [0169.378] GetProcAddress (hModule=0x10000000, lpProcName="X509_digest") returned 0x10090940 [0169.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_LOOKUP_ctrl", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0169.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_LOOKUP_ctrl", cchWideChar=16, lpMultiByteStr=0x2508514, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_LOOKUP_ctrl", lpUsedDefaultChar=0x0) returned 16 [0169.378] GetProcAddress (hModule=0x10000000, lpProcName="X509_LOOKUP_ctrl") returned 0x1008f250 [0169.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_add_cert", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_add_cert", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_STORE_add_cert", lpUsedDefaultChar=0x0) returned 19 [0169.379] GetProcAddress (hModule=0x10000000, lpProcName="X509_STORE_add_cert") returned 0x1008fa40 [0169.379] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_add_crl", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0169.379] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_add_crl", cchWideChar=18, lpMultiByteStr=0x2508514, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_STORE_add_crl", lpUsedDefaultChar=0x0) returned 18 [0169.379] GetProcAddress (hModule=0x10000000, lpProcName="X509_STORE_add_crl") returned 0x1008fb10 [0169.379] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_CTX_get_ex_data", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0169.379] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_CTX_get_ex_data", cchWideChar=26, lpMultiByteStr=0x250f60c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_STORE_CTX_get_ex_data", lpUsedDefaultChar=0x0) returned 26 [0169.379] GetProcAddress (hModule=0x10000000, lpProcName="X509_STORE_CTX_get_ex_data") returned 0x1008bed0 [0169.379] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_CTX_get_error", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0169.379] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_CTX_get_error", cchWideChar=24, lpMultiByteStr=0x250f60c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_STORE_CTX_get_error", lpUsedDefaultChar=0x0) returned 24 [0169.379] GetProcAddress (hModule=0x10000000, lpProcName="X509_STORE_CTX_get_error") returned 0x1008bee0 [0169.380] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_CTX_set_error", cchWideChar=24, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0169.380] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_CTX_set_error", cchWideChar=24, lpMultiByteStr=0x250f60c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_STORE_CTX_set_error", lpUsedDefaultChar=0x0) returned 24 [0169.380] GetProcAddress (hModule=0x10000000, lpProcName="X509_STORE_CTX_set_error") returned 0x1008bef0 [0169.380] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_CTX_get_error_depth", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0169.380] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_CTX_get_error_depth", cchWideChar=30, lpMultiByteStr=0x250f60c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_STORE_CTX_get_error_depth", lpUsedDefaultChar=0x0) returned 30 [0169.380] GetProcAddress (hModule=0x10000000, lpProcName="X509_STORE_CTX_get_error_depth") returned 0x1008bf00 [0169.380] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_CTX_get_current_cert", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0169.380] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_CTX_get_current_cert", cchWideChar=31, lpMultiByteStr=0x250f60c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_STORE_CTX_get_current_cert", lpUsedDefaultChar=0x0) returned 31 [0169.380] GetProcAddress (hModule=0x10000000, lpProcName="X509_STORE_CTX_get_current_cert") returned 0x1008bf10 [0169.380] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_add_lookup", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0169.381] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_add_lookup", cchWideChar=21, lpMultiByteStr=0x2508514, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_STORE_add_lookup", lpUsedDefaultChar=0x0) returned 21 [0169.381] GetProcAddress (hModule=0x10000000, lpProcName="X509_STORE_add_lookup") returned 0x1008f4f0 [0169.381] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_load_locations", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0169.381] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_load_locations", cchWideChar=25, lpMultiByteStr=0x250f60c, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_STORE_load_locations", lpUsedDefaultChar=0x0) returned 25 [0169.381] GetProcAddress (hModule=0x10000000, lpProcName="X509_STORE_load_locations") returned 0x10089fd0 [0169.382] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="i2d_DSAPrivateKey", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0169.382] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="i2d_DSAPrivateKey", cchWideChar=17, lpMultiByteStr=0x2508514, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="i2d_DSAPrivateKey", lpUsedDefaultChar=0x0) returned 17 [0169.382] GetProcAddress (hModule=0x10000000, lpProcName="i2d_DSAPrivateKey") returned 0x10041830 [0169.382] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="d2i_DSAPrivateKey", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0169.382] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="d2i_DSAPrivateKey", cchWideChar=17, lpMultiByteStr=0x2508514, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="d2i_DSAPrivateKey", lpUsedDefaultChar=0x0) returned 17 [0169.382] GetProcAddress (hModule=0x10000000, lpProcName="d2i_DSAPrivateKey") returned 0x10041810 [0169.382] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="d2i_PrivateKey", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0169.382] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="d2i_PrivateKey", cchWideChar=14, lpMultiByteStr=0x24eb1ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="d2i_PrivateKey", lpUsedDefaultChar=0x0) returned 14 [0169.382] GetProcAddress (hModule=0x10000000, lpProcName="d2i_PrivateKey") returned 0x100762f0 [0169.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="d2i_PrivateKey_bio", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0169.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="d2i_PrivateKey_bio", cchWideChar=18, lpMultiByteStr=0x2508514, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="d2i_PrivateKey_bio", lpUsedDefaultChar=0x0) returned 18 [0169.383] GetProcAddress (hModule=0x10000000, lpProcName="d2i_PrivateKey_bio") returned 0x10090c50 [0169.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_sign", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0169.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_sign", cchWideChar=9, lpMultiByteStr=0x24eb1ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_sign", lpUsedDefaultChar=0x0) returned 9 [0169.383] GetProcAddress (hModule=0x10000000, lpProcName="X509_sign") returned 0x10090210 [0169.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_REQ_sign", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0169.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_REQ_sign", cchWideChar=13, lpMultiByteStr=0x24eb1ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_REQ_sign", lpUsedDefaultChar=0x0) returned 13 [0169.383] GetProcAddress (hModule=0x10000000, lpProcName="X509_REQ_sign") returned 0x10090280 [0169.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_REQ_add_extensions", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0169.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_REQ_add_extensions", cchWideChar=23, lpMultiByteStr=0x2508514, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_REQ_add_extensions", lpUsedDefaultChar=0x0) returned 23 [0169.384] GetProcAddress (hModule=0x10000000, lpProcName="X509_REQ_add_extensions") returned 0x1008aeb0 [0169.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509V3_EXT_conf_nid", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509V3_EXT_conf_nid", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509V3_EXT_conf_nid", lpUsedDefaultChar=0x0) returned 19 [0169.384] GetProcAddress (hModule=0x10000000, lpProcName="X509V3_EXT_conf_nid") returned 0x100933b0 [0169.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_EXTENSION_create_by_NID", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0169.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_EXTENSION_create_by_NID", cchWideChar=28, lpMultiByteStr=0x250f60c, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_EXTENSION_create_by_NID", lpUsedDefaultChar=0x0) returned 28 [0169.384] GetProcAddress (hModule=0x10000000, lpProcName="X509_EXTENSION_create_by_NID") returned 0x1008e6a0 [0169.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509V3_set_ctx", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0169.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509V3_set_ctx", cchWideChar=14, lpMultiByteStr=0x24eb1ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509V3_set_ctx", lpUsedDefaultChar=0x0) returned 14 [0169.385] GetProcAddress (hModule=0x10000000, lpProcName="X509V3_set_ctx") returned 0x10092db0 [0169.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_EXTENSION_free", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_EXTENSION_free", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_EXTENSION_free", lpUsedDefaultChar=0x0) returned 19 [0169.385] GetProcAddress (hModule=0x10000000, lpProcName="X509_EXTENSION_free") returned 0x1007e240 [0169.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_add_ext", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0169.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_add_ext", cchWideChar=12, lpMultiByteStr=0x24eb1ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_add_ext", lpUsedDefaultChar=0x0) returned 12 [0169.385] GetProcAddress (hModule=0x10000000, lpProcName="X509_add_ext") returned 0x1008e8d0 [0169.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_print", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0169.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_print", cchWideChar=10, lpMultiByteStr=0x24eb1ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_print", lpUsedDefaultChar=0x0) returned 10 [0169.385] GetProcAddress (hModule=0x10000000, lpProcName="X509_print") returned 0x10077870 [0169.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_cleanup", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0169.386] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_cleanup", cchWideChar=12, lpMultiByteStr=0x24eb1ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_cleanup", lpUsedDefaultChar=0x0) returned 12 [0169.386] GetProcAddress (hModule=0x10000000, lpProcName="RAND_cleanup") returned 0x1005d800 [0169.386] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_bytes", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0169.386] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_bytes", cchWideChar=10, lpMultiByteStr=0x24eb1ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_bytes", lpUsedDefaultChar=0x0) returned 10 [0169.386] GetProcAddress (hModule=0x10000000, lpProcName="RAND_bytes") returned 0x1005d940 [0169.386] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_pseudo_bytes", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0169.386] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_pseudo_bytes", cchWideChar=17, lpMultiByteStr=0x2508514, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_pseudo_bytes", lpUsedDefaultChar=0x0) returned 17 [0169.386] GetProcAddress (hModule=0x10000000, lpProcName="RAND_pseudo_bytes") returned 0x1005d9a0 [0169.386] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_seed", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0169.386] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_seed", cchWideChar=9, lpMultiByteStr=0x24eb1ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_seed", lpUsedDefaultChar=0x0) returned 9 [0169.387] GetProcAddress (hModule=0x10000000, lpProcName="RAND_seed") returned 0x1005d880 [0169.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_add", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0169.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_add", cchWideChar=8, lpMultiByteStr=0x24eb1ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_add", lpUsedDefaultChar=0x0) returned 8 [0169.387] GetProcAddress (hModule=0x10000000, lpProcName="RAND_add") returned 0x1005d8d0 [0169.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_status", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0169.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_status", cchWideChar=11, lpMultiByteStr=0x24eb1ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_status", lpUsedDefaultChar=0x0) returned 11 [0169.387] GetProcAddress (hModule=0x10000000, lpProcName="RAND_status") returned 0x1005da00 [0169.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_screen", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0169.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_screen", cchWideChar=11, lpMultiByteStr=0x24eb1ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_screen", lpUsedDefaultChar=0x0) returned 11 [0169.387] GetProcAddress (hModule=0x10000000, lpProcName="RAND_screen") returned 0x1005e5a0 [0169.387] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_event", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0169.388] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_event", cchWideChar=10, lpMultiByteStr=0x24eb1ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_event", lpUsedDefaultChar=0x0) returned 10 [0169.388] GetProcAddress (hModule=0x10000000, lpProcName="RAND_event") returned 0x1005e4a0 [0169.388] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DES_set_odd_parity", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0169.388] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DES_set_odd_parity", cchWideChar=18, lpMultiByteStr=0x2508514, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DES_set_odd_parity", lpUsedDefaultChar=0x0) returned 18 [0169.388] GetProcAddress (hModule=0x10000000, lpProcName="DES_set_odd_parity") returned 0x1000f580 [0169.388] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DES_set_key", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0169.388] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DES_set_key", cchWideChar=11, lpMultiByteStr=0x24eb1ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DES_set_key", lpUsedDefaultChar=0x0) returned 11 [0169.388] GetProcAddress (hModule=0x10000000, lpProcName="DES_set_key") returned 0x1000fc90 [0169.388] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DES_ecb_encrypt", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0169.388] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DES_ecb_encrypt", cchWideChar=15, lpMultiByteStr=0x24eb1ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DES_ecb_encrypt", lpUsedDefaultChar=0x0) returned 15 [0169.389] GetProcAddress (hModule=0x10000000, lpProcName="DES_ecb_encrypt") returned 0x1000fd50 [0169.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DES_set_odd_parity", cchWideChar=18, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0169.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DES_set_odd_parity", cchWideChar=18, lpMultiByteStr=0x2508514, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DES_set_odd_parity", lpUsedDefaultChar=0x0) returned 18 [0169.389] GetProcAddress (hModule=0x10000000, lpProcName="DES_set_odd_parity") returned 0x1000f580 [0169.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="_ossl_old_des_set_key", cchWideChar=21, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0169.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="_ossl_old_des_set_key", cchWideChar=21, lpMultiByteStr=0x2508514, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_ossl_old_des_set_key", lpUsedDefaultChar=0x0) returned 21 [0169.389] GetProcAddress (hModule=0x10000000, lpProcName="_ossl_old_des_set_key") returned 0x1000fcf0 [0169.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DES_ecb_encrypt", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0169.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="DES_ecb_encrypt", cchWideChar=15, lpMultiByteStr=0x24eb1ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DES_ecb_encrypt", lpUsedDefaultChar=0x0) returned 15 [0169.389] GetProcAddress (hModule=0x10000000, lpProcName="DES_ecb_encrypt") returned 0x1000fd50 [0169.390] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_set_ex_data", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0169.390] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_set_ex_data", cchWideChar=15, lpMultiByteStr=0x24eb1ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_set_ex_data", lpUsedDefaultChar=0x0) returned 15 [0169.390] GetProcAddress (hModule=0xb00000, lpProcName="SSL_set_ex_data") returned 0xb25ad0 [0169.390] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_get_ex_data", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0169.390] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_get_ex_data", cchWideChar=15, lpMultiByteStr=0x24eb1ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_get_ex_data", lpUsedDefaultChar=0x0) returned 15 [0169.390] GetProcAddress (hModule=0xb00000, lpProcName="SSL_get_ex_data") returned 0xb25af0 [0169.390] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_load_client_CA_file", cchWideChar=23, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0169.390] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_load_client_CA_file", cchWideChar=23, lpMultiByteStr=0x2508514, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_load_client_CA_file", lpUsedDefaultChar=0x0) returned 23 [0169.390] GetProcAddress (hModule=0xb00000, lpProcName="SSL_load_client_CA_file") returned 0xb27840 [0169.390] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_client_CA_list", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0169.390] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_client_CA_list", cchWideChar=26, lpMultiByteStr=0x250f60c, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_set_client_CA_list", lpUsedDefaultChar=0x0) returned 26 [0169.391] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_set_client_CA_list") returned 0xb276f0 [0169.391] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_default_verify_paths", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0169.391] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_default_verify_paths", cchWideChar=32, lpMultiByteStr=0x2524fd4, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_set_default_verify_paths", lpUsedDefaultChar=0x0) returned 32 [0169.391] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_set_default_verify_paths") returned 0xb25a20 [0169.391] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_session_id_context", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0169.391] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CTX_set_session_id_context", cchWideChar=30, lpMultiByteStr=0x250f60c, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CTX_set_session_id_context", lpUsedDefaultChar=0x0) returned 30 [0169.391] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CTX_set_session_id_context") returned 0xb23340 [0169.391] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CIPHER_description", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0169.391] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CIPHER_description", cchWideChar=22, lpMultiByteStr=0x2508514, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CIPHER_description", lpUsedDefaultChar=0x0) returned 22 [0169.391] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CIPHER_description") returned 0xb2abd0 [0169.392] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_get_current_cipher", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0169.392] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_get_current_cipher", cchWideChar=22, lpMultiByteStr=0x2508514, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_get_current_cipher", lpUsedDefaultChar=0x0) returned 22 [0169.392] GetProcAddress (hModule=0xb00000, lpProcName="SSL_get_current_cipher") returned 0xb256c0 [0169.392] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CIPHER_get_name", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.393] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CIPHER_get_name", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CIPHER_get_name", lpUsedDefaultChar=0x0) returned 19 [0169.393] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CIPHER_get_name") returned 0xb2b180 [0169.393] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CIPHER_get_version", cchWideChar=22, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0169.393] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CIPHER_get_version", cchWideChar=22, lpMultiByteStr=0x2508514, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CIPHER_get_version", lpUsedDefaultChar=0x0) returned 22 [0169.393] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CIPHER_get_version") returned 0xb2b150 [0169.393] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CIPHER_get_bits", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0169.393] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="SSL_CIPHER_get_bits", cchWideChar=19, lpMultiByteStr=0x2508514, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SSL_CIPHER_get_bits", lpUsedDefaultChar=0x0) returned 19 [0169.393] GetProcAddress (hModule=0xb00000, lpProcName="SSL_CIPHER_get_bits") returned 0xb2b1a0 [0169.393] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CRYPTO_lock", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0169.393] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CRYPTO_lock", cchWideChar=11, lpMultiByteStr=0x24eb1ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CRYPTO_lock", lpUsedDefaultChar=0x0) returned 11 [0169.394] GetProcAddress (hModule=0x10000000, lpProcName="CRYPTO_lock") returned 0x10001d00 [0169.394] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="CRYPTO_num_locks", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0169.394] GetProcAddress (hModule=0x10000000, lpProcName="CRYPTO_num_locks") returned 0x10001580 [0169.394] GetProcAddress (hModule=0x10000000, lpProcName="CRYPTO_set_locking_callback") returned 0x10001760 [0169.394] GetProcAddress (hModule=0x10000000, lpProcName="ERR_put_error") returned 0x1005f860 [0169.395] GetProcAddress (hModule=0x10000000, lpProcName="ERR_get_error") returned 0x1005fb80 [0169.395] GetProcAddress (hModule=0x10000000, lpProcName="ERR_peek_error") returned 0x1005fda0 [0169.395] GetProcAddress (hModule=0x10000000, lpProcName="ERR_peek_last_error") returned 0x1005fee0 [0169.395] GetProcAddress (hModule=0x10000000, lpProcName="ERR_clear_error") returned 0x1005f950 [0169.395] GetProcAddress (hModule=0x10000000, lpProcName="ERR_error_string") returned 0x1005fb30 [0169.396] GetProcAddress (hModule=0x10000000, lpProcName="ERR_error_string_n") returned 0x1005f9d0 [0169.396] GetProcAddress (hModule=0x10000000, lpProcName="ERR_lib_error_string") returned 0x1005ef40 [0169.396] GetProcAddress (hModule=0x10000000, lpProcName="ERR_func_error_string") returned 0x1005efc0 [0169.396] GetProcAddress (hModule=0x10000000, lpProcName="ERR_reason_error_string") returned 0x1005f050 [0169.396] GetProcAddress (hModule=0x10000000, lpProcName="ERR_load_ERR_strings") returned 0x1005f740 [0169.397] GetProcAddress (hModule=0x10000000, lpProcName="ERR_load_CRYPTO_strings") returned 0x100043a0 [0169.450] GetProcAddress (hModule=0x10000000, lpProcName="ERR_free_strings") returned 0x1005edc0 [0169.451] GetProcAddress (hModule=0x10000000, lpProcName="ERR_remove_thread_state") returned 0x1005f100 [0169.451] GetProcAddress (hModule=0x10000000, lpProcName="CRYPTO_cleanup_all_ex_data") returned 0x10003cf0 [0169.451] GetProcAddress (hModule=0xb00000, lpProcName="SSL_COMP_get_compression_methods") returned 0xb2b210 [0169.451] GetProcAddress (hModule=0x10000000, lpProcName="sk_pop_free") returned 0x1005c130 [0169.451] GetProcAddress (hModule=0x10000000, lpProcName="RSA_free") returned 0x1003bee0 [0169.452] GetProcAddress (hModule=0x10000000, lpProcName="RSA_generate_key_ex") returned 0x1003bc90 [0169.452] GetProcAddress (hModule=0x10000000, lpProcName="RSA_generate_key") returned 0x1003e740 [0169.452] GetProcAddress (hModule=0x10000000, lpProcName="RSA_check_key") returned 0x1003d840 [0169.452] GetProcAddress (hModule=0x10000000, lpProcName="RSA_new") returned 0x1003c1c0 [0169.452] GetProcAddress (hModule=0x10000000, lpProcName="RSA_size") returned 0x10040650 [0169.453] GetProcAddress (hModule=0x10000000, lpProcName="RSA_private_decrypt") returned 0x10040690 [0169.453] GetProcAddress (hModule=0x10000000, lpProcName="RSA_public_encrypt") returned 0x10040670 [0169.453] GetProcAddress (hModule=0x10000000, lpProcName="DH_free") returned 0x100455d0 [0169.453] GetProcAddress (hModule=0x10000000, lpProcName="BN_new") returned 0x1002e830 [0169.453] GetProcAddress (hModule=0x10000000, lpProcName="BN_free") returned 0x1002e7d0 [0169.454] GetProcAddress (hModule=0x10000000, lpProcName="BN_hex2bn") returned 0x10030a10 [0169.474] GetProcAddress (hModule=0x10000000, lpProcName="BN_bn2dec") returned 0x10030840 [0169.475] GetProcAddress (hModule=0x10000000, lpProcName="BN_bn2hex") returned 0x10030770 [0169.475] GetProcAddress (hModule=0x10000000, lpProcName="BN_set_word") returned 0x1002eb30 [0169.475] GetProcAddress (hModule=0x10000000, lpProcName="BIO_new") returned 0x10054e90 [0169.475] GetProcAddress (hModule=0x10000000, lpProcName="BIO_free") returned 0x10054730 [0169.476] GetProcAddress (hModule=0x10000000, lpProcName="BIO_new_mem_buf") returned 0x100553e0 [0169.476] GetProcAddress (hModule=0x10000000, lpProcName="BIO_s_mem") returned 0x100553d0 [0169.476] GetProcAddress (hModule=0x10000000, lpProcName="BIO_s_file") returned 0x10055d00 [0169.476] GetProcAddress (hModule=0x10000000, lpProcName="BIO_set_ex_data") returned 0x10054e50 [0169.476] GetProcAddress (hModule=0x10000000, lpProcName="BIO_get_ex_data") returned 0x10054e60 [0169.477] GetProcAddress (hModule=0x10000000, lpProcName="BIO_ctrl") returned 0x10054b50 [0169.477] GetProcAddress (hModule=0x10000000, lpProcName="BIO_int_ctrl") returned 0x10054ef0 [0169.477] GetProcAddress (hModule=0x10000000, lpProcName="BIO_ptr_ctrl") returned 0x10054f20 [0169.477] GetProcAddress (hModule=0x10000000, lpProcName="BIO_new_file") returned 0x10056390 [0169.477] GetProcAddress (hModule=0x10000000, lpProcName="BIO_puts") returned 0x100549a0 [0169.478] GetProcAddress (hModule=0x10000000, lpProcName="BIO_read") returned 0x10054820 [0169.478] GetProcAddress (hModule=0x10000000, lpProcName="BIO_write") returned 0x100548e0 [0169.478] GetProcAddress (hModule=0x10000000, lpProcName="i2d_X509_bio") returned 0x100903e0 [0169.478] GetProcAddress (hModule=0x10000000, lpProcName="i2d_PrivateKey_bio") returned 0x10090c30 [0169.478] GetProcAddress (hModule=0x10000000, lpProcName="d2i_X509_bio") returned 0x100903c0 [0169.479] GetProcAddress (hModule=0x10000000, lpProcName="d2i_PKCS12_bio") returned 0x100acbd0 [0169.479] GetProcAddress (hModule=0x10000000, lpProcName="PKCS12_parse") returned 0x100ac340 [0169.479] GetProcAddress (hModule=0x10000000, lpProcName="i2d_X509_REQ_bio") returned 0x10090560 [0169.479] GetProcAddress (hModule=0x10000000, lpProcName="i2d_PKCS7") returned 0x100a65a0 [0169.479] GetProcAddress (hModule=0x10000000, lpProcName="d2i_PKCS7") returned 0x100a6580 [0169.480] GetProcAddress (hModule=0x10000000, lpProcName="i2d_X509") returned 0x100750b0 [0169.480] GetProcAddress (hModule=0x10000000, lpProcName="d2i_X509") returned 0x10075090 [0169.480] GetProcAddress (hModule=0x10000000, lpProcName="i2d_X509_REQ") returned 0x10074150 [0169.480] GetProcAddress (hModule=0x10000000, lpProcName="d2i_X509_REQ") returned 0x10074130 [0169.480] GetProcAddress (hModule=0x10000000, lpProcName="i2d_X509_CRL") returned 0x10075900 [0169.481] GetProcAddress (hModule=0x10000000, lpProcName="d2i_X509_CRL") returned 0x100758e0 [0169.481] GetProcAddress (hModule=0x10000000, lpProcName="i2d_RSAPrivateKey") returned 0x1003e6a0 [0169.481] GetProcAddress (hModule=0x10000000, lpProcName="d2i_RSAPrivateKey") returned 0x1003e680 [0169.481] GetProcAddress (hModule=0x10000000, lpProcName="i2d_RSAPublicKey") returned 0x1003e6e0 [0169.481] GetProcAddress (hModule=0x10000000, lpProcName="d2i_RSAPublicKey") returned 0x1003e6c0 [0169.482] GetProcAddress (hModule=0x10000000, lpProcName="i2d_PrivateKey") returned 0x10076550 [0169.482] GetProcAddress (hModule=0x10000000, lpProcName="d2i_PrivateKey") returned 0x100762f0 [0169.482] GetProcAddress (hModule=0x10000000, lpProcName="i2d_DSAparams") returned 0x10041870 [0169.482] GetProcAddress (hModule=0x10000000, lpProcName="d2i_DSAparams") returned 0x10041850 [0169.482] GetProcAddress (hModule=0x10000000, lpProcName="i2d_DHparams") returned 0x10044e40 [0169.482] GetProcAddress (hModule=0x10000000, lpProcName="d2i_DHparams") returned 0x10044e20 [0169.483] GetProcAddress (hModule=0x10000000, lpProcName="i2d_NETSCAPE_CERT_SEQUENCE") returned 0x10076100 [0169.483] GetProcAddress (hModule=0x10000000, lpProcName="i2d_NETSCAPE_CERT_SEQUENCE") returned 0x10076100 [0169.483] GetProcAddress (hModule=0x10000000, lpProcName="X509_get_default_cert_file") returned 0x10089f40 [0169.483] GetProcAddress (hModule=0x10000000, lpProcName="X509_get_default_cert_file_env") returned 0x10089f60 [0169.483] GetProcAddress (hModule=0x10000000, lpProcName="X509_new") returned 0x100750d0 [0169.484] GetProcAddress (hModule=0x10000000, lpProcName="X509_free") returned 0x100750e0 [0169.484] GetProcAddress (hModule=0x10000000, lpProcName="X509_REQ_new") returned 0x10074170 [0169.484] GetProcAddress (hModule=0x10000000, lpProcName="X509_REQ_free") returned 0x10074180 [0169.484] GetProcAddress (hModule=0x10000000, lpProcName="X509_to_X509_REQ") returned 0x1008abc0 [0169.484] GetProcAddress (hModule=0x10000000, lpProcName="X509_NAME_new") returned 0x100746e0 [0169.485] GetProcAddress (hModule=0x10000000, lpProcName="X509_NAME_free") returned 0x100746f0 [0169.485] GetProcAddress (hModule=0x10000000, lpProcName="X509_NAME_add_entry_by_txt") returned 0x1008e2c0 [0169.485] GetProcAddress (hModule=0x10000000, lpProcName="X509_INFO_free") returned 0x10075f30 [0169.485] GetProcAddress (hModule=0x10000000, lpProcName="X509_set_version") returned 0x1008d840 [0169.485] GetProcAddress (hModule=0x10000000, lpProcName="X509_get_serialNumber") returned 0x1006a820 [0169.486] GetProcAddress (hModule=0x10000000, lpProcName="X509_gmtime_adj") returned 0x1008c5c0 [0169.486] GetProcAddress (hModule=0x10000000, lpProcName="X509_set_notBefore") returned 0x1008d910 [0169.486] GetProcAddress (hModule=0x10000000, lpProcName="X509_set_notAfter") returned 0x1008d970 [0169.486] GetProcAddress (hModule=0x10000000, lpProcName="X509_set_pubkey") returned 0x1008d9d0 [0169.486] GetProcAddress (hModule=0x10000000, lpProcName="X509_REQ_set_pubkey") returned 0x1008dbe0 [0169.487] GetProcAddress (hModule=0x10000000, lpProcName="X509_PUBKEY_get") returned 0x10073a60 [0169.487] GetProcAddress (hModule=0x10000000, lpProcName="X509_verify") returned 0x10090170 [0169.487] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_X509") returned 0x100874e0 [0169.487] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_X509_REQ") returned 0x10086790 [0169.487] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_X509_CRL") returned 0x100868b0 [0169.488] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_RSAPrivateKey") returned 0x10086af0 [0169.488] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_RSAPublicKey") returned 0x10086c30 [0169.488] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_DSAPrivateKey") returned 0x10086db0 [0169.488] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_PrivateKey") returned 0x10088100 [0169.488] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_PKCS7") returned 0x10086970 [0169.488] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_DHparams") returned 0x10087330 [0169.489] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_DSAparams") returned 0x10086fb0 [0169.489] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_NETSCAPE_CERT_SEQUENCE") returned 0x10086a30 [0169.489] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_X509") returned 0x10087540 [0169.489] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_X509_REQ") returned 0x100867f0 [0169.489] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_X509_CRL") returned 0x10086910 [0169.490] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_RSAPrivateKey") returned 0x10086bb0 [0169.490] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_RSAPublicKey") returned 0x10086c90 [0169.490] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_DSAPrivateKey") returned 0x10086e10 [0169.490] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_PrivateKey") returned 0x100883b0 [0169.563] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_PKCS7") returned 0x100869d0 [0169.564] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_DHparams") returned 0x10087390 [0169.564] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_DSAparams") returned 0x10087010 [0169.564] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_NETSCAPE_CERT_SEQUENCE") returned 0x10086a90 [0169.564] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_PKCS8PrivateKey") returned 0x10087d10 [0169.564] GetProcAddress (hModule=0x10000000, lpProcName="PEM_X509_INFO_read_bio") returned 0x10084410 [0169.565] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_X509_AUX") returned 0x100875a0 [0169.565] GetProcAddress (hModule=0x10000000, lpProcName="EVP_des_ede3_cbc") returned 0x10064b00 [0169.565] GetProcAddress (hModule=0x10000000, lpProcName="EVP_sha512") returned 0x10067a40 [0169.565] GetProcAddress (hModule=0x10000000, lpProcName="EVP_sha384") returned 0x10067a30 [0169.565] GetProcAddress (hModule=0x10000000, lpProcName="EVP_sha256") returned 0x100679d0 [0169.566] GetProcAddress (hModule=0x10000000, lpProcName="EVP_sha224") returned 0x100679c0 [0169.566] GetProcAddress (hModule=0x10000000, lpProcName="EVP_sha1") returned 0x10067960 [0169.592] malloc (_Size=0x60) returned 0x1d1168 [0169.593] malloc (_Size=0x40) returned 0x1d11d0 [0169.593] malloc (_Size=0x10) returned 0x1d1218 [0169.593] malloc (_Size=0xc) returned 0x1d1230 [0169.593] malloc (_Size=0x10) returned 0x1d1248 [0169.593] malloc (_Size=0xc) returned 0x1d1260 [0169.593] malloc (_Size=0x10) returned 0x1d1278 [0169.593] malloc (_Size=0xc) returned 0x1d1290 [0169.593] malloc (_Size=0x10) returned 0x1d12a8 [0169.593] malloc (_Size=0xc) returned 0x1d12c0 [0169.593] malloc (_Size=0x10) returned 0x1d12d8 [0169.594] malloc (_Size=0xc) returned 0x1d12f0 [0169.594] malloc (_Size=0x10) returned 0x1d1308 [0169.594] malloc (_Size=0xc) returned 0x1d1320 [0169.594] malloc (_Size=0x10) returned 0x1d1338 [0169.594] malloc (_Size=0xc) returned 0x1d04a0 [0170.239] malloc (_Size=0x10) returned 0x1d5768 [0170.239] malloc (_Size=0xc) returned 0x1d5750 [0170.239] malloc (_Size=0x10) returned 0x1d5780 [0170.239] malloc (_Size=0xc) returned 0x1d56c0 [0170.239] malloc (_Size=0x10) returned 0x1d5678 [0170.239] malloc (_Size=0xc) returned 0x1d5720 [0170.239] malloc (_Size=0x10) returned 0x1d5738 [0170.239] malloc (_Size=0xc) returned 0x1d5810 [0170.239] malloc (_Size=0x10) returned 0x1d5660 [0170.239] malloc (_Size=0xc) returned 0x1d5798 [0170.239] malloc (_Size=0x10) returned 0x1d57b0 [0170.239] malloc (_Size=0xc) returned 0x1d56a8 [0170.239] malloc (_Size=0x10) returned 0x1d57c8 [0170.239] malloc (_Size=0xc) returned 0x1d57e0 [0170.239] malloc (_Size=0x10) returned 0x1d57f8 [0170.239] malloc (_Size=0xc) returned 0x1d56d8 [0170.239] malloc (_Size=0x10) returned 0x1d5828 [0170.239] malloc (_Size=0xc) returned 0x1d5708 [0170.239] malloc (_Size=0x10) returned 0x1d5690 [0170.239] malloc (_Size=0xc) returned 0x1d56f0 [0170.240] malloc (_Size=0x10) returned 0x1d5ef8 [0170.240] malloc (_Size=0xc) returned 0x1d5d48 [0170.240] malloc (_Size=0x10) returned 0x1d5e08 [0170.240] malloc (_Size=0xc) returned 0x1d5f10 [0170.240] malloc (_Size=0x10) returned 0x1d5df0 [0170.240] malloc (_Size=0xc) returned 0x1d5e80 [0170.240] malloc (_Size=0x10) returned 0x1d5f28 [0170.240] malloc (_Size=0xc) returned 0x1d5c70 [0170.240] malloc (_Size=0x10) returned 0x1d5f58 [0170.241] malloc (_Size=0xc) returned 0x1d5ca0 [0170.241] malloc (_Size=0x10) returned 0x1d5e98 [0170.241] malloc (_Size=0xc) returned 0x1d5ee0 [0170.241] malloc (_Size=0x10) returned 0x1d5d90 [0170.241] malloc (_Size=0xc) returned 0x1d5f40 [0170.241] malloc (_Size=0x10) returned 0x1d5dd8 [0170.241] malloc (_Size=0xc) returned 0x1d5d00 [0170.241] malloc (_Size=0x10) returned 0x1d5c88 [0170.241] malloc (_Size=0xc) returned 0x1d5e20 [0170.241] malloc (_Size=0x10) returned 0x1d5da8 [0170.241] malloc (_Size=0xc) returned 0x1d5cd0 [0170.241] malloc (_Size=0x10) returned 0x1d5cb8 [0170.241] malloc (_Size=0xc) returned 0x1d5ce8 [0170.241] malloc (_Size=0x10) returned 0x1d5d18 [0170.241] malloc (_Size=0xc) returned 0x1d5d30 [0170.241] malloc (_Size=0x10) returned 0x1d5d60 [0170.242] malloc (_Size=0xc) returned 0x1d5d78 [0170.242] malloc (_Size=0x10) returned 0x1d5e38 [0170.242] realloc (_Block=0x1d11d0, _Size=0x80) returned 0x1d04b8 [0170.242] malloc (_Size=0xc) returned 0x1d5dc0 [0170.242] malloc (_Size=0x10) returned 0x1d5e50 [0170.242] malloc (_Size=0xc) returned 0x1d5e68 [0170.242] malloc (_Size=0x10) returned 0x1d5eb0 [0170.242] malloc (_Size=0xc) returned 0x1d5ec8 [0170.242] malloc (_Size=0x10) returned 0x1d5f88 [0170.242] malloc (_Size=0xc) returned 0x1d5f70 [0170.242] malloc (_Size=0x10) returned 0x1d5fa0 [0170.242] malloc (_Size=0xc) returned 0x1d5fd0 [0170.242] malloc (_Size=0x10) returned 0x1d6030 [0170.242] malloc (_Size=0xc) returned 0x1d5fb8 [0170.242] malloc (_Size=0x10) returned 0x1d5fe8 [0170.242] malloc (_Size=0xc) returned 0x1d6000 [0170.242] malloc (_Size=0x10) returned 0x1d6018 [0170.242] malloc (_Size=0xc) returned 0x1d63d8 [0170.242] malloc (_Size=0x10) returned 0x1d6378 [0170.242] malloc (_Size=0xc) returned 0x1d6408 [0170.242] malloc (_Size=0x10) returned 0x1d6420 [0170.243] malloc (_Size=0xc) returned 0x1d6390 [0170.243] malloc (_Size=0x10) returned 0x1d6438 [0170.243] malloc (_Size=0xc) returned 0x1d63a8 [0170.243] malloc (_Size=0x10) returned 0x1d63c0 [0170.243] malloc (_Size=0xc) returned 0x1d63f0 [0170.243] malloc (_Size=0x10) returned 0x1d6330 [0170.243] malloc (_Size=0xc) returned 0x1d60a8 [0170.243] malloc (_Size=0x10) returned 0x1d6288 [0170.243] malloc (_Size=0xc) returned 0x1d62a0 [0170.244] malloc (_Size=0x10) returned 0x1d62d0 [0170.244] malloc (_Size=0xc) returned 0x1d6108 [0170.244] malloc (_Size=0x10) returned 0x1d62b8 [0170.244] malloc (_Size=0xc) returned 0x1d6180 [0170.244] malloc (_Size=0x10) returned 0x1d6348 [0170.244] malloc (_Size=0xc) returned 0x1d6120 [0170.244] malloc (_Size=0x10) returned 0x1d6138 [0170.244] malloc (_Size=0xc) returned 0x1d6258 [0170.244] malloc (_Size=0x10) returned 0x1d6318 [0170.244] malloc (_Size=0xc) returned 0x1d62e8 [0170.244] malloc (_Size=0x10) returned 0x1d6228 [0170.244] malloc (_Size=0xc) returned 0x1d6360 [0170.244] malloc (_Size=0x10) returned 0x1d6078 [0170.244] malloc (_Size=0xc) returned 0x1d6090 [0170.244] malloc (_Size=0x10) returned 0x1d61e0 [0170.245] malloc (_Size=0xc) returned 0x1d6300 [0170.245] malloc (_Size=0x10) returned 0x1d60c0 [0170.245] malloc (_Size=0xc) returned 0x1d6210 [0170.245] malloc (_Size=0x10) returned 0x1d60d8 [0170.245] malloc (_Size=0xc) returned 0x1d60f0 [0170.245] malloc (_Size=0x10) returned 0x1d6150 [0170.245] malloc (_Size=0xc) returned 0x1d6168 [0170.245] malloc (_Size=0x10) returned 0x1d6198 [0170.245] malloc (_Size=0xc) returned 0x1d61f8 [0170.245] malloc (_Size=0x10) returned 0x1d61b0 [0170.245] malloc (_Size=0xc) returned 0x1d61c8 [0170.245] malloc (_Size=0x10) returned 0x1d6240 [0170.245] malloc (_Size=0xc) returned 0x1d6270 [0170.245] malloc (_Size=0x10) returned 0x1d64c8 [0170.245] malloc (_Size=0xc) returned 0x1d6588 [0170.245] malloc (_Size=0x10) returned 0x1d65e8 [0170.245] malloc (_Size=0xc) returned 0x1d6570 [0170.246] malloc (_Size=0x10) returned 0x1d64f8 [0170.246] malloc (_Size=0xc) returned 0x1d6618 [0170.246] malloc (_Size=0x10) returned 0x1d6690 [0170.246] malloc (_Size=0xc) returned 0x1d6630 [0170.246] malloc (_Size=0x10) returned 0x1d65d0 [0170.246] realloc (_Block=0x1d04b8, _Size=0x100) returned 0x1d1350 [0170.246] malloc (_Size=0xc) returned 0x1d65a0 [0170.246] malloc (_Size=0x10) returned 0x1d64e0 [0170.246] malloc (_Size=0xc) returned 0x1d65b8 [0170.246] malloc (_Size=0x10) returned 0x1d6528 [0170.246] malloc (_Size=0xc) returned 0x1d6648 [0170.246] malloc (_Size=0x10) returned 0x1d6480 [0170.246] malloc (_Size=0xc) returned 0x1d6660 [0170.246] malloc (_Size=0x10) returned 0x1d6510 [0170.246] malloc (_Size=0xc) returned 0x1d6768 [0170.246] malloc (_Size=0x10) returned 0x1d6558 [0170.246] malloc (_Size=0xc) returned 0x1d6498 [0170.246] malloc (_Size=0x10) returned 0x1d6720 [0170.246] malloc (_Size=0xc) returned 0x1d6600 [0170.247] malloc (_Size=0x10) returned 0x1d6738 [0170.247] malloc (_Size=0xc) returned 0x1d6678 [0170.247] malloc (_Size=0x10) returned 0x1d66a8 [0170.247] malloc (_Size=0xc) returned 0x1d6540 [0170.247] malloc (_Size=0x10) returned 0x1d66c0 [0170.247] malloc (_Size=0xc) returned 0x1d6750 [0170.247] malloc (_Size=0x10) returned 0x1d66d8 [0170.247] malloc (_Size=0xc) returned 0x1d66f0 [0170.247] malloc (_Size=0x10) returned 0x1d6708 [0170.247] malloc (_Size=0xc) returned 0x1d64b0 [0170.247] malloc (_Size=0x10) returned 0x1d67c8 [0170.247] malloc (_Size=0xc) returned 0x1d67f8 [0170.247] malloc (_Size=0x10) returned 0x1d6810 [0170.247] malloc (_Size=0xc) returned 0x1d6840 [0170.247] malloc (_Size=0x10) returned 0x1d6828 [0170.247] malloc (_Size=0xc) returned 0x1d67e0 [0170.247] malloc (_Size=0x10) returned 0x1d6798 [0170.247] malloc (_Size=0xc) returned 0x1d6780 [0170.247] malloc (_Size=0x10) returned 0x1d67b0 [0170.247] malloc (_Size=0xc) returned 0x1d68e8 [0170.248] malloc (_Size=0x10) returned 0x1d6a20 [0170.248] malloc (_Size=0xc) returned 0x1d6a08 [0170.248] malloc (_Size=0x10) returned 0x1d69a8 [0170.248] malloc (_Size=0xc) returned 0x1d6a80 [0170.248] malloc (_Size=0x10) returned 0x1d6888 [0170.248] malloc (_Size=0xc) returned 0x1d6b10 [0170.248] malloc (_Size=0x10) returned 0x1d6af8 [0170.248] malloc (_Size=0xc) returned 0x1d68d0 [0170.248] malloc (_Size=0x10) returned 0x1d6b28 [0170.248] malloc (_Size=0xc) returned 0x1d6b70 [0170.248] malloc (_Size=0x10) returned 0x1d69c0 [0170.248] malloc (_Size=0xc) returned 0x1d6b40 [0170.248] malloc (_Size=0x10) returned 0x1d69d8 [0170.248] malloc (_Size=0xc) returned 0x1d6a38 [0170.248] malloc (_Size=0x10) returned 0x1d69f0 [0170.248] malloc (_Size=0xc) returned 0x1d6918 [0170.248] malloc (_Size=0x10) returned 0x1d68b8 [0170.248] malloc (_Size=0xc) returned 0x1d6b58 [0170.248] malloc (_Size=0x10) returned 0x1d6a50 [0170.248] malloc (_Size=0xc) returned 0x1d68a0 [0170.248] malloc (_Size=0x10) returned 0x1d6a68 [0170.248] malloc (_Size=0xc) returned 0x1d6a98 [0170.248] malloc (_Size=0x10) returned 0x1d6900 [0170.248] malloc (_Size=0xc) returned 0x1d6930 [0170.249] malloc (_Size=0x10) returned 0x1d6948 [0170.249] malloc (_Size=0xc) returned 0x1d6960 [0170.249] malloc (_Size=0x10) returned 0x1d6978 [0170.249] malloc (_Size=0xc) returned 0x1d6990 [0170.249] malloc (_Size=0x10) returned 0x1d6ab0 [0170.249] malloc (_Size=0xc) returned 0x1d6ac8 [0170.249] malloc (_Size=0x10) returned 0x1d6ae0 [0170.249] malloc (_Size=0xc) returned 0x1d6b88 [0170.249] malloc (_Size=0x10) returned 0x1d6bd0 [0170.249] malloc (_Size=0xc) returned 0x1d6ba0 [0170.249] malloc (_Size=0x10) returned 0x1d6c00 [0170.249] malloc (_Size=0xc) returned 0x1d6bb8 [0170.249] malloc (_Size=0x10) returned 0x1d6be8 [0170.249] malloc (_Size=0xc) returned 0x1d6c48 [0170.249] malloc (_Size=0x10) returned 0x1d6c18 [0170.249] malloc (_Size=0xc) returned 0x1d6c30 [0170.249] malloc (_Size=0x10) returned 0x1d6d68 [0170.250] malloc (_Size=0xc) returned 0x1d6d98 [0170.250] malloc (_Size=0x10) returned 0x1d6d50 [0170.250] malloc (_Size=0xc) returned 0x1d6ed0 [0170.250] malloc (_Size=0x10) returned 0x1d6f48 [0170.250] malloc (_Size=0xc) returned 0x1d6db0 [0170.250] malloc (_Size=0x10) returned 0x1d6ea0 [0170.250] malloc (_Size=0xc) returned 0x1d6f78 [0170.250] malloc (_Size=0x10) returned 0x1d6e88 [0170.250] malloc (_Size=0xc) returned 0x1d6dc8 [0170.250] malloc (_Size=0x10) returned 0x1d6df8 [0170.250] malloc (_Size=0xc) returned 0x1d6e28 [0170.250] malloc (_Size=0x10) returned 0x1d6ee8 [0170.250] malloc (_Size=0xc) returned 0x1d6eb8 [0170.250] malloc (_Size=0x10) returned 0x1d6c90 [0170.250] malloc (_Size=0xc) returned 0x1d6d20 [0170.250] malloc (_Size=0x10) returned 0x1d6e10 [0170.251] malloc (_Size=0xc) returned 0x1d6d80 [0170.251] malloc (_Size=0x10) returned 0x1d6de0 [0170.251] malloc (_Size=0xc) returned 0x1d6e40 [0170.251] malloc (_Size=0x10) returned 0x1d6d08 [0170.251] malloc (_Size=0xc) returned 0x1d6cf0 [0170.251] malloc (_Size=0x10) returned 0x1d6f60 [0170.251] malloc (_Size=0xc) returned 0x1d6e58 [0170.251] malloc (_Size=0x10) returned 0x1d6e70 [0170.251] malloc (_Size=0xc) returned 0x1d6f00 [0170.251] malloc (_Size=0x10) returned 0x1d6f18 [0170.251] malloc (_Size=0xc) returned 0x1d6f30 [0170.251] malloc (_Size=0x10) returned 0x1d6ca8 [0170.251] malloc (_Size=0xc) returned 0x1d6cd8 [0170.251] malloc (_Size=0x10) returned 0x1d6cc0 [0170.251] malloc (_Size=0xc) returned 0x1d6d38 [0170.251] malloc (_Size=0x10) returned 0x1d7020 [0170.251] malloc (_Size=0xc) returned 0x1d6fa8 [0170.251] malloc (_Size=0x10) returned 0x1d7038 [0170.251] malloc (_Size=0xc) returned 0x1d7050 [0170.251] malloc (_Size=0x10) returned 0x1d7008 [0170.251] malloc (_Size=0xc) returned 0x1d6f90 [0170.251] malloc (_Size=0x10) returned 0x1d6fc0 [0170.251] malloc (_Size=0xc) returned 0x1d6fd8 [0170.251] malloc (_Size=0x10) returned 0x1d6ff0 [0170.252] malloc (_Size=0xc) returned 0x1d72c0 [0170.252] malloc (_Size=0x10) returned 0x1d7158 [0170.252] malloc (_Size=0xc) returned 0x1d7380 [0170.252] malloc (_Size=0x10) returned 0x1d7128 [0170.252] malloc (_Size=0xc) returned 0x1d7170 [0170.252] malloc (_Size=0x10) returned 0x1d7140 [0170.252] malloc (_Size=0xc) returned 0x1d7188 [0170.252] malloc (_Size=0x10) returned 0x1d71a0 [0170.252] realloc (_Block=0x1d1350, _Size=0x200) returned 0x1d7470 [0170.254] realloc (_Block=0x1d7470, _Size=0x400) returned 0x1d8e98 [0170.317] LoadLibraryA (lpLibFileName="ADVAPI32.DLL") returned 0x756e0000 [0170.317] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x772d0000 [0170.318] LoadLibraryA (lpLibFileName="NETAPI32.DLL") returned 0x73fe0000 [0170.318] GetProcAddress (hModule=0x73fe0000, lpProcName="NetStatisticsGet") returned 0x73fe2ad0 [0170.318] GetProcAddress (hModule=0x73fe0000, lpProcName="NetApiBufferFree") returned 0x73fd17c0 [0170.319] NetStatisticsGet (in: ServerName=0x0, Service=0x100d24e8, Level=0x0, Options=0x0, Buffer=0x19f86c | out: Buffer=0x19f86c) returned 0x0 [0170.868] malloc (_Size=0x64) returned 0x1d04b8 [0170.873] free (_Block=0x1d04b8) [0170.874] NetApiBufferFree (Buffer=0x9305e8) returned 0x0 [0170.874] NetStatisticsGet (in: ServerName=0x0, Service=0x100d24c0, Level=0x0, Options=0x0, Buffer=0x19f86c | out: Buffer=0x19f86c) returned 0x0 [0171.200] malloc (_Size=0x64) returned 0x1d04b8 [0171.202] free (_Block=0x1d04b8) [0171.202] NetApiBufferFree (Buffer=0x940c30) returned 0x0 [0171.202] FreeLibrary (hLibModule=0x73fe0000) returned 1 [0171.202] GetProcAddress (hModule=0x756e0000, lpProcName="CryptAcquireContextW") returned 0x756ffa40 [0171.202] GetProcAddress (hModule=0x756e0000, lpProcName="CryptGenRandom") returned 0x75700730 [0171.202] GetProcAddress (hModule=0x756e0000, lpProcName="CryptReleaseContext") returned 0x756ffbc0 [0171.203] CryptAcquireContextW (in: phProv=0x19f854, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x19f854*=0x957720) returned 1 [0171.775] CryptGenRandom (in: hProv=0x957720, dwLen=0x40, pbBuffer=0x19fbdc | out: pbBuffer=0x19fbdc) returned 1 [0171.776] malloc (_Size=0x64) returned 0x1d04b8 [0171.777] free (_Block=0x1d04b8) [0171.777] CryptReleaseContext (hProv=0x957720, dwFlags=0x0) returned 1 [0171.777] CryptAcquireContextW (in: phProv=0x19f854, szContainer=0x0, szProvider="Intel Hardware Cryptographic Service Provider", dwProvType=0x16, dwFlags=0x0 | out: phProv=0x19f854*=0x957720) returned 0 [0171.777] FreeLibrary (hLibModule=0x756e0000) returned 1 [0171.777] GetVersion () returned 0x23f00206 [0171.777] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0171.777] GetProcAddress (hModule=0x400000, lpProcName="_OPENSSL_isservice") returned 0x0 [0171.778] GetDesktopWindow () returned 0x10010 [0171.778] GetProcessWindowStation () returned 0x130 [0171.778] GetUserObjectInformationW (in: hObj=0x130, nIndex=2, pvInfo=0x0, nLength=0x0, lpnLengthNeeded=0x19f79c | out: pvInfo=0x0, lpnLengthNeeded=0x19f79c) returned 0 [0171.778] GetLastError () returned 0x7a [0171.778] GetUserObjectInformationW (in: hObj=0x130, nIndex=2, pvInfo=0x19f770, nLength=0x10, lpnLengthNeeded=0x19f79c | out: pvInfo=0x19f770, lpnLengthNeeded=0x19f79c) returned 1 [0171.778] wcsstr (_Str="WinSta0", _SubStr="Service-0x") returned 0x0 [0171.778] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x750c0000 [0171.778] GetProcAddress (hModule=0x750c0000, lpProcName="GetForegroundWindow") returned 0x750f3420 [0171.779] GetProcAddress (hModule=0x750c0000, lpProcName="GetCursorInfo") returned 0x750f33b0 [0171.779] GetProcAddress (hModule=0x750c0000, lpProcName="GetQueueStatus") returned 0x750ef510 [0171.779] GetForegroundWindow () returned 0x202bc [0171.779] malloc (_Size=0x64) returned 0x1d04b8 [0171.779] free (_Block=0x1d04b8) [0171.779] GetVersion () returned 0x23f00206 [0171.779] GetVersion () returned 0x23f00206 [0171.779] GetCursorInfo (in: pci=0x19f834 | out: pci=0x19f834) returned 1 [0171.780] GetQueueStatus (flags=0xbf) returned 0x0 [0171.780] malloc (_Size=0x64) returned 0x1d04b8 [0171.780] free (_Block=0x1d04b8) [0171.780] FreeLibrary (hLibModule=0x750c0000) returned 1 [0171.780] GetProcAddress (hModule=0x772d0000, lpProcName="CreateToolhelp32Snapshot") returned 0x7731edc0 [0171.780] GetProcAddress (hModule=0x772d0000, lpProcName="CloseToolhelp32Snapshot") returned 0x0 [0171.781] GetProcAddress (hModule=0x772d0000, lpProcName="Heap32First") returned 0x7731f2f0 [0171.781] GetProcAddress (hModule=0x772d0000, lpProcName="Heap32Next") returned 0x7731f510 [0171.781] GetProcAddress (hModule=0x772d0000, lpProcName="Heap32ListFirst") returned 0x7731f1a0 [0171.781] GetProcAddress (hModule=0x772d0000, lpProcName="Heap32ListNext") returned 0x7731f250 [0171.781] GetProcAddress (hModule=0x772d0000, lpProcName="Process32First") returned 0x7731f810 [0171.781] GetProcAddress (hModule=0x772d0000, lpProcName="Process32Next") returned 0x7731f9a0 [0171.782] GetProcAddress (hModule=0x772d0000, lpProcName="Thread32First") returned 0x7731fa80 [0171.782] GetProcAddress (hModule=0x772d0000, lpProcName="Thread32Next") returned 0x7731fb30 [0171.782] GetProcAddress (hModule=0x772d0000, lpProcName="Module32First") returned 0x7731fc90 [0171.782] GetProcAddress (hModule=0x772d0000, lpProcName="Module32Next") returned 0x7731fe30 [0171.782] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x404 [0171.940] GetTickCount () returned 0x116babc [0171.940] Heap32ListFirst (hSnapshot=0x404, lphl=0x19f838) returned 1 [0171.941] malloc (_Size=0x64) returned 0x1d04b8 [0171.942] free (_Block=0x1d04b8) [0171.942] Heap32First (lphe=0x19f7f8, th32ProcessID=0x1134, th32HeapID=0x900000) returned 1 [0171.950] malloc (_Size=0x64) returned 0x1d04b8 [0171.950] free (_Block=0x1d04b8) [0171.950] Heap32Next (lphe=0x19f7f8) returned 1 [0171.959] GetTickCount () returned 0x116bacc [0171.959] malloc (_Size=0x64) returned 0x1d04b8 [0171.960] free (_Block=0x1d04b8) [0171.960] Heap32Next (lphe=0x19f7f8) returned 1 [0172.064] GetTickCount () returned 0x116bb39 [0172.064] malloc (_Size=0x64) returned 0x1d04b8 [0172.065] free (_Block=0x1d04b8) [0172.065] Heap32Next (lphe=0x19f7f8) returned 1 [0172.074] GetTickCount () returned 0x116bb39 [0172.074] malloc (_Size=0x64) returned 0x1d04b8 [0172.075] free (_Block=0x1d04b8) [0172.075] Heap32Next (lphe=0x19f7f8) returned 1 [0172.084] GetTickCount () returned 0x116bb49 [0172.084] malloc (_Size=0x64) returned 0x1d04b8 [0172.084] free (_Block=0x1d04b8) [0172.084] Heap32Next (lphe=0x19f7f8) returned 1 [0172.092] GetTickCount () returned 0x116bb58 [0172.092] malloc (_Size=0x64) returned 0x1d04b8 [0172.093] free (_Block=0x1d04b8) [0172.093] Heap32Next (lphe=0x19f7f8) returned 1 [0172.101] GetTickCount () returned 0x116bb58 [0172.101] malloc (_Size=0x64) returned 0x1d04b8 [0172.102] free (_Block=0x1d04b8) [0172.102] Heap32Next (lphe=0x19f7f8) returned 1 [0172.140] GetTickCount () returned 0x116bb78 [0172.140] malloc (_Size=0x64) returned 0x1d04b8 [0172.141] free (_Block=0x1d04b8) [0172.141] Heap32Next (lphe=0x19f7f8) returned 1 [0172.150] GetTickCount () returned 0x116bb87 [0172.150] malloc (_Size=0x64) returned 0x1d04b8 [0172.151] free (_Block=0x1d04b8) [0172.151] Heap32Next (lphe=0x19f7f8) returned 1 [0172.159] GetTickCount () returned 0x116bb97 [0172.159] malloc (_Size=0x64) returned 0x1d04b8 [0172.160] free (_Block=0x1d04b8) [0172.160] Heap32Next (lphe=0x19f7f8) returned 1 [0172.168] GetTickCount () returned 0x116bb97 [0172.168] malloc (_Size=0x64) returned 0x1d04b8 [0172.169] free (_Block=0x1d04b8) [0172.169] Heap32Next (lphe=0x19f7f8) returned 1 [0172.198] GetTickCount () returned 0x116bbb6 [0172.199] malloc (_Size=0x64) returned 0x1d04b8 [0172.199] free (_Block=0x1d04b8) [0172.199] Heap32Next (lphe=0x19f7f8) returned 1 [0172.208] GetTickCount () returned 0x116bbc6 [0172.208] malloc (_Size=0x64) returned 0x1d04b8 [0172.208] free (_Block=0x1d04b8) [0172.208] Heap32Next (lphe=0x19f7f8) returned 1 [0172.216] GetTickCount () returned 0x116bbc6 [0172.216] malloc (_Size=0x64) returned 0x1d04b8 [0172.217] free (_Block=0x1d04b8) [0172.217] Heap32Next (lphe=0x19f7f8) returned 1 [0172.225] GetTickCount () returned 0x116bbd5 [0172.225] malloc (_Size=0x64) returned 0x1d04b8 [0172.226] free (_Block=0x1d04b8) [0172.226] Heap32Next (lphe=0x19f7f8) returned 1 [0172.257] GetTickCount () returned 0x116bbf5 [0172.257] malloc (_Size=0x64) returned 0x1d04b8 [0172.257] free (_Block=0x1d04b8) [0172.258] Heap32Next (lphe=0x19f7f8) returned 1 [0172.266] GetTickCount () returned 0x116bc04 [0172.266] malloc (_Size=0x64) returned 0x1d04b8 [0172.266] free (_Block=0x1d04b8) [0172.266] Heap32Next (lphe=0x19f7f8) returned 1 [0172.274] GetTickCount () returned 0x116bc04 [0172.274] malloc (_Size=0x64) returned 0x1d04b8 [0172.274] free (_Block=0x1d04b8) [0172.274] Heap32Next (lphe=0x19f7f8) returned 1 [0172.282] GetTickCount () returned 0x116bc14 [0172.282] malloc (_Size=0x64) returned 0x1d04b8 [0172.282] free (_Block=0x1d04b8) [0172.282] Heap32Next (lphe=0x19f7f8) returned 1 [0172.290] GetTickCount () returned 0x116bc14 [0172.290] malloc (_Size=0x64) returned 0x1d04b8 [0172.290] free (_Block=0x1d04b8) [0172.290] Heap32Next (lphe=0x19f7f8) returned 1 [0172.311] GetTickCount () returned 0x116bc33 [0172.311] malloc (_Size=0x64) returned 0x1d04b8 [0172.312] free (_Block=0x1d04b8) [0172.312] Heap32Next (lphe=0x19f7f8) returned 1 [0172.319] GetTickCount () returned 0x116bc33 [0172.320] malloc (_Size=0x64) returned 0x1d04b8 [0172.320] free (_Block=0x1d04b8) [0172.320] Heap32Next (lphe=0x19f7f8) returned 1 [0172.329] GetTickCount () returned 0x116bc43 [0172.329] malloc (_Size=0x64) returned 0x1d04b8 [0172.329] free (_Block=0x1d04b8) [0172.329] Heap32Next (lphe=0x19f7f8) returned 1 [0172.337] GetTickCount () returned 0x116bc43 [0172.337] malloc (_Size=0x64) returned 0x1d04b8 [0172.337] free (_Block=0x1d04b8) [0172.337] Heap32Next (lphe=0x19f7f8) returned 1 [0172.358] GetTickCount () returned 0x116bc62 [0172.358] malloc (_Size=0x64) returned 0x1d04b8 [0172.358] free (_Block=0x1d04b8) [0172.358] Heap32Next (lphe=0x19f7f8) returned 1 [0172.366] GetTickCount () returned 0x116bc62 [0172.366] malloc (_Size=0x64) returned 0x1d04b8 [0172.366] free (_Block=0x1d04b8) [0172.366] Heap32Next (lphe=0x19f7f8) returned 1 [0172.376] GetTickCount () returned 0x116bc72 [0172.376] malloc (_Size=0x64) returned 0x1d04b8 [0172.376] free (_Block=0x1d04b8) [0172.376] Heap32Next (lphe=0x19f7f8) returned 1 [0172.385] GetTickCount () returned 0x116bc72 [0172.385] malloc (_Size=0x64) returned 0x1d04b8 [0172.385] free (_Block=0x1d04b8) [0172.385] Heap32Next (lphe=0x19f7f8) returned 1 [0172.408] GetTickCount () returned 0x116bc91 [0172.408] malloc (_Size=0x64) returned 0x1d04b8 [0172.408] free (_Block=0x1d04b8) [0172.408] Heap32Next (lphe=0x19f7f8) returned 1 [0172.418] GetTickCount () returned 0x116bc91 [0172.418] malloc (_Size=0x64) returned 0x1d04b8 [0172.418] free (_Block=0x1d04b8) [0172.418] Heap32Next (lphe=0x19f7f8) returned 1 [0172.428] GetTickCount () returned 0x116bca0 [0172.428] malloc (_Size=0x64) returned 0x1d04b8 [0172.428] free (_Block=0x1d04b8) [0172.428] Heap32Next (lphe=0x19f7f8) returned 1 [0172.439] GetTickCount () returned 0x116bcb0 [0172.439] malloc (_Size=0x64) returned 0x1d04b8 [0172.439] free (_Block=0x1d04b8) [0172.440] Heap32Next (lphe=0x19f7f8) returned 1 [0172.449] GetTickCount () returned 0x116bcb0 [0172.449] malloc (_Size=0x64) returned 0x1d04b8 [0172.449] free (_Block=0x1d04b8) [0172.449] Heap32Next (lphe=0x19f7f8) returned 1 [0172.460] GetTickCount () returned 0x116bcc0 [0172.460] malloc (_Size=0x64) returned 0x1d04b8 [0172.460] free (_Block=0x1d04b8) [0172.460] Heap32Next (lphe=0x19f7f8) returned 1 [0172.471] GetTickCount () returned 0x116bccf [0172.471] malloc (_Size=0x64) returned 0x1d04b8 [0172.471] free (_Block=0x1d04b8) [0172.471] Heap32Next (lphe=0x19f7f8) returned 1 [0172.503] GetTickCount () returned 0x116bcef [0172.503] malloc (_Size=0x64) returned 0x1d04b8 [0172.503] free (_Block=0x1d04b8) [0172.503] Heap32Next (lphe=0x19f7f8) returned 1 [0172.512] GetTickCount () returned 0x116bcef [0172.512] malloc (_Size=0x64) returned 0x1d04b8 [0172.512] free (_Block=0x1d04b8) [0172.512] Heap32Next (lphe=0x19f7f8) returned 1 [0172.522] GetTickCount () returned 0x116bcfe [0172.522] malloc (_Size=0x64) returned 0x1d04b8 [0172.522] free (_Block=0x1d04b8) [0172.522] Heap32Next (lphe=0x19f7f8) returned 1 [0172.532] GetTickCount () returned 0x116bd0e [0172.532] malloc (_Size=0x64) returned 0x1d04b8 [0172.532] free (_Block=0x1d04b8) [0172.532] Heap32Next (lphe=0x19f7f8) returned 1 [0172.541] GetTickCount () returned 0x116bd0e [0172.541] malloc (_Size=0x64) returned 0x1d04b8 [0172.541] free (_Block=0x1d04b8) [0172.541] Heap32Next (lphe=0x19f7f8) returned 1 [0172.557] GetTickCount () returned 0x116bd1d [0172.557] malloc (_Size=0x64) returned 0x1d04b8 [0172.557] free (_Block=0x1d04b8) [0172.557] Heap32Next (lphe=0x19f7f8) returned 1 [0172.567] GetTickCount () returned 0x116bd2d [0172.567] malloc (_Size=0x64) returned 0x1d04b8 [0172.567] free (_Block=0x1d04b8) [0172.567] Heap32Next (lphe=0x19f7f8) returned 1 [0172.578] GetTickCount () returned 0x116bd3d [0172.578] malloc (_Size=0x64) returned 0x1d04b8 [0172.578] free (_Block=0x1d04b8) [0172.578] Heap32Next (lphe=0x19f7f8) returned 1 [0172.587] GetTickCount () returned 0x116bd3d [0172.587] malloc (_Size=0x64) returned 0x1d04b8 [0172.587] free (_Block=0x1d04b8) [0172.587] Heap32Next (lphe=0x19f7f8) returned 1 [0172.608] GetTickCount () returned 0x116bd5c [0172.608] malloc (_Size=0x64) returned 0x1d04b8 [0172.608] free (_Block=0x1d04b8) [0172.608] Heap32Next (lphe=0x19f7f8) returned 1 [0172.618] GetTickCount () returned 0x116bd5c [0172.618] malloc (_Size=0x64) returned 0x1d04b8 [0172.618] free (_Block=0x1d04b8) [0172.618] Heap32Next (lphe=0x19f7f8) returned 1 [0172.629] GetTickCount () returned 0x116bd6c [0172.629] malloc (_Size=0x64) returned 0x1d04b8 [0172.629] free (_Block=0x1d04b8) [0172.629] Heap32Next (lphe=0x19f7f8) returned 1 [0172.644] GetTickCount () returned 0x116bd7b [0172.644] malloc (_Size=0x64) returned 0x1d04b8 [0172.644] free (_Block=0x1d04b8) [0172.644] Heap32Next (lphe=0x19f7f8) returned 1 [0172.654] GetTickCount () returned 0x116bd7b [0172.654] malloc (_Size=0x64) returned 0x1d04b8 [0172.654] free (_Block=0x1d04b8) [0172.654] Heap32Next (lphe=0x19f7f8) returned 1 [0172.663] GetTickCount () returned 0x116bd8b [0172.663] malloc (_Size=0x64) returned 0x1d04b8 [0172.663] free (_Block=0x1d04b8) [0172.664] Heap32Next (lphe=0x19f7f8) returned 1 [0172.673] GetTickCount () returned 0x116bd9a [0172.673] malloc (_Size=0x64) returned 0x1d04b8 [0172.674] free (_Block=0x1d04b8) [0172.674] Heap32Next (lphe=0x19f7f8) returned 1 [0172.683] GetTickCount () returned 0x116bd9a [0172.683] malloc (_Size=0x64) returned 0x1d04b8 [0172.684] free (_Block=0x1d04b8) [0172.684] Heap32Next (lphe=0x19f7f8) returned 1 [0172.712] GetTickCount () returned 0x116bdba [0172.712] malloc (_Size=0x64) returned 0x1d04b8 [0172.712] free (_Block=0x1d04b8) [0172.712] Heap32Next (lphe=0x19f7f8) returned 1 [0172.722] GetTickCount () returned 0x116bdc9 [0172.723] malloc (_Size=0x64) returned 0x1d04b8 [0172.723] free (_Block=0x1d04b8) [0172.723] Heap32Next (lphe=0x19f7f8) returned 1 [0172.763] GetTickCount () returned 0x116bdf8 [0172.763] malloc (_Size=0x64) returned 0x1d04b8 [0172.763] free (_Block=0x1d04b8) [0172.763] Heap32Next (lphe=0x19f7f8) returned 1 [0172.771] GetTickCount () returned 0x116bdf8 [0172.772] malloc (_Size=0x64) returned 0x1d04b8 [0172.772] free (_Block=0x1d04b8) [0172.772] Heap32Next (lphe=0x19f7f8) returned 1 [0172.788] GetTickCount () returned 0x116be08 [0172.788] malloc (_Size=0x64) returned 0x1d04b8 [0172.788] free (_Block=0x1d04b8) [0172.789] Heap32Next (lphe=0x19f7f8) returned 1 [0172.797] GetTickCount () returned 0x116be17 [0172.797] malloc (_Size=0x64) returned 0x1d04b8 [0172.797] free (_Block=0x1d04b8) [0172.797] Heap32Next (lphe=0x19f7f8) returned 1 [0172.805] GetTickCount () returned 0x116be17 [0172.805] malloc (_Size=0x64) returned 0x1d04b8 [0172.805] free (_Block=0x1d04b8) [0172.805] Heap32Next (lphe=0x19f7f8) returned 1 [0172.816] GetTickCount () returned 0x116be27 [0172.816] malloc (_Size=0x64) returned 0x1d04b8 [0172.816] free (_Block=0x1d04b8) [0172.817] Heap32Next (lphe=0x19f7f8) returned 1 [0172.824] GetTickCount () returned 0x116be27 [0172.824] malloc (_Size=0x64) returned 0x1d04b8 [0172.825] free (_Block=0x1d04b8) [0172.825] Heap32Next (lphe=0x19f7f8) returned 1 [0172.848] GetTickCount () returned 0x116be46 [0172.848] malloc (_Size=0x64) returned 0x1d04b8 [0172.848] free (_Block=0x1d04b8) [0172.848] Heap32Next (lphe=0x19f7f8) returned 1 [0172.856] GetTickCount () returned 0x116be46 [0172.856] malloc (_Size=0x64) returned 0x1d04b8 [0172.856] free (_Block=0x1d04b8) [0172.856] Heap32Next (lphe=0x19f7f8) returned 1 [0172.865] GetTickCount () returned 0x116be56 [0172.865] malloc (_Size=0x64) returned 0x1d04b8 [0172.865] free (_Block=0x1d04b8) [0172.865] Heap32Next (lphe=0x19f7f8) returned 1 [0173.064] GetTickCount () returned 0x116bf21 [0173.064] Heap32ListNext (hSnapshot=0x404, lphl=0x19f838) returned 1 [0173.065] GetTickCount () returned 0x116bf21 [0173.065] GetTickCount () returned 0x116bf21 [0173.065] Process32First (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.066] malloc (_Size=0x64) returned 0x1d04b8 [0173.066] free (_Block=0x1d04b8) [0173.066] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6a, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0173.067] GetTickCount () returned 0x116bf21 [0173.068] malloc (_Size=0x64) returned 0x1d04b8 [0173.068] free (_Block=0x1d04b8) [0173.068] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0173.069] GetTickCount () returned 0x116bf21 [0173.069] malloc (_Size=0x64) returned 0x1d04b8 [0173.069] free (_Block=0x1d04b8) [0173.069] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0173.074] GetTickCount () returned 0x116bf21 [0173.074] malloc (_Size=0x64) returned 0x1d04b8 [0173.074] free (_Block=0x1d04b8) [0173.074] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0173.075] GetTickCount () returned 0x116bf21 [0173.075] malloc (_Size=0x64) returned 0x1d04b8 [0173.075] free (_Block=0x1d04b8) [0173.075] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0173.076] GetTickCount () returned 0x116bf31 [0173.076] malloc (_Size=0x64) returned 0x1d04b8 [0173.077] free (_Block=0x1d04b8) [0173.077] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0173.078] GetTickCount () returned 0x116bf31 [0173.078] malloc (_Size=0x64) returned 0x1d04b8 [0173.078] free (_Block=0x1d04b8) [0173.078] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0173.079] GetTickCount () returned 0x116bf31 [0173.079] malloc (_Size=0x64) returned 0x1d04b8 [0173.079] free (_Block=0x1d04b8) [0173.079] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0173.080] GetTickCount () returned 0x116bf31 [0173.080] malloc (_Size=0x64) returned 0x1d04b8 [0173.080] free (_Block=0x1d04b8) [0173.080] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.081] GetTickCount () returned 0x116bf31 [0173.081] malloc (_Size=0x64) returned 0x1d04b8 [0173.081] free (_Block=0x1d04b8) [0173.081] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0173.082] GetTickCount () returned 0x116bf31 [0173.082] malloc (_Size=0x64) returned 0x1d04b8 [0173.083] free (_Block=0x1d04b8) [0173.083] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0173.084] GetTickCount () returned 0x116bf31 [0173.084] malloc (_Size=0x64) returned 0x1d04b8 [0173.084] free (_Block=0x1d04b8) [0173.084] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.085] GetTickCount () returned 0x116bf31 [0173.085] malloc (_Size=0x64) returned 0x1d04b8 [0173.085] free (_Block=0x1d04b8) [0173.085] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0173.086] GetTickCount () returned 0x116bf31 [0173.086] malloc (_Size=0x64) returned 0x1d04b8 [0173.086] free (_Block=0x1d04b8) [0173.086] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x68, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.087] GetTickCount () returned 0x116bf31 [0173.087] malloc (_Size=0x64) returned 0x1d04b8 [0173.087] free (_Block=0x1d04b8) [0173.087] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.088] GetTickCount () returned 0x116bf31 [0173.088] malloc (_Size=0x64) returned 0x1d04b8 [0173.088] free (_Block=0x1d04b8) [0173.089] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.090] GetTickCount () returned 0x116bf31 [0173.090] malloc (_Size=0x64) returned 0x1d04b8 [0173.090] free (_Block=0x1d04b8) [0173.090] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.091] GetTickCount () returned 0x116bf31 [0173.091] malloc (_Size=0x64) returned 0x1d04b8 [0173.091] free (_Block=0x1d04b8) [0173.091] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.092] GetTickCount () returned 0x116bf40 [0173.092] malloc (_Size=0x64) returned 0x1d04b8 [0173.092] free (_Block=0x1d04b8) [0173.092] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.093] GetTickCount () returned 0x116bf40 [0173.093] malloc (_Size=0x64) returned 0x1d04b8 [0173.093] free (_Block=0x1d04b8) [0173.093] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.094] GetTickCount () returned 0x116bf40 [0173.094] malloc (_Size=0x64) returned 0x1d04b8 [0173.094] free (_Block=0x1d04b8) [0173.095] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.096] GetTickCount () returned 0x116bf40 [0173.096] malloc (_Size=0x64) returned 0x1d04b8 [0173.096] free (_Block=0x1d04b8) [0173.096] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.097] GetTickCount () returned 0x116bf40 [0173.097] malloc (_Size=0x64) returned 0x1d04b8 [0173.097] free (_Block=0x1d04b8) [0173.098] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.099] GetTickCount () returned 0x116bf40 [0173.099] malloc (_Size=0x64) returned 0x1d04b8 [0173.099] free (_Block=0x1d04b8) [0173.099] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0173.100] GetTickCount () returned 0x116bf40 [0173.100] malloc (_Size=0x64) returned 0x1d04b8 [0173.100] free (_Block=0x1d04b8) [0173.100] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.101] GetTickCount () returned 0x116bf40 [0173.101] malloc (_Size=0x64) returned 0x1d04b8 [0173.101] free (_Block=0x1d04b8) [0173.101] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0173.103] GetTickCount () returned 0x116bf40 [0173.103] malloc (_Size=0x64) returned 0x1d04b8 [0173.103] free (_Block=0x1d04b8) [0173.103] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0173.104] GetTickCount () returned 0x116bf40 [0173.104] malloc (_Size=0x64) returned 0x1d04b8 [0173.104] free (_Block=0x1d04b8) [0173.104] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.105] GetTickCount () returned 0x116bf40 [0173.105] malloc (_Size=0x64) returned 0x1d04b8 [0173.105] free (_Block=0x1d04b8) [0173.105] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0173.106] GetTickCount () returned 0x116bf40 [0173.106] malloc (_Size=0x64) returned 0x1d04b8 [0173.106] free (_Block=0x1d04b8) [0173.106] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x37, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.119] GetTickCount () returned 0x116bf50 [0173.119] malloc (_Size=0x64) returned 0x1d04b8 [0173.120] free (_Block=0x1d04b8) [0173.120] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0173.121] GetTickCount () returned 0x116bf50 [0173.121] malloc (_Size=0x64) returned 0x1d04b8 [0173.121] free (_Block=0x1d04b8) [0173.121] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0173.122] GetTickCount () returned 0x116bf50 [0173.122] malloc (_Size=0x64) returned 0x1d04b8 [0173.122] free (_Block=0x1d04b8) [0173.123] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0173.125] GetTickCount () returned 0x116bf60 [0173.125] malloc (_Size=0x64) returned 0x1d04b8 [0173.125] free (_Block=0x1d04b8) [0173.125] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0173.126] GetTickCount () returned 0x116bf60 [0173.126] malloc (_Size=0x64) returned 0x1d04b8 [0173.126] free (_Block=0x1d04b8) [0173.126] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0173.128] GetTickCount () returned 0x116bf60 [0173.128] malloc (_Size=0x64) returned 0x1d04b8 [0173.128] free (_Block=0x1d04b8) [0173.128] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0173.129] GetTickCount () returned 0x116bf60 [0173.130] malloc (_Size=0x64) returned 0x1d04b8 [0173.130] free (_Block=0x1d04b8) [0173.130] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0173.131] GetTickCount () returned 0x116bf60 [0173.131] malloc (_Size=0x64) returned 0x1d04b8 [0173.131] free (_Block=0x1d04b8) [0173.131] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1 [0173.133] GetTickCount () returned 0x116bf60 [0173.133] malloc (_Size=0x64) returned 0x1d04b8 [0173.133] free (_Block=0x1d04b8) [0173.133] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x380, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="uncle.exe")) returned 1 [0173.135] GetTickCount () returned 0x116bf60 [0173.135] malloc (_Size=0x64) returned 0x1d04b8 [0173.135] free (_Block=0x1d04b8) [0173.135] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="excitement.exe")) returned 1 [0173.137] GetTickCount () returned 0x116bf60 [0173.137] malloc (_Size=0x64) returned 0x1d04b8 [0173.137] free (_Block=0x1d04b8) [0173.138] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x550, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="holder.exe")) returned 1 [0173.156] GetTickCount () returned 0x116bf7f [0173.157] malloc (_Size=0x64) returned 0x1d04b8 [0173.157] free (_Block=0x1d04b8) [0173.157] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="passenger smoke author.exe")) returned 1 [0173.160] GetTickCount () returned 0x116bf7f [0173.160] malloc (_Size=0x64) returned 0x1d04b8 [0173.160] free (_Block=0x1d04b8) [0173.160] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="softball.exe")) returned 1 [0173.162] GetTickCount () returned 0x116bf7f [0173.162] malloc (_Size=0x64) returned 0x1d04b8 [0173.162] free (_Block=0x1d04b8) [0173.162] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="huge std.exe")) returned 1 [0173.163] GetTickCount () returned 0x116bf7f [0173.163] malloc (_Size=0x64) returned 0x1d04b8 [0173.164] free (_Block=0x1d04b8) [0173.164] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lone terrace.exe")) returned 1 [0173.165] GetTickCount () returned 0x116bf7f [0173.165] malloc (_Size=0x64) returned 0x1d04b8 [0173.165] free (_Block=0x1d04b8) [0173.165] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="poly-actually-kent.exe")) returned 1 [0173.167] GetTickCount () returned 0x116bf7f [0173.167] malloc (_Size=0x64) returned 0x1d04b8 [0173.167] free (_Block=0x1d04b8) [0173.167] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xab4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="inn project.exe")) returned 1 [0173.182] GetTickCount () returned 0x116bf8e [0173.182] malloc (_Size=0x64) returned 0x1d04b8 [0173.182] free (_Block=0x1d04b8) [0173.182] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="voluntaryfluidheating.exe")) returned 1 [0173.183] GetTickCount () returned 0x116bf8e [0173.183] malloc (_Size=0x64) returned 0x1d04b8 [0173.184] free (_Block=0x1d04b8) [0173.184] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="hamburg.exe")) returned 1 [0173.188] GetTickCount () returned 0x116bf9e [0173.188] malloc (_Size=0x64) returned 0x1d04b8 [0173.188] free (_Block=0x1d04b8) [0173.188] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="modules-recommend.exe")) returned 1 [0173.190] GetTickCount () returned 0x116bf9e [0173.190] malloc (_Size=0x64) returned 0x1d04b8 [0173.190] free (_Block=0x1d04b8) [0173.190] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="tamil.exe")) returned 1 [0173.193] GetTickCount () returned 0x116bf9e [0173.193] malloc (_Size=0x64) returned 0x1d04b8 [0173.193] free (_Block=0x1d04b8) [0173.193] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accounting-tunnel.exe")) returned 1 [0173.195] GetTickCount () returned 0x116bf9e [0173.195] malloc (_Size=0x64) returned 0x1d04b8 [0173.195] free (_Block=0x1d04b8) [0173.195] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="builder.exe")) returned 1 [0173.197] GetTickCount () returned 0x116bf9e [0173.197] malloc (_Size=0x64) returned 0x1d04b8 [0173.197] free (_Block=0x1d04b8) [0173.197] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="george.exe")) returned 1 [0173.199] GetTickCount () returned 0x116bf9e [0173.199] malloc (_Size=0x64) returned 0x1d04b8 [0173.199] free (_Block=0x1d04b8) [0173.199] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xde0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0173.200] GetTickCount () returned 0x116bf9e [0173.200] malloc (_Size=0x64) returned 0x1d04b8 [0173.200] free (_Block=0x1d04b8) [0173.201] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0173.202] GetTickCount () returned 0x116bfae [0173.202] malloc (_Size=0x64) returned 0x1d04b8 [0173.202] free (_Block=0x1d04b8) [0173.202] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0173.204] GetTickCount () returned 0x116bfae [0173.204] malloc (_Size=0x64) returned 0x1d04b8 [0173.204] free (_Block=0x1d04b8) [0173.204] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0173.205] GetTickCount () returned 0x116bfae [0173.206] malloc (_Size=0x64) returned 0x1d04b8 [0173.206] free (_Block=0x1d04b8) [0173.206] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0173.207] GetTickCount () returned 0x116bfae [0173.207] malloc (_Size=0x64) returned 0x1d04b8 [0173.207] free (_Block=0x1d04b8) [0173.207] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0173.209] GetTickCount () returned 0x116bfae [0173.209] malloc (_Size=0x64) returned 0x1d04b8 [0173.209] free (_Block=0x1d04b8) [0173.209] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0173.210] GetTickCount () returned 0x116bfae [0173.210] malloc (_Size=0x64) returned 0x1d04b8 [0173.210] free (_Block=0x1d04b8) [0173.210] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0173.212] GetTickCount () returned 0x116bfae [0173.212] malloc (_Size=0x64) returned 0x1d04b8 [0173.212] free (_Block=0x1d04b8) [0173.212] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0173.213] GetTickCount () returned 0x116bfae [0173.213] malloc (_Size=0x64) returned 0x1d04b8 [0173.213] free (_Block=0x1d04b8) [0173.213] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0173.214] GetTickCount () returned 0x116bfae [0173.214] malloc (_Size=0x64) returned 0x1d04b8 [0173.214] free (_Block=0x1d04b8) [0173.214] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0173.216] GetTickCount () returned 0x116bfae [0173.216] malloc (_Size=0x64) returned 0x1d04b8 [0173.216] free (_Block=0x1d04b8) [0173.216] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0173.233] GetTickCount () returned 0x116bfcd [0173.233] malloc (_Size=0x64) returned 0x1d04b8 [0173.233] free (_Block=0x1d04b8) [0173.233] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0173.235] GetTickCount () returned 0x116bfcd [0173.235] malloc (_Size=0x64) returned 0x1d04b8 [0173.236] free (_Block=0x1d04b8) [0173.236] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0173.237] GetTickCount () returned 0x116bfcd [0173.238] malloc (_Size=0x64) returned 0x1d04b8 [0173.238] free (_Block=0x1d04b8) [0173.238] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0173.239] GetTickCount () returned 0x116bfcd [0173.239] malloc (_Size=0x64) returned 0x1d04b8 [0173.239] free (_Block=0x1d04b8) [0173.239] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0173.241] GetTickCount () returned 0x116bfcd [0173.241] malloc (_Size=0x64) returned 0x1d04b8 [0173.241] free (_Block=0x1d04b8) [0173.241] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0173.243] GetTickCount () returned 0x116bfcd [0173.243] malloc (_Size=0x64) returned 0x1d04b8 [0173.243] free (_Block=0x1d04b8) [0173.243] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0173.245] GetTickCount () returned 0x116bfcd [0173.245] malloc (_Size=0x64) returned 0x1d04b8 [0173.245] free (_Block=0x1d04b8) [0173.245] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0173.247] GetTickCount () returned 0x116bfcd [0173.247] malloc (_Size=0x64) returned 0x1d04b8 [0173.247] free (_Block=0x1d04b8) [0173.247] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0173.249] GetTickCount () returned 0x116bfdd [0173.249] malloc (_Size=0x64) returned 0x1d04b8 [0173.249] free (_Block=0x1d04b8) [0173.249] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xee8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0173.250] GetTickCount () returned 0x116bfdd [0173.251] malloc (_Size=0x64) returned 0x1d04b8 [0173.251] free (_Block=0x1d04b8) [0173.251] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0173.252] GetTickCount () returned 0x116bfdd [0173.252] malloc (_Size=0x64) returned 0x1d04b8 [0173.252] free (_Block=0x1d04b8) [0173.252] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0173.254] GetTickCount () returned 0x116bfdd [0173.254] malloc (_Size=0x64) returned 0x1d04b8 [0173.254] free (_Block=0x1d04b8) [0173.254] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0173.256] GetTickCount () returned 0x116bfdd [0173.256] malloc (_Size=0x64) returned 0x1d04b8 [0173.257] free (_Block=0x1d04b8) [0173.257] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0173.258] GetTickCount () returned 0x116bfdd [0173.258] malloc (_Size=0x64) returned 0x1d04b8 [0173.258] free (_Block=0x1d04b8) [0173.258] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0173.260] GetTickCount () returned 0x116bfdd [0173.260] malloc (_Size=0x64) returned 0x1d04b8 [0173.260] free (_Block=0x1d04b8) [0173.260] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0173.262] GetTickCount () returned 0x116bfdd [0173.262] malloc (_Size=0x64) returned 0x1d04b8 [0173.262] free (_Block=0x1d04b8) [0173.262] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0173.263] GetTickCount () returned 0x116bfdd [0173.264] malloc (_Size=0x64) returned 0x1d04b8 [0173.264] free (_Block=0x1d04b8) [0173.264] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0173.266] GetTickCount () returned 0x116bfec [0173.266] malloc (_Size=0x64) returned 0x1d04b8 [0173.266] free (_Block=0x1d04b8) [0173.266] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0173.267] GetTickCount () returned 0x116bfec [0173.267] malloc (_Size=0x64) returned 0x1d04b8 [0173.267] free (_Block=0x1d04b8) [0173.267] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xff8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0173.269] GetTickCount () returned 0x116bfec [0173.269] malloc (_Size=0x64) returned 0x1d04b8 [0173.269] free (_Block=0x1d04b8) [0173.269] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x764, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0173.271] GetTickCount () returned 0x116bfec [0173.271] malloc (_Size=0x64) returned 0x1d04b8 [0173.271] free (_Block=0x1d04b8) [0173.271] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0173.272] GetTickCount () returned 0x116bfec [0173.272] malloc (_Size=0x64) returned 0x1d04b8 [0173.272] free (_Block=0x1d04b8) [0173.272] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0173.274] GetTickCount () returned 0x116bfec [0173.274] malloc (_Size=0x64) returned 0x1d04b8 [0173.274] free (_Block=0x1d04b8) [0173.274] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0173.292] GetTickCount () returned 0x116bffc [0173.292] malloc (_Size=0x64) returned 0x1d04b8 [0173.292] free (_Block=0x1d04b8) [0173.292] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0173.294] GetTickCount () returned 0x116bffc [0173.294] malloc (_Size=0x64) returned 0x1d04b8 [0173.294] free (_Block=0x1d04b8) [0173.294] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0173.299] GetTickCount () returned 0x116c00b [0173.299] malloc (_Size=0x64) returned 0x1d04b8 [0173.299] free (_Block=0x1d04b8) [0173.299] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0173.301] GetTickCount () returned 0x116c00b [0173.301] malloc (_Size=0x64) returned 0x1d04b8 [0173.301] free (_Block=0x1d04b8) [0173.301] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0173.302] GetTickCount () returned 0x116c00b [0173.302] malloc (_Size=0x64) returned 0x1d04b8 [0173.302] free (_Block=0x1d04b8) [0173.302] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0173.304] GetTickCount () returned 0x116c00b [0173.304] malloc (_Size=0x64) returned 0x1d04b8 [0173.304] free (_Block=0x1d04b8) [0173.304] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0173.306] GetTickCount () returned 0x116c00b [0173.306] malloc (_Size=0x64) returned 0x1d04b8 [0173.306] free (_Block=0x1d04b8) [0173.306] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xfe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0173.309] GetTickCount () returned 0x116c00b [0173.309] malloc (_Size=0x64) returned 0x1d04b8 [0173.309] free (_Block=0x1d04b8) [0173.309] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xfdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0173.312] GetTickCount () returned 0x116c01b [0173.312] malloc (_Size=0x64) returned 0x1d04b8 [0173.312] free (_Block=0x1d04b8) [0173.312] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0173.314] GetTickCount () returned 0x116c01b [0173.314] malloc (_Size=0x64) returned 0x1d04b8 [0173.314] free (_Block=0x1d04b8) [0173.314] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="soldiers_operation.exe")) returned 1 [0173.315] GetTickCount () returned 0x116c01b [0173.315] malloc (_Size=0x64) returned 0x1d04b8 [0173.315] free (_Block=0x1d04b8) [0173.315] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="andrea summit.exe")) returned 1 [0173.317] GetTickCount () returned 0x116c01b [0173.317] malloc (_Size=0x64) returned 0x1d04b8 [0173.317] free (_Block=0x1d04b8) [0173.317] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1008, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="memo playing intl.exe")) returned 1 [0173.318] GetTickCount () returned 0x116c01b [0173.319] malloc (_Size=0x64) returned 0x1d04b8 [0173.319] free (_Block=0x1d04b8) [0173.319] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bonds_chorus.exe")) returned 1 [0173.320] GetTickCount () returned 0x116c01b [0173.320] malloc (_Size=0x64) returned 0x1d04b8 [0173.320] free (_Block=0x1d04b8) [0173.320] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0173.322] GetTickCount () returned 0x116c01b [0173.322] malloc (_Size=0x64) returned 0x1d04b8 [0173.322] free (_Block=0x1d04b8) [0173.322] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.324] GetTickCount () returned 0x116c01b [0173.324] malloc (_Size=0x64) returned 0x1d04b8 [0173.324] free (_Block=0x1d04b8) [0173.324] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0173.325] GetTickCount () returned 0x116c01b [0173.325] malloc (_Size=0x64) returned 0x1d04b8 [0173.325] free (_Block=0x1d04b8) [0173.326] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x11e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0173.327] GetTickCount () returned 0x116c02b [0173.327] malloc (_Size=0x64) returned 0x1d04b8 [0173.327] free (_Block=0x1d04b8) [0173.327] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x11fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0173.328] GetTickCount () returned 0x116c02b [0173.328] malloc (_Size=0x64) returned 0x1d04b8 [0173.328] free (_Block=0x1d04b8) [0173.328] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x120c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0173.330] GetTickCount () returned 0x116c02b [0173.330] malloc (_Size=0x64) returned 0x1d04b8 [0173.330] free (_Block=0x1d04b8) [0173.330] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x11fc, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0173.331] GetTickCount () returned 0x116c02b [0173.331] malloc (_Size=0x64) returned 0x1d04b8 [0173.331] free (_Block=0x1d04b8) [0173.331] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="????? ????????? ?? 365 ????.exe")) returned 1 [0173.333] GetTickCount () returned 0x116c02b [0173.333] malloc (_Size=0x64) returned 0x1d04b8 [0173.333] free (_Block=0x1d04b8) [0173.333] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1090, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0173.334] GetTickCount () returned 0x116c02b [0173.334] malloc (_Size=0x64) returned 0x1d04b8 [0173.334] free (_Block=0x1d04b8) [0173.334] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0173.335] GetTickCount () returned 0x116c02b [0173.335] malloc (_Size=0x64) returned 0x1d04b8 [0173.335] free (_Block=0x1d04b8) [0173.335] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x760, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0173.336] GetTickCount () returned 0x116c02b [0173.336] malloc (_Size=0x64) returned 0x1d04b8 [0173.336] free (_Block=0x1d04b8) [0173.336] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1134, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0173.391] GetTickCount () returned 0x116c069 [0173.391] malloc (_Size=0x64) returned 0x1d04b8 [0173.391] free (_Block=0x1d04b8) [0173.391] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xa10, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0173.393] GetTickCount () returned 0x116c069 [0173.393] malloc (_Size=0x64) returned 0x1d04b8 [0173.393] free (_Block=0x1d04b8) [0173.393] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xfb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0xa10, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0173.394] GetTickCount () returned 0x116c069 [0173.394] malloc (_Size=0x64) returned 0x1d04b8 [0173.394] free (_Block=0x1d04b8) [0173.394] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="sc.exe")) returned 1 [0173.396] GetTickCount () returned 0x116c069 [0173.396] malloc (_Size=0x64) returned 0x1d04b8 [0173.396] free (_Block=0x1d04b8) [0173.396] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xa8c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0173.398] GetTickCount () returned 0x116c069 [0173.398] malloc (_Size=0x64) returned 0x1d04b8 [0173.398] free (_Block=0x1d04b8) [0173.398] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0173.399] GetTickCount () returned 0x116c069 [0173.399] malloc (_Size=0x64) returned 0x1d04b8 [0173.399] free (_Block=0x1d04b8) [0173.399] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0173.401] GetTickCount () returned 0x116c069 [0173.401] malloc (_Size=0x64) returned 0x1d04b8 [0173.401] free (_Block=0x1d04b8) [0173.401] Process32Next (in: hSnapshot=0x404, lppe=0x19fab4 | out: lppe=0x19fab4*(dwSize=0x128, cntUsage=0x80, th32ProcessID=0x1e, th32DefaultHeapID=0x10000010, th32ModuleID=0x1d0284, cntThreads=0x9, th32ParentProcessID=0x2a4, pcPriClassBase=1900544, dwFlags=0xe, szExeFile="Wmp")) returned 0 [0173.401] GetTickCount () returned 0x116c069 [0173.401] Thread32First (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.402] malloc (_Size=0x64) returned 0x1d04b8 [0173.403] free (_Block=0x1d04b8) [0173.403] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.404] GetTickCount () returned 0x116c069 [0173.404] malloc (_Size=0x64) returned 0x1d04b8 [0173.404] free (_Block=0x1d04b8) [0173.404] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.406] GetTickCount () returned 0x116c079 [0173.406] malloc (_Size=0x64) returned 0x1d04b8 [0173.406] free (_Block=0x1d04b8) [0173.406] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.408] GetTickCount () returned 0x116c079 [0173.408] malloc (_Size=0x64) returned 0x1d04b8 [0173.408] free (_Block=0x1d04b8) [0173.408] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.409] GetTickCount () returned 0x116c079 [0173.409] malloc (_Size=0x64) returned 0x1d04b8 [0173.409] free (_Block=0x1d04b8) [0173.409] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.411] GetTickCount () returned 0x116c079 [0173.411] malloc (_Size=0x64) returned 0x1d04b8 [0173.411] free (_Block=0x1d04b8) [0173.411] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.412] GetTickCount () returned 0x116c079 [0173.412] malloc (_Size=0x64) returned 0x1d04b8 [0173.412] free (_Block=0x1d04b8) [0173.412] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.414] GetTickCount () returned 0x116c079 [0173.414] malloc (_Size=0x64) returned 0x1d04b8 [0173.414] free (_Block=0x1d04b8) [0173.414] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.415] GetTickCount () returned 0x116c079 [0173.415] malloc (_Size=0x64) returned 0x1d04b8 [0173.416] free (_Block=0x1d04b8) [0173.416] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.417] GetTickCount () returned 0x116c079 [0173.417] malloc (_Size=0x64) returned 0x1d04b8 [0173.417] free (_Block=0x1d04b8) [0173.417] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.418] GetTickCount () returned 0x116c079 [0173.418] malloc (_Size=0x64) returned 0x1d04b8 [0173.418] free (_Block=0x1d04b8) [0173.418] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.420] GetTickCount () returned 0x116c088 [0173.420] malloc (_Size=0x64) returned 0x1d04b8 [0173.420] free (_Block=0x1d04b8) [0173.420] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.421] GetTickCount () returned 0x116c088 [0173.421] malloc (_Size=0x64) returned 0x1d04b8 [0173.422] free (_Block=0x1d04b8) [0173.422] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.423] GetTickCount () returned 0x116c088 [0173.423] malloc (_Size=0x64) returned 0x1d04b8 [0173.423] free (_Block=0x1d04b8) [0173.423] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.424] GetTickCount () returned 0x116c088 [0173.424] malloc (_Size=0x64) returned 0x1d04b8 [0173.424] free (_Block=0x1d04b8) [0173.424] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.425] GetTickCount () returned 0x116c088 [0173.425] malloc (_Size=0x64) returned 0x1d04b8 [0173.425] free (_Block=0x1d04b8) [0173.426] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.427] GetTickCount () returned 0x116c088 [0173.427] malloc (_Size=0x64) returned 0x1d04b8 [0173.427] free (_Block=0x1d04b8) [0173.427] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.428] GetTickCount () returned 0x116c088 [0173.428] malloc (_Size=0x64) returned 0x1d04b8 [0173.428] free (_Block=0x1d04b8) [0173.428] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.430] GetTickCount () returned 0x116c088 [0173.430] malloc (_Size=0x64) returned 0x1d04b8 [0173.430] free (_Block=0x1d04b8) [0173.430] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.432] GetTickCount () returned 0x116c088 [0173.432] malloc (_Size=0x64) returned 0x1d04b8 [0173.432] free (_Block=0x1d04b8) [0173.432] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.439] GetTickCount () returned 0x116c098 [0173.439] malloc (_Size=0x64) returned 0x1d04b8 [0173.439] free (_Block=0x1d04b8) [0173.439] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.440] GetTickCount () returned 0x116c098 [0173.440] malloc (_Size=0x64) returned 0x1d04b8 [0173.440] free (_Block=0x1d04b8) [0173.440] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.441] GetTickCount () returned 0x116c098 [0173.441] malloc (_Size=0x64) returned 0x1d04b8 [0173.441] free (_Block=0x1d04b8) [0173.441] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.442] GetTickCount () returned 0x116c098 [0173.442] malloc (_Size=0x64) returned 0x1d04b8 [0173.442] free (_Block=0x1d04b8) [0173.442] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.444] GetTickCount () returned 0x116c098 [0173.444] malloc (_Size=0x64) returned 0x1d04b8 [0173.444] free (_Block=0x1d04b8) [0173.444] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.445] GetTickCount () returned 0x116c098 [0173.445] malloc (_Size=0x64) returned 0x1d04b8 [0173.445] free (_Block=0x1d04b8) [0173.445] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.446] GetTickCount () returned 0x116c098 [0173.446] malloc (_Size=0x64) returned 0x1d04b8 [0173.446] free (_Block=0x1d04b8) [0173.446] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.448] GetTickCount () returned 0x116c098 [0173.448] malloc (_Size=0x64) returned 0x1d04b8 [0173.448] free (_Block=0x1d04b8) [0173.448] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.449] GetTickCount () returned 0x116c098 [0173.449] malloc (_Size=0x64) returned 0x1d04b8 [0173.449] free (_Block=0x1d04b8) [0173.449] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.451] GetTickCount () returned 0x116c0a8 [0173.451] malloc (_Size=0x64) returned 0x1d04b8 [0173.451] free (_Block=0x1d04b8) [0173.451] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.453] GetTickCount () returned 0x116c0a8 [0173.453] malloc (_Size=0x64) returned 0x1d04b8 [0173.453] free (_Block=0x1d04b8) [0173.453] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.455] GetTickCount () returned 0x116c0a8 [0173.455] malloc (_Size=0x64) returned 0x1d04b8 [0173.455] free (_Block=0x1d04b8) [0173.455] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.456] GetTickCount () returned 0x116c0a8 [0173.456] malloc (_Size=0x64) returned 0x1d04b8 [0173.456] free (_Block=0x1d04b8) [0173.456] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.457] GetTickCount () returned 0x116c0a8 [0173.457] malloc (_Size=0x64) returned 0x1d04b8 [0173.457] free (_Block=0x1d04b8) [0173.457] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.458] GetTickCount () returned 0x116c0a8 [0173.458] malloc (_Size=0x64) returned 0x1d04b8 [0173.459] free (_Block=0x1d04b8) [0173.459] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.460] GetTickCount () returned 0x116c0a8 [0173.460] malloc (_Size=0x64) returned 0x1d04b8 [0173.460] free (_Block=0x1d04b8) [0173.460] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.462] GetTickCount () returned 0x116c0a8 [0173.462] malloc (_Size=0x64) returned 0x1d04b8 [0173.462] free (_Block=0x1d04b8) [0173.462] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.464] GetTickCount () returned 0x116c0a8 [0173.464] malloc (_Size=0x64) returned 0x1d04b8 [0173.464] free (_Block=0x1d04b8) [0173.464] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.465] GetTickCount () returned 0x116c0a8 [0173.465] malloc (_Size=0x64) returned 0x1d04b8 [0173.466] free (_Block=0x1d04b8) [0173.466] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.468] GetTickCount () returned 0x116c0b7 [0173.468] malloc (_Size=0x64) returned 0x1d04b8 [0173.468] free (_Block=0x1d04b8) [0173.468] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.469] GetTickCount () returned 0x116c0b7 [0173.469] malloc (_Size=0x64) returned 0x1d04b8 [0173.470] free (_Block=0x1d04b8) [0173.470] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.471] GetTickCount () returned 0x116c0b7 [0173.471] malloc (_Size=0x64) returned 0x1d04b8 [0173.471] free (_Block=0x1d04b8) [0173.471] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.472] GetTickCount () returned 0x116c0b7 [0173.472] malloc (_Size=0x64) returned 0x1d04b8 [0173.472] free (_Block=0x1d04b8) [0173.472] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.473] GetTickCount () returned 0x116c0b7 [0173.473] malloc (_Size=0x64) returned 0x1d04b8 [0173.473] free (_Block=0x1d04b8) [0173.473] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.475] GetTickCount () returned 0x116c0b7 [0173.475] malloc (_Size=0x64) returned 0x1d04b8 [0173.475] free (_Block=0x1d04b8) [0173.475] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.486] GetTickCount () returned 0x116c0c7 [0173.487] malloc (_Size=0x64) returned 0x1d04b8 [0173.487] free (_Block=0x1d04b8) [0173.487] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.488] GetTickCount () returned 0x116c0c7 [0173.488] malloc (_Size=0x64) returned 0x1d04b8 [0173.488] free (_Block=0x1d04b8) [0173.488] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.489] GetTickCount () returned 0x116c0c7 [0173.489] malloc (_Size=0x64) returned 0x1d04b8 [0173.489] free (_Block=0x1d04b8) [0173.489] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.490] GetTickCount () returned 0x116c0c7 [0173.490] malloc (_Size=0x64) returned 0x1d04b8 [0173.490] free (_Block=0x1d04b8) [0173.491] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.492] GetTickCount () returned 0x116c0c7 [0173.492] malloc (_Size=0x64) returned 0x1d04b8 [0173.492] free (_Block=0x1d04b8) [0173.492] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.493] GetTickCount () returned 0x116c0c7 [0173.493] malloc (_Size=0x64) returned 0x1d04b8 [0173.493] free (_Block=0x1d04b8) [0173.493] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.494] GetTickCount () returned 0x116c0c7 [0173.494] malloc (_Size=0x64) returned 0x1d04b8 [0173.494] free (_Block=0x1d04b8) [0173.495] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.495] GetTickCount () returned 0x116c0c7 [0173.496] malloc (_Size=0x64) returned 0x1d04b8 [0173.496] free (_Block=0x1d04b8) [0173.496] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.497] GetTickCount () returned 0x116c0c7 [0173.497] malloc (_Size=0x64) returned 0x1d04b8 [0173.497] free (_Block=0x1d04b8) [0173.497] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.498] GetTickCount () returned 0x116c0d7 [0173.498] malloc (_Size=0x64) returned 0x1d04b8 [0173.498] free (_Block=0x1d04b8) [0173.498] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.499] GetTickCount () returned 0x116c0d7 [0173.499] malloc (_Size=0x64) returned 0x1d04b8 [0173.500] free (_Block=0x1d04b8) [0173.500] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.501] GetTickCount () returned 0x116c0d7 [0173.501] malloc (_Size=0x64) returned 0x1d04b8 [0173.501] free (_Block=0x1d04b8) [0173.501] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.502] GetTickCount () returned 0x116c0d7 [0173.502] malloc (_Size=0x64) returned 0x1d04b8 [0173.502] free (_Block=0x1d04b8) [0173.503] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.503] GetTickCount () returned 0x116c0d7 [0173.503] malloc (_Size=0x64) returned 0x1d04b8 [0173.504] free (_Block=0x1d04b8) [0173.504] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.505] GetTickCount () returned 0x116c0d7 [0173.505] malloc (_Size=0x64) returned 0x1d04b8 [0173.505] free (_Block=0x1d04b8) [0173.505] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.507] GetTickCount () returned 0x116c0d7 [0173.507] malloc (_Size=0x64) returned 0x1d04b8 [0173.507] free (_Block=0x1d04b8) [0173.507] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.508] GetTickCount () returned 0x116c0d7 [0173.508] malloc (_Size=0x64) returned 0x1d04b8 [0173.508] free (_Block=0x1d04b8) [0173.508] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.510] GetTickCount () returned 0x116c0d7 [0173.510] malloc (_Size=0x64) returned 0x1d04b8 [0173.510] free (_Block=0x1d04b8) [0173.510] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.511] GetTickCount () returned 0x116c0d7 [0173.511] malloc (_Size=0x64) returned 0x1d04b8 [0173.511] free (_Block=0x1d04b8) [0173.511] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.513] GetTickCount () returned 0x116c0d7 [0173.513] malloc (_Size=0x64) returned 0x1d04b8 [0173.513] free (_Block=0x1d04b8) [0173.513] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.514] GetTickCount () returned 0x116c0e6 [0173.514] malloc (_Size=0x64) returned 0x1d04b8 [0173.514] free (_Block=0x1d04b8) [0173.514] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.515] GetTickCount () returned 0x116c0e6 [0173.515] malloc (_Size=0x64) returned 0x1d04b8 [0173.515] free (_Block=0x1d04b8) [0173.515] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.516] GetTickCount () returned 0x116c0e6 [0173.517] malloc (_Size=0x64) returned 0x1d04b8 [0173.517] free (_Block=0x1d04b8) [0173.517] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.518] GetTickCount () returned 0x116c0e6 [0173.518] malloc (_Size=0x64) returned 0x1d04b8 [0173.518] free (_Block=0x1d04b8) [0173.518] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.519] GetTickCount () returned 0x116c0e6 [0173.519] malloc (_Size=0x64) returned 0x1d04b8 [0173.519] free (_Block=0x1d04b8) [0173.519] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.521] GetTickCount () returned 0x116c0e6 [0173.521] malloc (_Size=0x64) returned 0x1d04b8 [0173.522] free (_Block=0x1d04b8) [0173.522] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.523] GetTickCount () returned 0x116c0e6 [0173.523] malloc (_Size=0x64) returned 0x1d04b8 [0173.523] free (_Block=0x1d04b8) [0173.523] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.524] GetTickCount () returned 0x116c0e6 [0173.524] malloc (_Size=0x64) returned 0x1d04b8 [0173.524] free (_Block=0x1d04b8) [0173.524] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.525] GetTickCount () returned 0x116c0e6 [0173.525] malloc (_Size=0x64) returned 0x1d04b8 [0173.525] free (_Block=0x1d04b8) [0173.525] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.526] GetTickCount () returned 0x116c0e6 [0173.526] malloc (_Size=0x64) returned 0x1d04b8 [0173.527] free (_Block=0x1d04b8) [0173.527] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.528] GetTickCount () returned 0x116c0e6 [0173.528] malloc (_Size=0x64) returned 0x1d04b8 [0173.528] free (_Block=0x1d04b8) [0173.528] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.533] GetTickCount () returned 0x116c0f6 [0173.533] malloc (_Size=0x64) returned 0x1d04b8 [0173.533] free (_Block=0x1d04b8) [0173.533] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.534] GetTickCount () returned 0x116c0f6 [0173.535] malloc (_Size=0x64) returned 0x1d04b8 [0173.535] free (_Block=0x1d04b8) [0173.535] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.536] GetTickCount () returned 0x116c0f6 [0173.536] malloc (_Size=0x64) returned 0x1d04b8 [0173.536] free (_Block=0x1d04b8) [0173.536] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.537] GetTickCount () returned 0x116c0f6 [0173.537] malloc (_Size=0x64) returned 0x1d04b8 [0173.537] free (_Block=0x1d04b8) [0173.537] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.538] GetTickCount () returned 0x116c0f6 [0173.538] malloc (_Size=0x64) returned 0x1d04b8 [0173.538] free (_Block=0x1d04b8) [0173.538] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.540] GetTickCount () returned 0x116c0f6 [0173.540] malloc (_Size=0x64) returned 0x1d04b8 [0173.540] free (_Block=0x1d04b8) [0173.540] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.541] GetTickCount () returned 0x116c0f6 [0173.541] malloc (_Size=0x64) returned 0x1d04b8 [0173.541] free (_Block=0x1d04b8) [0173.541] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.543] GetTickCount () returned 0x116c0f6 [0173.543] malloc (_Size=0x64) returned 0x1d04b8 [0173.543] free (_Block=0x1d04b8) [0173.543] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.544] GetTickCount () returned 0x116c0f6 [0173.544] malloc (_Size=0x64) returned 0x1d04b8 [0173.544] free (_Block=0x1d04b8) [0173.544] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.546] GetTickCount () returned 0x116c105 [0173.546] malloc (_Size=0x64) returned 0x1d04b8 [0173.546] free (_Block=0x1d04b8) [0173.546] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.548] GetTickCount () returned 0x116c105 [0173.548] malloc (_Size=0x64) returned 0x1d04b8 [0173.548] free (_Block=0x1d04b8) [0173.548] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.549] GetTickCount () returned 0x116c105 [0173.549] malloc (_Size=0x64) returned 0x1d04b8 [0173.549] free (_Block=0x1d04b8) [0173.549] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.550] GetTickCount () returned 0x116c105 [0173.550] malloc (_Size=0x64) returned 0x1d04b8 [0173.550] free (_Block=0x1d04b8) [0173.550] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.552] GetTickCount () returned 0x116c105 [0173.552] malloc (_Size=0x64) returned 0x1d04b8 [0173.552] free (_Block=0x1d04b8) [0173.552] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.554] GetTickCount () returned 0x116c105 [0173.554] malloc (_Size=0x64) returned 0x1d04b8 [0173.554] free (_Block=0x1d04b8) [0173.554] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.556] GetTickCount () returned 0x116c105 [0173.556] malloc (_Size=0x64) returned 0x1d04b8 [0173.556] free (_Block=0x1d04b8) [0173.556] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.558] GetTickCount () returned 0x116c105 [0173.558] malloc (_Size=0x64) returned 0x1d04b8 [0173.558] free (_Block=0x1d04b8) [0173.558] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.559] GetTickCount () returned 0x116c105 [0173.559] malloc (_Size=0x64) returned 0x1d04b8 [0173.559] free (_Block=0x1d04b8) [0173.559] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.562] GetTickCount () returned 0x116c115 [0173.562] malloc (_Size=0x64) returned 0x1d04b8 [0173.562] free (_Block=0x1d04b8) [0173.562] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.564] GetTickCount () returned 0x116c115 [0173.564] malloc (_Size=0x64) returned 0x1d04b8 [0173.564] free (_Block=0x1d04b8) [0173.564] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.565] GetTickCount () returned 0x116c115 [0173.565] malloc (_Size=0x64) returned 0x1d04b8 [0173.565] free (_Block=0x1d04b8) [0173.565] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.567] GetTickCount () returned 0x116c115 [0173.567] malloc (_Size=0x64) returned 0x1d04b8 [0173.567] free (_Block=0x1d04b8) [0173.567] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.568] GetTickCount () returned 0x116c115 [0173.568] malloc (_Size=0x64) returned 0x1d04b8 [0173.568] free (_Block=0x1d04b8) [0173.568] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.570] GetTickCount () returned 0x116c115 [0173.570] malloc (_Size=0x64) returned 0x1d04b8 [0173.570] free (_Block=0x1d04b8) [0173.570] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.626] GetTickCount () returned 0x116c154 [0173.626] malloc (_Size=0x64) returned 0x1d04b8 [0173.627] free (_Block=0x1d04b8) [0173.627] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.628] GetTickCount () returned 0x116c154 [0173.628] malloc (_Size=0x64) returned 0x1d04b8 [0173.628] free (_Block=0x1d04b8) [0173.629] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.630] GetTickCount () returned 0x116c154 [0173.630] malloc (_Size=0x64) returned 0x1d04b8 [0173.630] free (_Block=0x1d04b8) [0173.631] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.632] GetTickCount () returned 0x116c154 [0173.632] malloc (_Size=0x64) returned 0x1d04b8 [0173.633] free (_Block=0x1d04b8) [0173.633] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.634] GetTickCount () returned 0x116c154 [0173.634] malloc (_Size=0x64) returned 0x1d04b8 [0173.634] free (_Block=0x1d04b8) [0173.634] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.636] GetTickCount () returned 0x116c154 [0173.636] malloc (_Size=0x64) returned 0x1d04b8 [0173.636] free (_Block=0x1d04b8) [0173.636] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.637] GetTickCount () returned 0x116c154 [0173.637] malloc (_Size=0x64) returned 0x1d04b8 [0173.637] free (_Block=0x1d04b8) [0173.637] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.639] GetTickCount () returned 0x116c163 [0173.639] malloc (_Size=0x64) returned 0x1d04b8 [0173.639] free (_Block=0x1d04b8) [0173.639] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.640] GetTickCount () returned 0x116c163 [0173.640] malloc (_Size=0x64) returned 0x1d04b8 [0173.640] free (_Block=0x1d04b8) [0173.640] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.641] GetTickCount () returned 0x116c163 [0173.641] malloc (_Size=0x64) returned 0x1d04b8 [0173.641] free (_Block=0x1d04b8) [0173.642] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.643] GetTickCount () returned 0x116c163 [0173.643] malloc (_Size=0x64) returned 0x1d04b8 [0173.643] free (_Block=0x1d04b8) [0173.643] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.644] GetTickCount () returned 0x116c163 [0173.644] malloc (_Size=0x64) returned 0x1d04b8 [0173.644] free (_Block=0x1d04b8) [0173.644] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.645] GetTickCount () returned 0x116c163 [0173.645] malloc (_Size=0x64) returned 0x1d04b8 [0173.645] free (_Block=0x1d04b8) [0173.645] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.646] GetTickCount () returned 0x116c163 [0173.646] malloc (_Size=0x64) returned 0x1d04b8 [0173.646] free (_Block=0x1d04b8) [0173.646] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.647] GetTickCount () returned 0x116c163 [0173.647] malloc (_Size=0x64) returned 0x1d04b8 [0173.648] free (_Block=0x1d04b8) [0173.648] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.649] GetTickCount () returned 0x116c163 [0173.649] malloc (_Size=0x64) returned 0x1d04b8 [0173.649] free (_Block=0x1d04b8) [0173.649] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.650] GetTickCount () returned 0x116c163 [0173.650] malloc (_Size=0x64) returned 0x1d04b8 [0173.650] free (_Block=0x1d04b8) [0173.650] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.651] GetTickCount () returned 0x116c163 [0173.651] malloc (_Size=0x64) returned 0x1d04b8 [0173.651] free (_Block=0x1d04b8) [0173.651] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.652] GetTickCount () returned 0x116c163 [0173.652] malloc (_Size=0x64) returned 0x1d04b8 [0173.652] free (_Block=0x1d04b8) [0173.652] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.653] GetTickCount () returned 0x116c163 [0173.653] malloc (_Size=0x64) returned 0x1d04b8 [0173.653] free (_Block=0x1d04b8) [0173.653] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.654] GetTickCount () returned 0x116c163 [0173.654] malloc (_Size=0x64) returned 0x1d04b8 [0173.654] free (_Block=0x1d04b8) [0173.654] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.655] GetTickCount () returned 0x116c173 [0173.655] malloc (_Size=0x64) returned 0x1d04b8 [0173.655] free (_Block=0x1d04b8) [0173.655] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.656] GetTickCount () returned 0x116c173 [0173.656] malloc (_Size=0x64) returned 0x1d04b8 [0173.656] free (_Block=0x1d04b8) [0173.656] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.657] GetTickCount () returned 0x116c173 [0173.657] malloc (_Size=0x64) returned 0x1d04b8 [0173.658] free (_Block=0x1d04b8) [0173.658] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.659] GetTickCount () returned 0x116c173 [0173.659] malloc (_Size=0x64) returned 0x1d04b8 [0173.659] free (_Block=0x1d04b8) [0173.659] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.661] GetTickCount () returned 0x116c173 [0173.661] malloc (_Size=0x64) returned 0x1d04b8 [0173.661] free (_Block=0x1d04b8) [0173.661] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.663] GetTickCount () returned 0x116c173 [0173.663] malloc (_Size=0x64) returned 0x1d04b8 [0173.663] free (_Block=0x1d04b8) [0173.663] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.664] GetTickCount () returned 0x116c173 [0173.664] malloc (_Size=0x64) returned 0x1d04b8 [0173.665] free (_Block=0x1d04b8) [0173.665] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.666] GetTickCount () returned 0x116c173 [0173.667] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.669] GetTickCount () returned 0x116c173 [0173.669] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.689] GetTickCount () returned 0x116c192 [0173.689] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.691] GetTickCount () returned 0x116c192 [0173.691] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.693] GetTickCount () returned 0x116c192 [0173.693] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.694] GetTickCount () returned 0x116c192 [0173.694] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.696] GetTickCount () returned 0x116c192 [0173.696] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.697] GetTickCount () returned 0x116c192 [0173.698] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.699] GetTickCount () returned 0x116c192 [0173.699] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.701] GetTickCount () returned 0x116c1a2 [0173.701] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.703] GetTickCount () returned 0x116c1a2 [0173.703] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.705] GetTickCount () returned 0x116c1a2 [0173.705] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.707] GetTickCount () returned 0x116c1a2 [0173.707] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.708] GetTickCount () returned 0x116c1a2 [0173.708] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.710] GetTickCount () returned 0x116c1a2 [0173.710] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.711] GetTickCount () returned 0x116c1a2 [0173.711] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.713] GetTickCount () returned 0x116c1a2 [0173.713] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.714] GetTickCount () returned 0x116c1a2 [0173.714] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.716] GetTickCount () returned 0x116c1a2 [0173.716] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.718] GetTickCount () returned 0x116c1b1 [0173.718] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.720] GetTickCount () returned 0x116c1b1 [0173.720] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.721] GetTickCount () returned 0x116c1b1 [0173.721] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.723] GetTickCount () returned 0x116c1b1 [0173.723] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.724] GetTickCount () returned 0x116c1b1 [0173.724] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.726] GetTickCount () returned 0x116c1b1 [0173.726] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.727] GetTickCount () returned 0x116c1b1 [0173.727] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.728] GetTickCount () returned 0x116c1b1 [0173.728] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.730] GetTickCount () returned 0x116c1b1 [0173.730] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.776] GetTickCount () returned 0x116c1e0 [0173.776] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.777] GetTickCount () returned 0x116c1e0 [0173.777] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.780] GetTickCount () returned 0x116c1f0 [0173.780] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.782] GetTickCount () returned 0x116c1f0 [0173.782] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.783] GetTickCount () returned 0x116c1f0 [0173.783] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.784] GetTickCount () returned 0x116c1f0 [0173.785] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.786] GetTickCount () returned 0x116c1f0 [0173.786] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.788] GetTickCount () returned 0x116c1f0 [0173.788] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.791] GetTickCount () returned 0x116c1f0 [0173.791] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.792] GetTickCount () returned 0x116c1f0 [0173.792] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.794] GetTickCount () returned 0x116c1f0 [0173.794] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.796] GetTickCount () returned 0x116c1ff [0173.796] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.798] GetTickCount () returned 0x116c1ff [0173.798] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.800] GetTickCount () returned 0x116c1ff [0173.800] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.802] GetTickCount () returned 0x116c1ff [0173.802] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.804] GetTickCount () returned 0x116c1ff [0173.804] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.805] GetTickCount () returned 0x116c1ff [0173.805] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.807] GetTickCount () returned 0x116c1ff [0173.807] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.809] GetTickCount () returned 0x116c1ff [0173.809] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.829] GetTickCount () returned 0x116c21f [0173.829] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.830] GetTickCount () returned 0x116c21f [0173.831] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.832] GetTickCount () returned 0x116c21f [0173.832] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.833] GetTickCount () returned 0x116c21f [0173.833] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.834] GetTickCount () returned 0x116c21f [0173.834] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.835] GetTickCount () returned 0x116c21f [0173.835] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.836] GetTickCount () returned 0x116c21f [0173.836] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.837] GetTickCount () returned 0x116c21f [0173.837] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.838] GetTickCount () returned 0x116c21f [0173.838] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.839] GetTickCount () returned 0x116c21f [0173.839] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.841] GetTickCount () returned 0x116c21f [0173.841] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.843] GetTickCount () returned 0x116c22e [0173.843] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.844] GetTickCount () returned 0x116c22e [0173.844] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.846] GetTickCount () returned 0x116c22e [0173.846] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.847] GetTickCount () returned 0x116c22e [0173.847] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.849] GetTickCount () returned 0x116c22e [0173.849] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.851] GetTickCount () returned 0x116c22e [0173.851] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.852] GetTickCount () returned 0x116c22e [0173.853] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.854] GetTickCount () returned 0x116c22e [0173.854] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.856] GetTickCount () returned 0x116c22e [0173.856] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.858] GetTickCount () returned 0x116c23e [0173.858] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.860] GetTickCount () returned 0x116c23e [0173.860] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.861] GetTickCount () returned 0x116c23e [0173.861] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.863] GetTickCount () returned 0x116c23e [0173.863] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.883] GetTickCount () returned 0x116c24e [0173.883] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.885] GetTickCount () returned 0x116c24e [0173.885] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.886] GetTickCount () returned 0x116c24e [0173.886] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.888] GetTickCount () returned 0x116c24e [0173.888] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.893] GetTickCount () returned 0x116c25d [0173.893] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.894] GetTickCount () returned 0x116c25d [0173.895] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.895] GetTickCount () returned 0x116c25d [0173.896] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.897] GetTickCount () returned 0x116c25d [0173.897] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.898] GetTickCount () returned 0x116c25d [0173.898] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.900] GetTickCount () returned 0x116c25d [0173.900] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.902] GetTickCount () returned 0x116c25d [0173.902] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.903] GetTickCount () returned 0x116c25d [0173.903] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.907] GetTickCount () returned 0x116c26d [0173.907] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.908] GetTickCount () returned 0x116c26d [0173.908] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.910] GetTickCount () returned 0x116c26d [0173.910] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.912] GetTickCount () returned 0x116c26d [0173.912] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.913] GetTickCount () returned 0x116c26d [0173.913] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.916] GetTickCount () returned 0x116c26d [0173.916] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.918] GetTickCount () returned 0x116c26d [0173.918] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.919] GetTickCount () returned 0x116c26d [0173.919] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.921] GetTickCount () returned 0x116c27c [0173.921] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.922] GetTickCount () returned 0x116c27c [0173.922] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.923] GetTickCount () returned 0x116c27c [0173.923] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.924] GetTickCount () returned 0x116c27c [0173.924] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.926] GetTickCount () returned 0x116c27c [0173.926] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.927] GetTickCount () returned 0x116c27c [0173.928] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.931] GetTickCount () returned 0x116c27c [0173.931] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.932] GetTickCount () returned 0x116c27c [0173.933] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.934] GetTickCount () returned 0x116c27c [0173.934] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.935] GetTickCount () returned 0x116c27c [0173.935] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.937] GetTickCount () returned 0x116c28c [0173.937] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.939] GetTickCount () returned 0x116c28c [0173.939] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.940] GetTickCount () returned 0x116c28c [0173.940] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.942] GetTickCount () returned 0x116c28c [0173.942] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.944] GetTickCount () returned 0x116c28c [0173.944] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.945] GetTickCount () returned 0x116c28c [0173.945] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.946] GetTickCount () returned 0x116c28c [0173.946] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.948] GetTickCount () returned 0x116c28c [0173.948] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.949] GetTickCount () returned 0x116c28c [0173.949] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.951] GetTickCount () returned 0x116c28c [0173.951] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.953] GetTickCount () returned 0x116c29c [0173.953] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.954] GetTickCount () returned 0x116c29c [0173.954] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.956] GetTickCount () returned 0x116c29c [0173.956] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.963] GetTickCount () returned 0x116c29c [0173.964] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.965] GetTickCount () returned 0x116c29c [0173.965] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.967] GetTickCount () returned 0x116c2ab [0173.967] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.969] GetTickCount () returned 0x116c2ab [0173.969] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.970] GetTickCount () returned 0x116c2ab [0173.970] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.971] GetTickCount () returned 0x116c2ab [0173.971] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.973] GetTickCount () returned 0x116c2ab [0173.973] Thread32Next (hSnapshot=0x404, lpte=0x19f7dc) returned 1 [0173.974] GetTickCount () returned 0x116c2ab [0174.120] CloseHandle (hObject=0x404) returned 1 [0174.121] FreeLibrary (hLibModule=0x772d0000) returned 1 [0174.121] QueryPerformanceCounter (in: lpPerformanceCount=0x19f7a0 | out: lpPerformanceCount=0x19f7a0*=26902686209) returned 1 [0174.121] GlobalMemoryStatus (in: lpBuffer=0x19f7bc | out: lpBuffer=0x19f7bc) [0174.121] malloc (_Size=0x64) returned 0x1d04b8 [0174.121] free (_Block=0x1d04b8) [0174.121] GetCurrentProcessId () returned 0x1134 [0174.121] malloc (_Size=0x64) returned 0x1d04b8 [0174.122] free (_Block=0x1d04b8) [0174.122] GetVersion () returned 0x23f00206 [0174.122] GetDesktopWindow () returned 0x10010 [0174.122] GetProcessWindowStation () returned 0x130 [0174.122] GetUserObjectInformationW (in: hObj=0x130, nIndex=2, pvInfo=0x0, nLength=0x0, lpnLengthNeeded=0x19fb70 | out: pvInfo=0x0, lpnLengthNeeded=0x19fb70) returned 0 [0174.122] GetLastError () returned 0x7a [0174.122] GetUserObjectInformationW (in: hObj=0x130, nIndex=2, pvInfo=0x19fb50, nLength=0x10, lpnLengthNeeded=0x19fb70 | out: pvInfo=0x19fb50, lpnLengthNeeded=0x19fb70) returned 1 [0174.122] wcsstr (_Str="WinSta0", _SubStr="Service-0x") returned 0x0 [0174.123] CreateDCA (pwszDriver="DISPLAY", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x60100ce [0174.131] CreateCompatibleDC (hdc=0x60100ce) returned 0x39010783 [0174.131] GetDeviceCaps (hdc=0x60100ce, index=8) returned 1440 [0174.131] GetDeviceCaps (hdc=0x60100ce, index=10) returned 900 [0174.131] CreateCompatibleBitmap (hdc=0x60100ce, cx=1440, cy=16) returned 0x80507f4 [0174.134] SelectObject (hdc=0x39010783, h=0x80507f4) returned 0x85000f [0174.134] GetObjectA (in: h=0x80507f4, c=24, pv=0x19fbd0 | out: pv=0x19fbd0) returned 24 [0174.134] malloc (_Size=0x16800) returned 0x31d0048 [0174.136] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=0, rop=0xcc0020) returned 1 [0174.167] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.169] malloc (_Size=0x64) returned 0x1d04b8 [0174.171] free (_Block=0x1d04b8) [0174.171] malloc (_Size=0x64) returned 0x1d04b8 [0174.171] free (_Block=0x1d04b8) [0174.171] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=16, rop=0xcc0020) returned 1 [0174.206] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.207] malloc (_Size=0x64) returned 0x1d04b8 [0174.208] free (_Block=0x1d04b8) [0174.208] malloc (_Size=0x64) returned 0x1d04b8 [0174.208] free (_Block=0x1d04b8) [0174.208] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=32, rop=0xcc0020) returned 1 [0174.226] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.226] malloc (_Size=0x64) returned 0x1d04b8 [0174.226] free (_Block=0x1d04b8) [0174.226] malloc (_Size=0x64) returned 0x1d04b8 [0174.226] free (_Block=0x1d04b8) [0174.227] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=48, rop=0xcc0020) returned 1 [0174.246] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.246] malloc (_Size=0x64) returned 0x1d04b8 [0174.246] free (_Block=0x1d04b8) [0174.246] malloc (_Size=0x64) returned 0x1d04b8 [0174.246] free (_Block=0x1d04b8) [0174.246] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=64, rop=0xcc0020) returned 1 [0174.260] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.260] malloc (_Size=0x64) returned 0x1d04b8 [0174.260] free (_Block=0x1d04b8) [0174.260] malloc (_Size=0x64) returned 0x1d04b8 [0174.260] free (_Block=0x1d04b8) [0174.261] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=80, rop=0xcc0020) returned 1 [0174.290] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.290] malloc (_Size=0x64) returned 0x1d04b8 [0174.290] free (_Block=0x1d04b8) [0174.290] malloc (_Size=0x64) returned 0x1d04b8 [0174.290] free (_Block=0x1d04b8) [0174.291] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=96, rop=0xcc0020) returned 1 [0174.304] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.304] malloc (_Size=0x64) returned 0x1d04b8 [0174.305] free (_Block=0x1d04b8) [0174.305] malloc (_Size=0x64) returned 0x1d04b8 [0174.305] free (_Block=0x1d04b8) [0174.305] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=112, rop=0xcc0020) returned 1 [0174.336] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.336] malloc (_Size=0x64) returned 0x1d04b8 [0174.336] free (_Block=0x1d04b8) [0174.336] malloc (_Size=0x64) returned 0x1d04b8 [0174.337] free (_Block=0x1d04b8) [0174.337] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=128, rop=0xcc0020) returned 1 [0174.353] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.353] malloc (_Size=0x64) returned 0x1d04b8 [0174.353] free (_Block=0x1d04b8) [0174.353] malloc (_Size=0x64) returned 0x1d04b8 [0174.354] free (_Block=0x1d04b8) [0174.354] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=144, rop=0xcc0020) returned 1 [0174.382] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.382] malloc (_Size=0x64) returned 0x1d04b8 [0174.383] free (_Block=0x1d04b8) [0174.383] malloc (_Size=0x64) returned 0x1d04b8 [0174.383] free (_Block=0x1d04b8) [0174.383] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=160, rop=0xcc0020) returned 1 [0174.413] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.413] malloc (_Size=0x64) returned 0x1d04b8 [0174.413] free (_Block=0x1d04b8) [0174.413] malloc (_Size=0x64) returned 0x1d04b8 [0174.413] free (_Block=0x1d04b8) [0174.413] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=176, rop=0xcc0020) returned 1 [0174.458] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.458] malloc (_Size=0x64) returned 0x1d04b8 [0174.458] free (_Block=0x1d04b8) [0174.458] malloc (_Size=0x64) returned 0x1d04b8 [0174.458] free (_Block=0x1d04b8) [0174.458] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=192, rop=0xcc0020) returned 1 [0174.489] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.489] malloc (_Size=0x64) returned 0x1d04b8 [0174.489] free (_Block=0x1d04b8) [0174.489] malloc (_Size=0x64) returned 0x1d04b8 [0174.489] free (_Block=0x1d04b8) [0174.489] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=208, rop=0xcc0020) returned 1 [0174.564] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.565] malloc (_Size=0x64) returned 0x1d04b8 [0174.565] free (_Block=0x1d04b8) [0174.565] malloc (_Size=0x64) returned 0x1d04b8 [0174.565] free (_Block=0x1d04b8) [0174.565] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=224, rop=0xcc0020) returned 1 [0174.612] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.612] malloc (_Size=0x64) returned 0x1d04b8 [0174.613] free (_Block=0x1d04b8) [0174.613] malloc (_Size=0x64) returned 0x1d04b8 [0174.613] free (_Block=0x1d04b8) [0174.613] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=240, rop=0xcc0020) returned 1 [0174.632] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.632] malloc (_Size=0x64) returned 0x1d04b8 [0174.633] free (_Block=0x1d04b8) [0174.633] malloc (_Size=0x64) returned 0x1d04b8 [0174.633] free (_Block=0x1d04b8) [0174.633] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=256, rop=0xcc0020) returned 1 [0174.663] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.663] malloc (_Size=0x64) returned 0x1d04b8 [0174.663] free (_Block=0x1d04b8) [0174.663] malloc (_Size=0x64) returned 0x1d04b8 [0174.664] free (_Block=0x1d04b8) [0174.664] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=272, rop=0xcc0020) returned 1 [0174.679] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.679] malloc (_Size=0x64) returned 0x1d04b8 [0174.680] free (_Block=0x1d04b8) [0174.680] malloc (_Size=0x64) returned 0x1d04b8 [0174.680] free (_Block=0x1d04b8) [0174.680] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=288, rop=0xcc0020) returned 1 [0174.712] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.712] malloc (_Size=0x64) returned 0x1d04b8 [0174.712] free (_Block=0x1d04b8) [0174.712] malloc (_Size=0x64) returned 0x1d04b8 [0174.712] free (_Block=0x1d04b8) [0174.712] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=304, rop=0xcc0020) returned 1 [0174.727] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.727] malloc (_Size=0x64) returned 0x1d04b8 [0174.727] free (_Block=0x1d04b8) [0174.727] malloc (_Size=0x64) returned 0x1d04b8 [0174.727] free (_Block=0x1d04b8) [0174.727] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=320, rop=0xcc0020) returned 1 [0174.758] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.758] malloc (_Size=0x64) returned 0x1d04b8 [0174.758] free (_Block=0x1d04b8) [0174.758] malloc (_Size=0x64) returned 0x1d04b8 [0174.758] free (_Block=0x1d04b8) [0174.758] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=336, rop=0xcc0020) returned 1 [0174.776] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.776] malloc (_Size=0x64) returned 0x1d04b8 [0174.776] free (_Block=0x1d04b8) [0174.776] malloc (_Size=0x64) returned 0x1d04b8 [0174.776] free (_Block=0x1d04b8) [0174.776] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=352, rop=0xcc0020) returned 1 [0174.788] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.788] malloc (_Size=0x64) returned 0x1d04b8 [0174.789] free (_Block=0x1d04b8) [0174.789] malloc (_Size=0x64) returned 0x1d04b8 [0174.789] free (_Block=0x1d04b8) [0174.789] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=368, rop=0xcc0020) returned 1 [0174.804] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.804] malloc (_Size=0x64) returned 0x1d04b8 [0174.805] free (_Block=0x1d04b8) [0174.805] malloc (_Size=0x64) returned 0x1d04b8 [0174.805] free (_Block=0x1d04b8) [0174.805] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=384, rop=0xcc0020) returned 1 [0174.839] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.839] malloc (_Size=0x64) returned 0x1d04b8 [0174.839] free (_Block=0x1d04b8) [0174.839] malloc (_Size=0x64) returned 0x1d04b8 [0174.839] free (_Block=0x1d04b8) [0174.839] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=400, rop=0xcc0020) returned 1 [0174.913] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.913] malloc (_Size=0x64) returned 0x1d04b8 [0174.914] free (_Block=0x1d04b8) [0174.914] malloc (_Size=0x64) returned 0x1d04b8 [0174.914] free (_Block=0x1d04b8) [0174.914] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=416, rop=0xcc0020) returned 1 [0174.942] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.942] malloc (_Size=0x64) returned 0x1d04b8 [0174.942] free (_Block=0x1d04b8) [0174.942] malloc (_Size=0x64) returned 0x1d04b8 [0174.942] free (_Block=0x1d04b8) [0174.942] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=432, rop=0xcc0020) returned 1 [0174.974] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0174.974] malloc (_Size=0x64) returned 0x1d04b8 [0174.975] free (_Block=0x1d04b8) [0174.975] malloc (_Size=0x64) returned 0x1d04b8 [0174.975] free (_Block=0x1d04b8) [0174.975] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=448, rop=0xcc0020) returned 1 [0175.007] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.007] malloc (_Size=0x64) returned 0x1d04b8 [0175.007] free (_Block=0x1d04b8) [0175.007] malloc (_Size=0x64) returned 0x1d04b8 [0175.007] free (_Block=0x1d04b8) [0175.007] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=464, rop=0xcc0020) returned 1 [0175.159] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.160] malloc (_Size=0x64) returned 0x1d04b8 [0175.160] free (_Block=0x1d04b8) [0175.160] malloc (_Size=0x64) returned 0x1d04b8 [0175.160] free (_Block=0x1d04b8) [0175.160] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=480, rop=0xcc0020) returned 1 [0175.194] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.195] malloc (_Size=0x64) returned 0x1d04b8 [0175.195] free (_Block=0x1d04b8) [0175.195] malloc (_Size=0x64) returned 0x1d04b8 [0175.195] free (_Block=0x1d04b8) [0175.195] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=496, rop=0xcc0020) returned 1 [0175.229] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.229] malloc (_Size=0x64) returned 0x1d04b8 [0175.230] free (_Block=0x1d04b8) [0175.230] malloc (_Size=0x64) returned 0x1d04b8 [0175.230] free (_Block=0x1d04b8) [0175.230] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=512, rop=0xcc0020) returned 1 [0175.257] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.257] malloc (_Size=0x64) returned 0x1d04b8 [0175.258] free (_Block=0x1d04b8) [0175.258] malloc (_Size=0x64) returned 0x1d04b8 [0175.258] free (_Block=0x1d04b8) [0175.258] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=528, rop=0xcc0020) returned 1 [0175.273] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.273] malloc (_Size=0x64) returned 0x1d04b8 [0175.273] free (_Block=0x1d04b8) [0175.273] malloc (_Size=0x64) returned 0x1d04b8 [0175.273] free (_Block=0x1d04b8) [0175.274] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=544, rop=0xcc0020) returned 1 [0175.586] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.586] malloc (_Size=0x64) returned 0x1d04b8 [0175.586] free (_Block=0x1d04b8) [0175.586] malloc (_Size=0x64) returned 0x1d04b8 [0175.586] free (_Block=0x1d04b8) [0175.586] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=560, rop=0xcc0020) returned 1 [0175.597] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.597] malloc (_Size=0x64) returned 0x1d04b8 [0175.597] free (_Block=0x1d04b8) [0175.597] malloc (_Size=0x64) returned 0x1d04b8 [0175.597] free (_Block=0x1d04b8) [0175.597] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=576, rop=0xcc0020) returned 1 [0175.612] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.612] malloc (_Size=0x64) returned 0x1d04b8 [0175.612] free (_Block=0x1d04b8) [0175.612] malloc (_Size=0x64) returned 0x1d04b8 [0175.612] free (_Block=0x1d04b8) [0175.613] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=592, rop=0xcc0020) returned 1 [0175.627] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.627] malloc (_Size=0x64) returned 0x1d04b8 [0175.628] free (_Block=0x1d04b8) [0175.628] malloc (_Size=0x64) returned 0x1d04b8 [0175.628] free (_Block=0x1d04b8) [0175.628] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=608, rop=0xcc0020) returned 1 [0175.645] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.645] malloc (_Size=0x64) returned 0x1d04b8 [0175.646] free (_Block=0x1d04b8) [0175.646] malloc (_Size=0x64) returned 0x1d04b8 [0175.646] free (_Block=0x1d04b8) [0175.646] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=624, rop=0xcc0020) returned 1 [0175.660] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.660] malloc (_Size=0x64) returned 0x1d04b8 [0175.661] free (_Block=0x1d04b8) [0175.661] malloc (_Size=0x64) returned 0x1d04b8 [0175.661] free (_Block=0x1d04b8) [0175.661] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=640, rop=0xcc0020) returned 1 [0175.692] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.692] malloc (_Size=0x64) returned 0x1d04b8 [0175.692] free (_Block=0x1d04b8) [0175.692] malloc (_Size=0x64) returned 0x1d04b8 [0175.692] free (_Block=0x1d04b8) [0175.692] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=656, rop=0xcc0020) returned 1 [0175.723] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.723] malloc (_Size=0x64) returned 0x1d04b8 [0175.724] free (_Block=0x1d04b8) [0175.724] malloc (_Size=0x64) returned 0x1d04b8 [0175.724] free (_Block=0x1d04b8) [0175.724] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=672, rop=0xcc0020) returned 1 [0175.768] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.769] malloc (_Size=0x64) returned 0x1d04b8 [0175.769] free (_Block=0x1d04b8) [0175.769] malloc (_Size=0x64) returned 0x1d04b8 [0175.769] free (_Block=0x1d04b8) [0175.769] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=688, rop=0xcc0020) returned 1 [0175.785] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.786] malloc (_Size=0x64) returned 0x1d04b8 [0175.786] free (_Block=0x1d04b8) [0175.786] malloc (_Size=0x64) returned 0x1d04b8 [0175.786] free (_Block=0x1d04b8) [0175.786] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=704, rop=0xcc0020) returned 1 [0175.800] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.800] malloc (_Size=0x64) returned 0x1d04b8 [0175.801] free (_Block=0x1d04b8) [0175.801] malloc (_Size=0x64) returned 0x1d04b8 [0175.801] free (_Block=0x1d04b8) [0175.801] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=720, rop=0xcc0020) returned 1 [0175.880] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.880] malloc (_Size=0x64) returned 0x1d04b8 [0175.881] free (_Block=0x1d04b8) [0175.881] malloc (_Size=0x64) returned 0x1d04b8 [0175.881] free (_Block=0x1d04b8) [0175.881] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=736, rop=0xcc0020) returned 1 [0175.893] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.893] malloc (_Size=0x64) returned 0x1d04b8 [0175.893] free (_Block=0x1d04b8) [0175.893] malloc (_Size=0x64) returned 0x1d04b8 [0175.893] free (_Block=0x1d04b8) [0175.893] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=752, rop=0xcc0020) returned 1 [0175.925] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.926] malloc (_Size=0x64) returned 0x1d04b8 [0175.926] free (_Block=0x1d04b8) [0175.926] malloc (_Size=0x64) returned 0x1d04b8 [0175.926] free (_Block=0x1d04b8) [0175.926] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=768, rop=0xcc0020) returned 1 [0175.959] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.959] malloc (_Size=0x64) returned 0x1d04b8 [0175.959] free (_Block=0x1d04b8) [0175.959] malloc (_Size=0x64) returned 0x1d04b8 [0175.959] free (_Block=0x1d04b8) [0175.959] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=784, rop=0xcc0020) returned 1 [0175.986] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0175.986] malloc (_Size=0x64) returned 0x1d04b8 [0175.986] free (_Block=0x1d04b8) [0175.986] malloc (_Size=0x64) returned 0x1d04b8 [0175.986] free (_Block=0x1d04b8) [0175.986] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=800, rop=0xcc0020) returned 1 [0176.104] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0176.104] malloc (_Size=0x64) returned 0x1d04b8 [0176.106] free (_Block=0x1d04b8) [0176.106] malloc (_Size=0x64) returned 0x1d04b8 [0176.106] free (_Block=0x1d04b8) [0176.106] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=816, rop=0xcc0020) returned 1 [0176.143] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0176.143] malloc (_Size=0x64) returned 0x1d04b8 [0176.143] free (_Block=0x1d04b8) [0176.143] malloc (_Size=0x64) returned 0x1d04b8 [0176.143] free (_Block=0x1d04b8) [0176.143] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=832, rop=0xcc0020) returned 1 [0176.174] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0176.174] malloc (_Size=0x64) returned 0x1d04b8 [0176.174] free (_Block=0x1d04b8) [0176.174] malloc (_Size=0x64) returned 0x1d04b8 [0176.174] free (_Block=0x1d04b8) [0176.174] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=848, rop=0xcc0020) returned 1 [0176.191] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0176.191] malloc (_Size=0x64) returned 0x1d04b8 [0176.191] free (_Block=0x1d04b8) [0176.191] malloc (_Size=0x64) returned 0x1d04b8 [0176.191] free (_Block=0x1d04b8) [0176.191] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=864, rop=0xcc0020) returned 1 [0176.220] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0176.220] malloc (_Size=0x64) returned 0x1d04b8 [0176.220] free (_Block=0x1d04b8) [0176.220] malloc (_Size=0x64) returned 0x1d04b8 [0176.220] free (_Block=0x1d04b8) [0176.220] BitBlt (hdc=0x39010783, x=0, y=0, cx=1440, cy=16, hdcSrc=0x60100ce, x1=0, y1=880, rop=0xcc0020) returned 1 [0176.236] GetBitmapBits (in: hbit=0x80507f4, cb=92160, lpvBits=0x31d0048 | out: lpvBits=0x31d0048) returned 92160 [0176.236] malloc (_Size=0x64) returned 0x1d04b8 [0176.236] free (_Block=0x1d04b8) [0176.236] malloc (_Size=0x64) returned 0x1d04b8 [0176.236] free (_Block=0x1d04b8) [0176.236] free (_Block=0x31d0048) [0176.236] SelectObject (hdc=0x39010783, h=0x85000f) returned 0x80507f4 [0176.237] DeleteObject (ho=0x80507f4) returned 1 [0176.237] DeleteDC (hdc=0x39010783) returned 1 [0176.237] DeleteDC (hdc=0x60100ce) returned 1 [0176.293] malloc (_Size=0x60) returned 0x1d04b8 [0176.293] malloc (_Size=0x40) returned 0x1d11d0 [0176.293] malloc (_Size=0xc) returned 0x1d87b0 [0176.293] malloc (_Size=0xc) returned 0x1d8750 [0176.293] malloc (_Size=0xc) returned 0x1d8900 [0176.293] malloc (_Size=0xc) returned 0x1d87c8 [0176.293] malloc (_Size=0xc) returned 0x1d8930 [0176.293] malloc (_Size=0xc) returned 0x1d87e0 [0176.293] malloc (_Size=0xc) returned 0x1d8978 [0176.293] malloc (_Size=0xc) returned 0x1d89a8 [0176.293] malloc (_Size=0xc) returned 0x1d9378 [0176.293] malloc (_Size=0xc) returned 0x1d92e8 [0176.293] malloc (_Size=0xc) returned 0x1d9558 [0176.294] malloc (_Size=0xc) returned 0x1d9570 [0176.294] malloc (_Size=0xc) returned 0x1d9528 [0176.294] malloc (_Size=0xc) returned 0x1d9408 [0176.294] malloc (_Size=0xc) returned 0x1d9588 [0176.294] malloc (_Size=0xc) returned 0x1d9330 [0176.294] malloc (_Size=0xc) returned 0x1d9450 [0176.294] malloc (_Size=0xc) returned 0x1d93c0 [0176.294] malloc (_Size=0xc) returned 0x1d95a0 [0176.294] malloc (_Size=0xc) returned 0x1d93f0 [0176.294] malloc (_Size=0xc) returned 0x1d94e0 [0176.294] malloc (_Size=0xc) returned 0x1d95b8 [0176.294] malloc (_Size=0xc) returned 0x1d94c8 [0176.294] malloc (_Size=0xc) returned 0x1d9420 [0176.294] malloc (_Size=0xc) returned 0x1d9438 [0176.294] malloc (_Size=0xc) returned 0x1d9468 [0176.294] malloc (_Size=0xc) returned 0x1d9540 [0176.294] malloc (_Size=0xc) returned 0x1d94f8 [0176.294] malloc (_Size=0xc) returned 0x1d92d0 [0176.294] malloc (_Size=0xc) returned 0x1d9360 [0176.294] realloc (_Block=0x1d11d0, _Size=0x80) returned 0x1d0520 [0176.294] malloc (_Size=0xc) returned 0x1d9480 [0176.294] malloc (_Size=0xc) returned 0x1d93d8 [0176.294] malloc (_Size=0xc) returned 0x1d9498 [0176.294] malloc (_Size=0xc) returned 0x1d94b0 [0176.294] malloc (_Size=0xc) returned 0x1d9348 [0176.294] malloc (_Size=0xc) returned 0x1d9390 [0176.294] malloc (_Size=0xc) returned 0x1d9300 [0176.294] malloc (_Size=0xc) returned 0x1d9510 [0176.294] malloc (_Size=0xc) returned 0x1d9318 [0176.294] malloc (_Size=0xc) returned 0x1d93a8 [0176.294] malloc (_Size=0xc) returned 0x1d9768 [0176.294] malloc (_Size=0xc) returned 0x1d97e0 [0176.294] malloc (_Size=0xc) returned 0x1d9870 [0176.294] malloc (_Size=0xc) returned 0x1d9618 [0176.295] malloc (_Size=0xc) returned 0x1d98b8 [0176.295] malloc (_Size=0xc) returned 0x1d96a8 [0176.295] malloc (_Size=0xc) returned 0x1d9810 [0176.295] malloc (_Size=0xc) returned 0x1d9660 [0176.295] malloc (_Size=0xc) returned 0x1d97f8 [0176.295] malloc (_Size=0xc) returned 0x1d9840 [0176.295] malloc (_Size=0xc) returned 0x1d95d0 [0176.295] malloc (_Size=0xc) returned 0x1d95e8 [0176.295] malloc (_Size=0xc) returned 0x1d9600 [0176.295] malloc (_Size=0xc) returned 0x1d9738 [0176.295] malloc (_Size=0xc) returned 0x1d9690 [0176.295] malloc (_Size=0xc) returned 0x1d96f0 [0176.295] malloc (_Size=0xc) returned 0x1d9678 [0176.295] malloc (_Size=0xc) returned 0x1d9828 [0176.295] malloc (_Size=0xc) returned 0x1d96c0 [0176.295] malloc (_Size=0xc) returned 0x1d9630 [0176.295] malloc (_Size=0xc) returned 0x1d96d8 [0176.295] malloc (_Size=0xc) returned 0x1d9708 [0176.295] realloc (_Block=0x1d0520, _Size=0x100) returned 0x1d1350 [0176.295] malloc (_Size=0xc) returned 0x1d9720 [0176.295] malloc (_Size=0xc) returned 0x1d9750 [0176.295] malloc (_Size=0xc) returned 0x1d9780 [0176.295] malloc (_Size=0xc) returned 0x1d9858 [0176.295] malloc (_Size=0xc) returned 0x1d9648 [0176.295] malloc (_Size=0xc) returned 0x1d9798 [0176.295] malloc (_Size=0xc) returned 0x1d97b0 [0176.295] malloc (_Size=0xc) returned 0x1d9888 [0176.295] malloc (_Size=0xc) returned 0x1d97c8 [0176.295] malloc (_Size=0xc) returned 0x1d98a0 [0176.295] malloc (_Size=0xc) returned 0x1d98d0 [0176.295] malloc (_Size=0xc) returned 0x1d9900 [0176.295] malloc (_Size=0xc) returned 0x1d9948 [0176.296] strerror (param_1=1) returned="Operation not permitted" [0176.296] strncpy (in: _Dest=0x101175a8, _Source="Operation not permitted", _Count=0x20 | out: _Dest="Operation not permitted") returned="Operation not permitted" [0176.296] strerror (param_1=2) returned="No such file or directory" [0176.296] strncpy (in: _Dest=0x101175c8, _Source="No such file or directory", _Count=0x20 | out: _Dest="No such file or directory") returned="No such file or directory" [0176.296] strerror (param_1=3) returned="No such process" [0176.296] strncpy (in: _Dest=0x101175e8, _Source="No such process", _Count=0x20 | out: _Dest="No such process") returned="No such process" [0176.296] strerror (param_1=4) returned="Interrupted function call" [0176.296] strncpy (in: _Dest=0x10117608, _Source="Interrupted function call", _Count=0x20 | out: _Dest="Interrupted function call") returned="Interrupted function call" [0176.296] strerror (param_1=5) returned="Input/output error" [0176.296] strncpy (in: _Dest=0x10117628, _Source="Input/output error", _Count=0x20 | out: _Dest="Input/output error") returned="Input/output error" [0176.296] strerror (param_1=6) returned="No such device or address" [0176.296] strncpy (in: _Dest=0x10117648, _Source="No such device or address", _Count=0x20 | out: _Dest="No such device or address") returned="No such device or address" [0176.296] strerror (param_1=7) returned="Arg list too long" [0176.296] strncpy (in: _Dest=0x10117668, _Source="Arg list too long", _Count=0x20 | out: _Dest="Arg list too long") returned="Arg list too long" [0176.296] strerror (param_1=8) returned="Exec format error" [0176.296] strncpy (in: _Dest=0x10117688, _Source="Exec format error", _Count=0x20 | out: _Dest="Exec format error") returned="Exec format error" [0176.296] strerror (param_1=9) returned="Bad file descriptor" [0176.296] strncpy (in: _Dest=0x101176a8, _Source="Bad file descriptor", _Count=0x20 | out: _Dest="Bad file descriptor") returned="Bad file descriptor" [0176.296] strerror (param_1=10) returned="No child processes" [0176.296] strncpy (in: _Dest=0x101176c8, _Source="No child processes", _Count=0x20 | out: _Dest="No child processes") returned="No child processes" [0176.296] strerror (param_1=11) returned="Resource temporarily unavailable" [0176.296] strncpy (in: _Dest=0x101176e8, _Source="Resource temporarily unavailable", _Count=0x20 | out: _Dest="Resource temporarily unavailable") returned="Resource temporarily unavailable" [0176.296] strerror (param_1=12) returned="Not enough space" [0176.296] strncpy (in: _Dest=0x10117708, _Source="Not enough space", _Count=0x20 | out: _Dest="Not enough space") returned="Not enough space" [0176.296] strerror (param_1=13) returned="Permission denied" [0176.297] strncpy (in: _Dest=0x10117728, _Source="Permission denied", _Count=0x20 | out: _Dest="Permission denied") returned="Permission denied" [0176.297] strerror (param_1=14) returned="Bad address" [0176.297] strncpy (in: _Dest=0x10117748, _Source="Bad address", _Count=0x20 | out: _Dest="Bad address") returned="Bad address" [0176.297] strerror (param_1=15) returned="Unknown error" [0176.297] strncpy (in: _Dest=0x10117768, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.297] strerror (param_1=16) returned="Resource device" [0176.297] strncpy (in: _Dest=0x10117788, _Source="Resource device", _Count=0x20 | out: _Dest="Resource device") returned="Resource device" [0176.297] strerror (param_1=17) returned="File exists" [0176.297] strncpy (in: _Dest=0x101177a8, _Source="File exists", _Count=0x20 | out: _Dest="File exists") returned="File exists" [0176.297] strerror (param_1=18) returned="Improper link" [0176.297] strncpy (in: _Dest=0x101177c8, _Source="Improper link", _Count=0x20 | out: _Dest="Improper link") returned="Improper link" [0176.297] strerror (param_1=19) returned="No such device" [0176.297] strncpy (in: _Dest=0x101177e8, _Source="No such device", _Count=0x20 | out: _Dest="No such device") returned="No such device" [0176.297] strerror (param_1=20) returned="Not a directory" [0176.297] strncpy (in: _Dest=0x10117808, _Source="Not a directory", _Count=0x20 | out: _Dest="Not a directory") returned="Not a directory" [0176.297] strerror (param_1=21) returned="Is a directory" [0176.297] strncpy (in: _Dest=0x10117828, _Source="Is a directory", _Count=0x20 | out: _Dest="Is a directory") returned="Is a directory" [0176.297] strerror (param_1=22) returned="Invalid argument" [0176.297] strncpy (in: _Dest=0x10117848, _Source="Invalid argument", _Count=0x20 | out: _Dest="Invalid argument") returned="Invalid argument" [0176.297] strerror (param_1=23) returned="Too many open files in system" [0176.297] strncpy (in: _Dest=0x10117868, _Source="Too many open files in system", _Count=0x20 | out: _Dest="Too many open files in system") returned="Too many open files in system" [0176.297] strerror (param_1=24) returned="Too many open files" [0176.297] strncpy (in: _Dest=0x10117888, _Source="Too many open files", _Count=0x20 | out: _Dest="Too many open files") returned="Too many open files" [0176.297] strerror (param_1=25) returned="Inappropriate I/O control operation" [0176.297] strncpy (in: _Dest=0x101178a8, _Source="Inappropriate I/O control operation", _Count=0x20 | out: _Dest="Inappropriate I/O control operat") returned="Inappropriate I/O control operat" [0176.297] strerror (param_1=26) returned="Unknown error" [0176.297] strncpy (in: _Dest=0x101178c8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.297] strerror (param_1=27) returned="File too large" [0176.297] strncpy (in: _Dest=0x101178e8, _Source="File too large", _Count=0x20 | out: _Dest="File too large") returned="File too large" [0176.297] strerror (param_1=28) returned="No space left on device" [0176.297] strncpy (in: _Dest=0x10117908, _Source="No space left on device", _Count=0x20 | out: _Dest="No space left on device") returned="No space left on device" [0176.297] strerror (param_1=29) returned="Invalid seek" [0176.297] strncpy (in: _Dest=0x10117928, _Source="Invalid seek", _Count=0x20 | out: _Dest="Invalid seek") returned="Invalid seek" [0176.297] strerror (param_1=30) returned="Read-only file system" [0176.297] strncpy (in: _Dest=0x10117948, _Source="Read-only file system", _Count=0x20 | out: _Dest="Read-only file system") returned="Read-only file system" [0176.298] strerror (param_1=31) returned="Too many links" [0176.298] strncpy (in: _Dest=0x10117968, _Source="Too many links", _Count=0x20 | out: _Dest="Too many links") returned="Too many links" [0176.298] strerror (param_1=32) returned="Broken pipe" [0176.298] strncpy (in: _Dest=0x10117988, _Source="Broken pipe", _Count=0x20 | out: _Dest="Broken pipe") returned="Broken pipe" [0176.298] strerror (param_1=33) returned="Domain error" [0176.298] strncpy (in: _Dest=0x101179a8, _Source="Domain error", _Count=0x20 | out: _Dest="Domain error") returned="Domain error" [0176.298] strerror (param_1=34) returned="Result too large" [0176.298] strncpy (in: _Dest=0x101179c8, _Source="Result too large", _Count=0x20 | out: _Dest="Result too large") returned="Result too large" [0176.298] strerror (param_1=35) returned="Unknown error" [0176.298] strncpy (in: _Dest=0x101179e8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.298] strerror (param_1=36) returned="Resource deadlock avoided" [0176.298] strncpy (in: _Dest=0x10117a08, _Source="Resource deadlock avoided", _Count=0x20 | out: _Dest="Resource deadlock avoided") returned="Resource deadlock avoided" [0176.298] strerror (param_1=37) returned="Unknown error" [0176.298] strncpy (in: _Dest=0x10117a28, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.298] strerror (param_1=38) returned="Filename too long" [0176.298] strncpy (in: _Dest=0x10117a48, _Source="Filename too long", _Count=0x20 | out: _Dest="Filename too long") returned="Filename too long" [0176.298] strerror (param_1=39) returned="No locks available" [0176.298] strncpy (in: _Dest=0x10117a68, _Source="No locks available", _Count=0x20 | out: _Dest="No locks available") returned="No locks available" [0176.298] strerror (param_1=40) returned="Function not implemented" [0176.298] strncpy (in: _Dest=0x10117a88, _Source="Function not implemented", _Count=0x20 | out: _Dest="Function not implemented") returned="Function not implemented" [0176.298] strerror (param_1=41) returned="Directory not empty" [0176.298] strncpy (in: _Dest=0x10117aa8, _Source="Directory not empty", _Count=0x20 | out: _Dest="Directory not empty") returned="Directory not empty" [0176.298] strerror (param_1=42) returned="Illegal byte sequence" [0176.298] strncpy (in: _Dest=0x10117ac8, _Source="Illegal byte sequence", _Count=0x20 | out: _Dest="Illegal byte sequence") returned="Illegal byte sequence" [0176.298] strerror (param_1=43) returned="Unknown error" [0176.298] strncpy (in: _Dest=0x10117ae8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.298] strerror (param_1=44) returned="Unknown error" [0176.298] strncpy (in: _Dest=0x10117b08, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.298] strerror (param_1=45) returned="Unknown error" [0176.298] strncpy (in: _Dest=0x10117b28, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.298] strerror (param_1=46) returned="Unknown error" [0176.298] strncpy (in: _Dest=0x10117b48, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=47) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117b68, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=48) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117b88, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=49) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117ba8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=50) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117bc8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=51) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117be8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=52) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117c08, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=53) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117c28, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=54) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117c48, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=55) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117c68, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=56) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117c88, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=57) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117ca8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=58) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117cc8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=59) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117ce8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=60) returned="Unknown error" [0176.299] strncpy (in: _Dest=0x10117d08, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.299] strerror (param_1=61) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117d28, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=62) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117d48, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=63) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117d68, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=64) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117d88, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=65) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117da8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=66) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117dc8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=67) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117de8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=68) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117e08, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=69) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117e28, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=70) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117e48, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=71) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117e68, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=72) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117e88, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=73) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117ea8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=74) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117ec8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=75) returned="Unknown error" [0176.300] strncpy (in: _Dest=0x10117ee8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.300] strerror (param_1=76) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10117f08, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=77) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10117f28, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=78) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10117f48, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=79) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10117f68, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=80) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10117f88, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=81) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10117fa8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=82) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10117fc8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=83) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10117fe8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=84) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10118008, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=85) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10118028, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=86) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10118048, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=87) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10118068, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=88) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x10118088, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=89) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x101180a8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=90) returned="Unknown error" [0176.301] strncpy (in: _Dest=0x101180c8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.301] strerror (param_1=91) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x101180e8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=92) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x10118108, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=93) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x10118128, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=94) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x10118148, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=95) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x10118168, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=96) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x10118188, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=97) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x101181a8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=98) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x101181c8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=99) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x101181e8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=100) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x10118208, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=101) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x10118228, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=102) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x10118248, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=103) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x10118268, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=104) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x10118288, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=105) returned="Unknown error" [0176.302] strncpy (in: _Dest=0x101182a8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.302] strerror (param_1=106) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x101182c8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=107) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x101182e8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=108) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x10118308, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=109) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x10118328, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=110) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x10118348, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=111) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x10118368, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=112) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x10118388, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=113) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x101183a8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=114) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x101183c8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=115) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x101183e8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=116) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x10118408, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=117) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x10118428, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=118) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x10118448, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=119) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x10118468, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=120) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x10118488, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.303] strerror (param_1=121) returned="Unknown error" [0176.303] strncpy (in: _Dest=0x101184a8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.304] strerror (param_1=122) returned="Unknown error" [0176.304] strncpy (in: _Dest=0x101184c8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.304] strerror (param_1=123) returned="Unknown error" [0176.304] strncpy (in: _Dest=0x101184e8, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.304] strerror (param_1=124) returned="Unknown error" [0176.304] strncpy (in: _Dest=0x10118508, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.304] strerror (param_1=125) returned="Unknown error" [0176.304] strncpy (in: _Dest=0x10118528, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.304] strerror (param_1=126) returned="Unknown error" [0176.304] strncpy (in: _Dest=0x10118548, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.304] strerror (param_1=127) returned="Unknown error" [0176.304] strncpy (in: _Dest=0x10118568, _Source="Unknown error", _Count=0x20 | out: _Dest="Unknown error") returned="Unknown error" [0176.304] malloc (_Size=0xc) returned 0x1d9990 [0176.304] malloc (_Size=0xc) returned 0x1d99d8 [0176.304] malloc (_Size=0xc) returned 0x1d99f0 [0176.304] malloc (_Size=0xc) returned 0x1d9a08 [0176.304] malloc (_Size=0xc) returned 0x1d9960 [0176.304] malloc (_Size=0xc) returned 0x1d9918 [0176.304] malloc (_Size=0xc) returned 0x1d99a8 [0176.304] malloc (_Size=0xc) returned 0x1d99c0 [0176.304] malloc (_Size=0xc) returned 0x1d9a80 [0176.304] malloc (_Size=0xc) returned 0x1d98e8 [0176.304] malloc (_Size=0xc) returned 0x1d9a20 [0176.304] malloc (_Size=0xc) returned 0x1d9a38 [0176.304] malloc (_Size=0xc) returned 0x1d9978 [0176.304] malloc (_Size=0xc) returned 0x1d9a50 [0176.304] malloc (_Size=0xc) returned 0x1d9a68 [0176.304] malloc (_Size=0xc) returned 0x1d9930 [0176.304] malloc (_Size=0xc) returned 0x31d0540 [0176.304] malloc (_Size=0xc) returned 0x31d0600 [0176.304] malloc (_Size=0xc) returned 0x31d0438 [0176.304] malloc (_Size=0xc) returned 0x31d04e0 [0176.304] malloc (_Size=0xc) returned 0x31d04f8 [0176.304] malloc (_Size=0xc) returned 0x31d0510 [0176.305] malloc (_Size=0xc) returned 0x31d0528 [0176.305] malloc (_Size=0xc) returned 0x31d0618 [0176.305] malloc (_Size=0xc) returned 0x31d0588 [0176.305] malloc (_Size=0xc) returned 0x31d0570 [0176.305] malloc (_Size=0xc) returned 0x31d0390 [0176.305] malloc (_Size=0xc) returned 0x31d03d8 [0176.305] malloc (_Size=0xc) returned 0x31d0498 [0176.305] malloc (_Size=0xc) returned 0x31d0660 [0176.305] malloc (_Size=0xc) returned 0x31d03a8 [0176.305] malloc (_Size=0xc) returned 0x31d05a0 [0176.305] malloc (_Size=0xc) returned 0x31d05e8 [0176.305] malloc (_Size=0xc) returned 0x31d04b0 [0176.305] malloc (_Size=0xc) returned 0x31d0630 [0176.305] malloc (_Size=0xc) returned 0x31d0558 [0176.305] malloc (_Size=0xc) returned 0x31d0408 [0176.305] malloc (_Size=0xc) returned 0x31d0648 [0176.305] malloc (_Size=0xc) returned 0x31d05b8 [0176.305] malloc (_Size=0xc) returned 0x31d04c8 [0176.305] malloc (_Size=0xc) returned 0x31d03f0 [0176.305] malloc (_Size=0xc) returned 0x31d0378 [0176.305] malloc (_Size=0xc) returned 0x31d03c0 [0176.305] malloc (_Size=0xc) returned 0x31d0420 [0176.305] malloc (_Size=0xc) returned 0x31d0450 [0176.305] malloc (_Size=0xc) returned 0x31d0468 [0176.305] malloc (_Size=0xc) returned 0x31d0480 [0176.305] malloc (_Size=0xc) returned 0x31d05d0 [0176.305] malloc (_Size=0xc) returned 0x31d0690 [0176.305] malloc (_Size=0xc) returned 0x31d06a8 [0176.305] malloc (_Size=0xc) returned 0x31d0750 [0176.305] realloc (_Block=0x1d1350, _Size=0x200) returned 0x1d7470 [0176.305] malloc (_Size=0xc) returned 0x31d07c8 [0176.306] malloc (_Size=0xc) returned 0x31d07f8 [0176.306] malloc (_Size=0xc) returned 0x31d06c0 [0176.306] malloc (_Size=0xc) returned 0x31d06d8 [0176.306] malloc (_Size=0xc) returned 0x31d06f0 [0176.306] malloc (_Size=0xc) returned 0x31d0708 [0176.306] malloc (_Size=0xc) returned 0x31d0780 [0176.306] malloc (_Size=0xc) returned 0x31d0798 [0176.306] malloc (_Size=0xc) returned 0x31d07e0 [0176.306] malloc (_Size=0xc) returned 0x31d0810 [0176.306] malloc (_Size=0xc) returned 0x31d0720 [0176.306] malloc (_Size=0xc) returned 0x31d0828 [0176.306] malloc (_Size=0xc) returned 0x31d0768 [0176.306] malloc (_Size=0xc) returned 0x31d0678 [0176.306] malloc (_Size=0xc) returned 0x31d0738 [0176.306] malloc (_Size=0xc) returned 0x31d07b0 [0176.306] malloc (_Size=0xc) returned 0x31d0168 [0176.306] malloc (_Size=0xc) returned 0x31d0180 [0176.306] malloc (_Size=0xc) returned 0x31d0270 [0176.306] malloc (_Size=0xc) returned 0x31d01f8 [0176.306] malloc (_Size=0xc) returned 0x31d00c0 [0176.306] malloc (_Size=0xc) returned 0x31d0318 [0176.306] malloc (_Size=0xc) returned 0x31d00f0 [0176.306] malloc (_Size=0xc) returned 0x31d02b8 [0176.306] malloc (_Size=0xc) returned 0x31d0108 [0176.306] malloc (_Size=0xc) returned 0x31d0078 [0176.306] malloc (_Size=0xc) returned 0x31d02d0 [0176.306] malloc (_Size=0xc) returned 0x31d0120 [0176.306] malloc (_Size=0xc) returned 0x31d02e8 [0176.306] malloc (_Size=0xc) returned 0x31d0198 [0176.306] malloc (_Size=0xc) returned 0x31d0330 [0176.306] malloc (_Size=0xc) returned 0x31d0138 [0176.306] malloc (_Size=0xc) returned 0x31d0150 [0176.307] malloc (_Size=0xc) returned 0x31d0258 [0176.307] malloc (_Size=0xc) returned 0x31d0348 [0176.307] malloc (_Size=0xc) returned 0x31d0300 [0176.307] malloc (_Size=0xc) returned 0x31d0228 [0176.307] malloc (_Size=0xc) returned 0x31d0360 [0176.307] malloc (_Size=0xc) returned 0x31d0090 [0176.307] malloc (_Size=0xc) returned 0x31d00a8 [0176.307] malloc (_Size=0xc) returned 0x31d01e0 [0176.307] malloc (_Size=0xc) returned 0x31d00d8 [0176.307] malloc (_Size=0xc) returned 0x31d01b0 [0176.307] malloc (_Size=0xc) returned 0x31d0210 [0176.307] malloc (_Size=0xc) returned 0x31d01c8 [0176.307] malloc (_Size=0xc) returned 0x31d0240 [0176.307] malloc (_Size=0xc) returned 0x31d0288 [0176.307] malloc (_Size=0xc) returned 0x31d02a0 [0176.307] malloc (_Size=0xc) returned 0x31d0e18 [0176.307] malloc (_Size=0xc) returned 0x31d0c08 [0176.307] malloc (_Size=0xc) returned 0x31d0d40 [0176.307] malloc (_Size=0xc) returned 0x31d0d88 [0176.307] malloc (_Size=0xc) returned 0x31d0bc0 [0176.307] malloc (_Size=0xc) returned 0x31d0d58 [0176.307] malloc (_Size=0xc) returned 0x31d0e78 [0176.307] malloc (_Size=0xc) returned 0x31d0b90 [0176.307] malloc (_Size=0xc) returned 0x31d0c20 [0176.307] malloc (_Size=0xc) returned 0x31d0ce0 [0176.307] malloc (_Size=0xc) returned 0x31d0e30 [0176.307] malloc (_Size=0xc) returned 0x31d0bd8 [0176.307] malloc (_Size=0xc) returned 0x31d0d10 [0176.307] malloc (_Size=0xc) returned 0x31d0ba8 [0176.307] malloc (_Size=0xc) returned 0x31d0e48 [0176.307] malloc (_Size=0xc) returned 0x31d0cf8 [0176.308] malloc (_Size=0xc) returned 0x31d0bf0 [0176.308] malloc (_Size=0xc) returned 0x31d0c98 [0176.308] malloc (_Size=0xc) returned 0x31d0c38 [0176.308] malloc (_Size=0xc) returned 0x31d0d28 [0176.308] malloc (_Size=0xc) returned 0x31d0c50 [0176.308] malloc (_Size=0xc) returned 0x31d0d70 [0176.308] malloc (_Size=0xc) returned 0x31d0c68 [0176.308] malloc (_Size=0xc) returned 0x31d0c80 [0176.308] malloc (_Size=0xc) returned 0x31d0cb0 [0176.308] malloc (_Size=0xc) returned 0x31d0cc8 [0176.308] malloc (_Size=0xc) returned 0x31d0e60 [0176.309] malloc (_Size=0xc) returned 0x31d0da0 [0176.309] malloc (_Size=0xc) returned 0x31d0db8 [0176.309] malloc (_Size=0xc) returned 0x31d0dd0 [0176.309] malloc (_Size=0xc) returned 0x31d0de8 [0176.309] malloc (_Size=0xc) returned 0x31d0e00 [0176.309] malloc (_Size=0xc) returned 0x31d10a0 [0176.309] malloc (_Size=0xc) returned 0x31d1160 [0176.309] malloc (_Size=0xc) returned 0x31d1040 [0176.309] malloc (_Size=0xc) returned 0x31d1010 [0176.309] malloc (_Size=0xc) returned 0x31d1100 [0176.309] malloc (_Size=0xc) returned 0x31d0ef0 [0176.309] malloc (_Size=0xc) returned 0x31d0f98 [0176.309] malloc (_Size=0xc) returned 0x31d1058 [0176.309] malloc (_Size=0xc) returned 0x31d10b8 [0176.309] malloc (_Size=0xc) returned 0x31d1178 [0176.309] malloc (_Size=0xc) returned 0x31d10d0 [0176.309] malloc (_Size=0xc) returned 0x31d0fc8 [0176.309] malloc (_Size=0xc) returned 0x31d0f08 [0176.309] malloc (_Size=0xc) returned 0x31d0ff8 [0176.309] malloc (_Size=0xc) returned 0x31d0fe0 [0176.309] malloc (_Size=0xc) returned 0x31d1070 [0176.309] malloc (_Size=0xc) returned 0x31d10e8 [0176.309] malloc (_Size=0xc) returned 0x31d0f20 [0176.310] malloc (_Size=0xc) returned 0x31d1028 [0176.310] malloc (_Size=0xc) returned 0x31d1088 [0176.310] malloc (_Size=0xc) returned 0x31d0fb0 [0176.310] malloc (_Size=0xc) returned 0x31d1118 [0176.310] malloc (_Size=0xc) returned 0x31d0e90 [0176.310] malloc (_Size=0xc) returned 0x31d1130 [0176.310] malloc (_Size=0xc) returned 0x31d1148 [0176.310] malloc (_Size=0xc) returned 0x31d0ed8 [0176.310] malloc (_Size=0xc) returned 0x31d0ea8 [0176.310] malloc (_Size=0xc) returned 0x31d0ec0 [0176.310] malloc (_Size=0xc) returned 0x31d0f38 [0176.310] malloc (_Size=0xc) returned 0x31d0f50 [0176.310] malloc (_Size=0xc) returned 0x31d0f68 [0176.310] malloc (_Size=0xc) returned 0x31d0f80 [0176.310] malloc (_Size=0xc) returned 0x31d12f8 [0176.310] malloc (_Size=0xc) returned 0x31d1220 [0176.310] malloc (_Size=0xc) returned 0x31d11c0 [0176.310] malloc (_Size=0xc) returned 0x31d1400 [0176.310] malloc (_Size=0xc) returned 0x31d1310 [0176.310] malloc (_Size=0xc) returned 0x31d1478 [0176.310] malloc (_Size=0xc) returned 0x31d1328 [0176.310] malloc (_Size=0xc) returned 0x31d1340 [0176.310] malloc (_Size=0xc) returned 0x31d1190 [0176.310] realloc (_Block=0x1d7470, _Size=0x400) returned 0x1d9aa8 [0176.311] realloc (_Block=0x1d9aa8, _Size=0x800) returned 0x31d2860 [0176.312] malloc (_Size=0xc) returned 0x31d3b88 [0176.312] malloc (_Size=0xc) returned 0x31d3bb8 [0176.312] malloc (_Size=0xc) returned 0x31d3c00 [0176.312] malloc (_Size=0xc) returned 0x31d3e70 [0176.312] malloc (_Size=0xc) returned 0x31d3e88 [0176.312] malloc (_Size=0xc) returned 0x31d3f00 [0176.312] malloc (_Size=0xc) returned 0x31d3f18 [0176.312] malloc (_Size=0xc) returned 0x31d3d50 [0176.312] malloc (_Size=0xc) returned 0x31d3f30 [0176.312] malloc (_Size=0xc) returned 0x31d3e10 [0176.312] malloc (_Size=0xc) returned 0x31d3f48 [0176.312] malloc (_Size=0xc) returned 0x31d3f60 [0176.312] malloc (_Size=0xc) returned 0x31d3ea0 [0176.312] malloc (_Size=0xc) returned 0x31d3d98 [0176.312] malloc (_Size=0xc) returned 0x31d3db0 [0176.312] malloc (_Size=0xc) returned 0x31d3eb8 [0176.312] malloc (_Size=0xc) returned 0x31d3e28 [0176.313] malloc (_Size=0xc) returned 0x31d3cf0 [0176.313] malloc (_Size=0xc) returned 0x31d3f78 [0176.313] malloc (_Size=0xc) returned 0x31d3d20 [0176.313] malloc (_Size=0xc) returned 0x31d3ee8 [0176.313] malloc (_Size=0xc) returned 0x31d3d38 [0176.313] malloc (_Size=0xc) returned 0x31d3ca8 [0176.313] malloc (_Size=0xc) returned 0x31d3f90 [0176.313] malloc (_Size=0xc) returned 0x31d3d68 [0176.313] malloc (_Size=0xc) returned 0x31d3cc0 [0176.313] malloc (_Size=0xc) returned 0x31d3dc8 [0176.313] malloc (_Size=0xc) returned 0x31d3cd8 [0176.313] malloc (_Size=0xc) returned 0x31d3d80 [0176.313] malloc (_Size=0xc) returned 0x31d3de0 [0176.313] malloc (_Size=0xc) returned 0x31d3ed0 [0176.313] malloc (_Size=0xc) returned 0x31d3d08 [0176.313] malloc (_Size=0xc) returned 0x31d3df8 [0176.313] malloc (_Size=0xc) returned 0x31d3e58 [0176.313] malloc (_Size=0xc) returned 0x31d3e40 [0176.313] malloc (_Size=0xc) returned 0x31d3fa8 [0176.313] malloc (_Size=0xc) returned 0x31d3fc0 [0176.313] malloc (_Size=0xc) returned 0x31d4020 [0176.313] malloc (_Size=0xc) returned 0x31d3fd8 [0176.313] malloc (_Size=0xc) returned 0x31d3ff0 [0176.313] malloc (_Size=0xc) returned 0x31d4008 [0176.313] malloc (_Size=0xc) returned 0x31d4050 [0176.313] malloc (_Size=0xc) returned 0x31d4038 [0176.314] malloc (_Size=0xc) returned 0x31d4bc0 [0176.314] malloc (_Size=0xc) returned 0x31d49e0 [0176.314] malloc (_Size=0xc) returned 0x31d4c38 [0176.314] malloc (_Size=0xc) returned 0x31d4a28 [0176.314] malloc (_Size=0xc) returned 0x31d4b60 [0176.314] malloc (_Size=0xc) returned 0x31d4ba8 [0176.314] malloc (_Size=0xc) returned 0x31d49f8 [0176.314] malloc (_Size=0xc) returned 0x31d4b78 [0176.314] malloc (_Size=0xc) returned 0x31d4c98 [0176.314] malloc (_Size=0xc) returned 0x31d49b0 [0176.314] malloc (_Size=0xc) returned 0x31d4a40 [0176.314] malloc (_Size=0xc) returned 0x31d4b00 [0176.314] malloc (_Size=0xc) returned 0x31d4c50 [0176.314] malloc (_Size=0xc) returned 0x31d4a10 [0176.314] malloc (_Size=0xc) returned 0x31d4b30 [0176.314] malloc (_Size=0xc) returned 0x31d49c8 [0176.314] malloc (_Size=0xc) returned 0x31d4c68 [0176.314] malloc (_Size=0xc) returned 0x31d4b18 [0176.314] malloc (_Size=0xc) returned 0x31d4a58 [0176.314] malloc (_Size=0xc) returned 0x31d4ab8 [0176.314] malloc (_Size=0xc) returned 0x31d4a70 [0176.314] malloc (_Size=0xc) returned 0x31d4b48 [0176.314] malloc (_Size=0xc) returned 0x31d4a88 [0176.314] malloc (_Size=0xc) returned 0x31d4b90 [0176.314] malloc (_Size=0xc) returned 0x31d4aa0 [0176.314] malloc (_Size=0xc) returned 0x31d4ad0 [0176.314] malloc (_Size=0xc) returned 0x31d4ae8 [0176.314] malloc (_Size=0xc) returned 0x31d4bd8 [0176.314] malloc (_Size=0xc) returned 0x31d4c80 [0176.314] malloc (_Size=0xc) returned 0x31d4bf0 [0176.315] malloc (_Size=0xc) returned 0x31d4c08 [0176.315] malloc (_Size=0xc) returned 0x31d4c20 [0176.315] malloc (_Size=0xc) returned 0x31d4de8 [0176.315] malloc (_Size=0xc) returned 0x31d4d70 [0176.315] malloc (_Size=0xc) returned 0x31d4ec0 [0176.315] malloc (_Size=0xc) returned 0x31d4f80 [0176.315] malloc (_Size=0xc) returned 0x31d4e60 [0176.315] malloc (_Size=0xc) returned 0x31d4e30 [0176.315] malloc (_Size=0xc) returned 0x31d4f20 [0176.315] malloc (_Size=0xc) returned 0x31d4d10 [0176.315] malloc (_Size=0xc) returned 0x31d4db8 [0176.315] malloc (_Size=0xc) returned 0x31d4e78 [0176.315] malloc (_Size=0xc) returned 0x31d4ed8 [0176.315] malloc (_Size=0xc) returned 0x31d4f98 [0176.315] malloc (_Size=0xc) returned 0x31d4ef0 [0176.315] malloc (_Size=0xc) returned 0x31d4e00 [0176.315] malloc (_Size=0xc) returned 0x31d4d28 [0176.315] malloc (_Size=0xc) returned 0x31d4e18 [0176.315] malloc (_Size=0xc) returned 0x31d4e48 [0176.315] malloc (_Size=0xc) returned 0x31d4e90 [0176.315] malloc (_Size=0xc) returned 0x31d4f08 [0176.315] malloc (_Size=0xc) returned 0x31d4d40 [0176.315] malloc (_Size=0xc) returned 0x31d4ea8 [0176.315] malloc (_Size=0xc) returned 0x31d4f38 [0176.315] malloc (_Size=0xc) returned 0x31d4dd0 [0176.315] malloc (_Size=0xc) returned 0x31d4f50 [0176.315] malloc (_Size=0xc) returned 0x31d4cb0 [0176.315] malloc (_Size=0xc) returned 0x31d4f68 [0176.315] malloc (_Size=0xc) returned 0x31d4cc8 [0176.315] malloc (_Size=0xc) returned 0x31d4cf8 [0176.315] malloc (_Size=0xc) returned 0x31d4ce0 [0176.316] malloc (_Size=0xc) returned 0x31d4d58 [0176.316] malloc (_Size=0xc) returned 0x31d4d88 [0176.316] malloc (_Size=0xc) returned 0x31d4da0 [0176.316] malloc (_Size=0xc) returned 0x31d4ff8 [0176.316] malloc (_Size=0xc) returned 0x31d5010 [0176.316] malloc (_Size=0xc) returned 0x31d5028 [0176.316] malloc (_Size=0xc) returned 0x31d4fc8 [0176.316] malloc (_Size=0xc) returned 0x31d4fb0 [0176.316] malloc (_Size=0xc) returned 0x31d4fe0 [0176.316] malloc (_Size=0xc) returned 0x31d5040 [0176.316] malloc (_Size=0xc) returned 0x31d5058 [0176.316] malloc (_Size=0xc) returned 0x31d4248 [0176.316] malloc (_Size=0xc) returned 0x31d4230 [0176.316] malloc (_Size=0xc) returned 0x31d4398 [0176.316] malloc (_Size=0xc) returned 0x31d40b0 [0176.316] malloc (_Size=0xc) returned 0x31d4128 [0176.316] malloc (_Size=0xc) returned 0x31d40c8 [0176.316] malloc (_Size=0xc) returned 0x31d4158 [0176.316] malloc (_Size=0xc) returned 0x31d40e0 [0176.316] malloc (_Size=0xc) returned 0x31d4290 [0176.316] malloc (_Size=0xc) returned 0x31d4140 [0176.316] malloc (_Size=0xc) returned 0x31d4320 [0176.316] malloc (_Size=0xc) returned 0x31d4380 [0176.316] malloc (_Size=0xc) returned 0x31d40f8 [0176.316] malloc (_Size=0xc) returned 0x31d42c0 [0176.317] malloc (_Size=0xc) returned 0x31d4170 [0176.317] malloc (_Size=0xc) returned 0x31d4110 [0176.317] malloc (_Size=0xc) returned 0x31d4260 [0176.317] malloc (_Size=0xc) returned 0x31d4278 [0176.317] malloc (_Size=0xc) returned 0x31d4338 [0176.317] malloc (_Size=0xc) returned 0x31d4350 [0176.317] malloc (_Size=0xc) returned 0x31d4308 [0176.317] malloc (_Size=0xc) returned 0x31d41e8 [0176.317] malloc (_Size=0xc) returned 0x31d4368 [0176.317] malloc (_Size=0xc) returned 0x31d4188 [0176.317] malloc (_Size=0xc) returned 0x31d42a8 [0176.317] malloc (_Size=0xc) returned 0x31d41a0 [0176.317] malloc (_Size=0xc) returned 0x31d41b8 [0176.317] malloc (_Size=0xc) returned 0x31d41d0 [0176.317] malloc (_Size=0xc) returned 0x31d42d8 [0176.317] malloc (_Size=0xc) returned 0x31d4200 [0176.317] malloc (_Size=0xc) returned 0x31d42f0 [0176.317] malloc (_Size=0xc) returned 0x31d4218 [0176.317] malloc (_Size=0xc) returned 0x31d4518 [0176.317] malloc (_Size=0xc) returned 0x31d4548 [0176.317] malloc (_Size=0xc) returned 0x31d4608 [0176.317] malloc (_Size=0xc) returned 0x31d45d8 [0176.317] malloc (_Size=0xc) returned 0x31d4698 [0176.317] malloc (_Size=0xc) returned 0x31d4440 [0176.317] malloc (_Size=0xc) returned 0x31d4530 [0176.317] malloc (_Size=0xc) returned 0x31d44a0 [0176.317] malloc (_Size=0xc) returned 0x31d44d0 [0176.317] malloc (_Size=0xc) returned 0x31d44e8 [0176.318] malloc (_Size=0xc) returned 0x31d4428 [0176.318] malloc (_Size=0xc) returned 0x31d4410 [0176.318] malloc (_Size=0xc) returned 0x31d4668 [0176.318] malloc (_Size=0xc) returned 0x31d4578 [0176.318] malloc (_Size=0xc) returned 0x31d4500 [0176.318] malloc (_Size=0xc) returned 0x31d4560 [0176.318] malloc (_Size=0xc) returned 0x31d4590 [0176.318] malloc (_Size=0xc) returned 0x31d45c0 [0176.318] malloc (_Size=0xc) returned 0x31d4650 [0176.318] malloc (_Size=0xc) returned 0x31d43f8 [0176.318] malloc (_Size=0xc) returned 0x31d43b0 [0176.318] malloc (_Size=0xc) returned 0x31d4488 [0176.318] malloc (_Size=0xc) returned 0x31d45f0 [0176.318] malloc (_Size=0xc) returned 0x31d4458 [0176.318] malloc (_Size=0xc) returned 0x31d4620 [0176.318] malloc (_Size=0xc) returned 0x31d4638 [0176.318] malloc (_Size=0xc) returned 0x31d43c8 [0176.318] malloc (_Size=0xc) returned 0x31d43e0 [0176.318] malloc (_Size=0xc) returned 0x31d4470 [0176.318] malloc (_Size=0xc) returned 0x31d45a8 [0176.318] malloc (_Size=0xc) returned 0x31d44b8 [0176.318] malloc (_Size=0xc) returned 0x31d4680 [0176.318] malloc (_Size=0xc) returned 0x31d4740 [0176.318] malloc (_Size=0xc) returned 0x31d48d8 [0176.318] malloc (_Size=0xc) returned 0x31d4770 [0176.318] malloc (_Size=0xc) returned 0x31d4998 [0176.318] malloc (_Size=0xc) returned 0x31d4758 [0176.318] malloc (_Size=0xc) returned 0x31d4788 [0176.319] malloc (_Size=0xc) returned 0x31d47a0 [0176.319] malloc (_Size=0xc) returned 0x31d47b8 [0176.319] malloc (_Size=0xc) returned 0x31d47d0 [0176.319] malloc (_Size=0xc) returned 0x31d4938 [0176.319] malloc (_Size=0xc) returned 0x31d46b0 [0176.319] malloc (_Size=0xc) returned 0x31d4878 [0176.319] malloc (_Size=0xc) returned 0x31d47e8 [0176.319] malloc (_Size=0xc) returned 0x31d4950 [0176.319] malloc (_Size=0xc) returned 0x31d4848 [0176.319] malloc (_Size=0xc) returned 0x31d4968 [0176.319] malloc (_Size=0xc) returned 0x31d46c8 [0176.319] malloc (_Size=0xc) returned 0x31d46e0 [0176.319] malloc (_Size=0xc) returned 0x31d4800 [0176.319] malloc (_Size=0xc) returned 0x31d4818 [0176.319] malloc (_Size=0xc) returned 0x31d4860 [0176.319] malloc (_Size=0xc) returned 0x31d4890 [0176.319] malloc (_Size=0xc) returned 0x31d48a8 [0176.319] malloc (_Size=0xc) returned 0x31d4830 [0176.319] malloc (_Size=0xc) returned 0x31d46f8 [0176.319] malloc (_Size=0xc) returned 0x31d48c0 [0176.319] malloc (_Size=0xc) returned 0x31d48f0 [0176.319] malloc (_Size=0xc) returned 0x31d4980 [0176.319] malloc (_Size=0xc) returned 0x31d4710 [0176.319] malloc (_Size=0xc) returned 0x31d4908 [0176.319] malloc (_Size=0xc) returned 0x31d4920 [0176.319] malloc (_Size=0xc) returned 0x31d4728 [0176.319] malloc (_Size=0xc) returned 0x31d6ef8 [0176.319] malloc (_Size=0xc) returned 0x31d6f88 [0176.319] malloc (_Size=0xc) returned 0x31d6fa0 [0176.319] malloc (_Size=0xc) returned 0x31d6ee0 [0176.320] malloc (_Size=0xc) returned 0x31d6fb8 [0176.320] malloc (_Size=0xc) returned 0x31d6f10 [0176.320] malloc (_Size=0xc) returned 0x31d6fe8 [0176.320] malloc (_Size=0xc) returned 0x31d6f40 [0176.320] malloc (_Size=0xc) returned 0x31d6fd0 [0176.320] malloc (_Size=0xc) returned 0x31d7000 [0176.320] malloc (_Size=0xc) returned 0x31d7048 [0176.320] malloc (_Size=0xc) returned 0x31d7018 [0176.320] malloc (_Size=0xc) returned 0x31d7030 [0176.320] malloc (_Size=0xc) returned 0x31d6ec8 [0176.320] malloc (_Size=0xc) returned 0x31d6f58 [0176.320] malloc (_Size=0xc) returned 0x31d7060 [0176.320] malloc (_Size=0xc) returned 0x31d6f28 [0176.320] malloc (_Size=0xc) returned 0x31d6f70 [0176.320] malloc (_Size=0xc) returned 0x31d52f0 [0176.320] malloc (_Size=0xc) returned 0x31d5338 [0176.320] malloc (_Size=0xc) returned 0x31d51e8 [0176.320] malloc (_Size=0xc) returned 0x31d5350 [0176.320] malloc (_Size=0xc) returned 0x31d5230 [0176.320] malloc (_Size=0xc) returned 0x31d5158 [0176.320] malloc (_Size=0xc) returned 0x31d5398 [0176.320] malloc (_Size=0xc) returned 0x31d5278 [0176.320] malloc (_Size=0xc) returned 0x31d5200 [0176.320] malloc (_Size=0xc) returned 0x31d5128 [0176.320] malloc (_Size=0xc) returned 0x31d50c8 [0176.320] malloc (_Size=0xc) returned 0x31d5368 [0176.320] malloc (_Size=0xc) returned 0x31d50e0 [0176.320] malloc (_Size=0xc) returned 0x31d5170 [0176.321] malloc (_Size=0xc) returned 0x31d5140 [0176.321] malloc (_Size=0xc) returned 0x31d50f8 [0176.321] malloc (_Size=0xc) returned 0x31d5290 [0176.321] malloc (_Size=0xc) returned 0x31d5110 [0176.321] malloc (_Size=0xc) returned 0x31d5188 [0176.321] malloc (_Size=0xc) returned 0x31d5248 [0176.321] realloc (_Block=0x31d2860, _Size=0x1000) returned 0x31d7080 [0176.323] malloc (_Size=0xc) returned 0x31d97d0 [0176.323] malloc (_Size=0xc) returned 0x31d9830 [0176.323] malloc (_Size=0xc) returned 0x31d9848 [0176.323] malloc (_Size=0xc) returned 0x31d9770 [0176.323] malloc (_Size=0xc) returned 0x31d98c0 [0176.323] malloc (_Size=0xc) returned 0x31d97e8 [0176.323] malloc (_Size=0xc) returned 0x31d9818 [0176.323] malloc (_Size=0xc) returned 0x31d9b78 [0176.323] malloc (_Size=0xc) returned 0x31d9aa0 [0176.323] malloc (_Size=0xc) returned 0x31d99c8 [0176.324] malloc (_Size=0xc) returned 0x31d99e0 [0176.324] malloc (_Size=0xc) returned 0x31d9ad0 [0176.324] malloc (_Size=0xc) returned 0x31d9a58 [0176.324] malloc (_Size=0xc) returned 0x31d9920 [0176.324] malloc (_Size=0xc) returned 0x31d9b90 [0176.324] malloc (_Size=0xc) returned 0x31d9950 [0176.324] malloc (_Size=0xc) returned 0x31d9b18 [0176.324] malloc (_Size=0xc) returned 0x31d9968 [0176.324] malloc (_Size=0xc) returned 0x31d98d8 [0176.324] malloc (_Size=0xc) returned 0x31d9b30 [0176.324] malloc (_Size=0xc) returned 0x31d9980 [0176.324] malloc (_Size=0xc) returned 0x31d9b48 [0176.324] malloc (_Size=0xc) returned 0x31d99f8 [0176.324] malloc (_Size=0xc) returned 0x31d9ba8 [0176.324] malloc (_Size=0xc) returned 0x31d9998 [0176.324] malloc (_Size=0xc) returned 0x31d99b0 [0176.324] malloc (_Size=0xc) returned 0x31d9ab8 [0176.324] malloc (_Size=0xc) returned 0x31d9bc0 [0176.324] malloc (_Size=0xc) returned 0x31d9b60 [0176.325] malloc (_Size=0xc) returned 0x31d9a88 [0176.325] malloc (_Size=0xc) returned 0x31d98f0 [0176.325] malloc (_Size=0xc) returned 0x31d9908 [0176.325] malloc (_Size=0xc) returned 0x31d9938 [0176.325] malloc (_Size=0xc) returned 0x31d9a40 [0176.325] malloc (_Size=0xc) returned 0x31d9a10 [0176.325] malloc (_Size=0xc) returned 0x31d9a28 [0176.325] malloc (_Size=0xc) returned 0x31d9a70 [0176.325] malloc (_Size=0xc) returned 0x31d9ae8 [0176.325] malloc (_Size=0xc) returned 0x31d9b00 [0176.325] malloc (_Size=0xc) returned 0x31d9e18 [0176.325] malloc (_Size=0xc) returned 0x31d9e60 [0176.325] malloc (_Size=0xc) returned 0x31d9bd8 [0176.325] malloc (_Size=0xc) returned 0x31d9e30 [0176.325] malloc (_Size=0xc) returned 0x31d9e78 [0176.325] malloc (_Size=0xc) returned 0x31d9c50 [0176.325] malloc (_Size=0xc) returned 0x31d9d88 [0176.325] malloc (_Size=0xc) returned 0x31d9dd0 [0176.325] malloc (_Size=0xc) returned 0x31d9c08 [0176.325] malloc (_Size=0xc) returned 0x31d9da0 [0176.325] malloc (_Size=0xc) returned 0x31d9ec0 [0176.325] malloc (_Size=0xc) returned 0x31d9bf0 [0176.325] malloc (_Size=0xc) returned 0x31d9c68 [0176.325] malloc (_Size=0xc) returned 0x31d9d28 [0176.325] malloc (_Size=0xc) returned 0x31d9e90 [0176.325] malloc (_Size=0xc) returned 0x31d9c20 [0176.325] malloc (_Size=0xc) returned 0x31d9d58 [0176.326] malloc (_Size=0xc) returned 0x31d9c38 [0176.326] malloc (_Size=0xc) returned 0x31d9ea8 [0176.326] malloc (_Size=0xc) returned 0x31d9d40 [0176.326] malloc (_Size=0xc) returned 0x31d9c80 [0176.326] malloc (_Size=0xc) returned 0x31d9ce0 [0176.326] malloc (_Size=0xc) returned 0x31d9c98 [0176.326] malloc (_Size=0xc) returned 0x31d9d70 [0176.326] malloc (_Size=0xc) returned 0x31d9cb0 [0176.326] malloc (_Size=0xc) returned 0x31d9db8 [0176.326] malloc (_Size=0xc) returned 0x31d9cc8 [0176.326] malloc (_Size=0xc) returned 0x31d9cf8 [0176.326] malloc (_Size=0xc) returned 0x31d9d10 [0176.326] malloc (_Size=0xc) returned 0x31d9de8 [0176.326] malloc (_Size=0xc) returned 0x31d9e00 [0176.326] malloc (_Size=0xc) returned 0x31d9e48 [0176.326] malloc (_Size=0xc) returned 0x31da040 [0176.326] malloc (_Size=0xc) returned 0x31d9fc8 [0176.326] malloc (_Size=0xc) returned 0x31d9f80 [0176.326] malloc (_Size=0xc) returned 0x31d9f38 [0176.326] malloc (_Size=0xc) returned 0x31d9ff8 [0176.326] malloc (_Size=0xc) returned 0x31da070 [0176.326] malloc (_Size=0xc) returned 0x31d9fe0 [0176.326] malloc (_Size=0xc) returned 0x31d9fb0 [0176.326] malloc (_Size=0xc) returned 0x31da028 [0176.326] malloc (_Size=0xc) returned 0x31d9f08 [0176.327] malloc (_Size=0xc) returned 0x31d9f68 [0176.327] malloc (_Size=0xc) returned 0x31da010 [0176.327] malloc (_Size=0xc) returned 0x31da058 [0176.327] malloc (_Size=0xc) returned 0x31d9ed8 [0176.327] malloc (_Size=0xc) returned 0x31d9ef0 [0176.327] malloc (_Size=0xc) returned 0x31d9f20 [0176.327] malloc (_Size=0xc) returned 0x31d9f98 [0176.327] malloc (_Size=0xc) returned 0x31d9f50 [0176.327] malloc (_Size=0xc) returned 0x31d8210 [0176.327] malloc (_Size=0xc) returned 0x31d82a0 [0176.327] malloc (_Size=0xc) returned 0x31d8300 [0176.327] malloc (_Size=0xc) returned 0x31d8138 [0176.327] malloc (_Size=0xc) returned 0x31d8270 [0176.327] malloc (_Size=0xc) returned 0x31d8258 [0176.327] malloc (_Size=0xc) returned 0x31d81f8 [0176.327] malloc (_Size=0xc) returned 0x31d82d0 [0176.327] malloc (_Size=0xc) returned 0x31d80d8 [0176.327] malloc (_Size=0xc) returned 0x31d8360 [0176.327] malloc (_Size=0xc) returned 0x31d8348 [0176.327] malloc (_Size=0xc) returned 0x31d8120 [0176.327] malloc (_Size=0xc) returned 0x31d8378 [0176.327] malloc (_Size=0xc) returned 0x31d83c0 [0176.327] malloc (_Size=0xc) returned 0x31d8228 [0176.327] malloc (_Size=0xc) returned 0x31d8390 [0176.327] malloc (_Size=0xc) returned 0x31d8240 [0176.328] malloc (_Size=0xc) returned 0x31d8288 [0176.328] malloc (_Size=0xc) returned 0x31d82b8 [0176.328] malloc (_Size=0xc) returned 0x31d8168 [0176.328] malloc (_Size=0xc) returned 0x31d8108 [0176.328] malloc (_Size=0xc) returned 0x31d83a8 [0176.328] malloc (_Size=0xc) returned 0x31d82e8 [0176.328] malloc (_Size=0xc) returned 0x31d80f0 [0176.328] malloc (_Size=0xc) returned 0x31d8318 [0176.328] malloc (_Size=0xc) returned 0x31d8330 [0176.328] malloc (_Size=0xc) returned 0x31d8150 [0176.328] malloc (_Size=0xc) returned 0x31d8180 [0176.328] malloc (_Size=0xc) returned 0x31d8198 [0176.328] malloc (_Size=0xc) returned 0x31d81b0 [0176.328] malloc (_Size=0xc) returned 0x31d81c8 [0176.328] malloc (_Size=0xc) returned 0x31d81e0 [0176.328] malloc (_Size=0xc) returned 0x31db9d0 [0176.328] malloc (_Size=0xc) returned 0x31db910 [0176.328] malloc (_Size=0xc) returned 0x31dbb80 [0176.328] malloc (_Size=0xc) returned 0x31db928 [0176.328] malloc (_Size=0xc) returned 0x31dba90 [0176.328] malloc (_Size=0xc) returned 0x31dba00 [0176.328] malloc (_Size=0xc) returned 0x31dbac0 [0176.328] malloc (_Size=0xc) returned 0x31dba18 [0176.328] malloc (_Size=0xc) returned 0x31dbb68 [0176.328] malloc (_Size=0xc) returned 0x31dbb98 [0176.328] malloc (_Size=0xc) returned 0x31dbb38 [0176.328] malloc (_Size=0xc) returned 0x31dba30 [0176.329] malloc (_Size=0xc) returned 0x31dbbb0 [0176.329] malloc (_Size=0xc) returned 0x31db940 [0176.329] malloc (_Size=0xc) returned 0x31dba60 [0176.329] malloc (_Size=0xc) returned 0x31db9e8 [0176.329] malloc (_Size=0xc) returned 0x31dbbc8 [0176.329] malloc (_Size=0xc) returned 0x31dba48 [0176.329] malloc (_Size=0xc) returned 0x31dbaf0 [0176.329] malloc (_Size=0xc) returned 0x31db8e0 [0176.329] malloc (_Size=0xc) returned 0x31dbad8 [0176.329] malloc (_Size=0xc) returned 0x31dba78 [0176.329] malloc (_Size=0xc) returned 0x31dbaa8 [0176.329] malloc (_Size=0xc) returned 0x31dbb08 [0176.329] malloc (_Size=0xc) returned 0x31dbb50 [0176.329] malloc (_Size=0xc) returned 0x31dbb20 [0176.329] malloc (_Size=0xc) returned 0x31db8f8 [0176.329] malloc (_Size=0xc) returned 0x31db970 [0176.329] malloc (_Size=0xc) returned 0x31db958 [0176.329] malloc (_Size=0xc) returned 0x31db988 [0176.329] malloc (_Size=0xc) returned 0x31db9a0 [0176.329] malloc (_Size=0xc) returned 0x31db9b8 [0176.329] malloc (_Size=0xc) returned 0x31dbc58 [0176.329] malloc (_Size=0xc) returned 0x31dbc40 [0176.329] malloc (_Size=0xc) returned 0x31dbe98 [0176.329] malloc (_Size=0xc) returned 0x31dbda8 [0176.329] malloc (_Size=0xc) returned 0x31dbd18 [0176.329] malloc (_Size=0xc) returned 0x31dbd90 [0176.329] malloc (_Size=0xc) returned 0x31dbd78 [0176.330] malloc (_Size=0xc) returned 0x31dbdf0 [0176.330] malloc (_Size=0xc) returned 0x31dbe80 [0176.330] malloc (_Size=0xc) returned 0x31dbc28 [0176.330] malloc (_Size=0xc) returned 0x31dbec8 [0176.330] malloc (_Size=0xc) returned 0x31dbcb8 [0176.330] malloc (_Size=0xc) returned 0x31dbe20 [0176.330] malloc (_Size=0xc) returned 0x31dbc70 [0176.330] malloc (_Size=0xc) returned 0x31dbe08 [0176.330] malloc (_Size=0xc) returned 0x31dbe50 [0176.330] malloc (_Size=0xc) returned 0x31dbbe0 [0176.330] malloc (_Size=0xc) returned 0x31dbbf8 [0176.330] malloc (_Size=0xc) returned 0x31dbc10 [0176.330] malloc (_Size=0xc) returned 0x31dbd48 [0176.330] malloc (_Size=0xc) returned 0x31dbca0 [0176.330] malloc (_Size=0xc) returned 0x31dbd00 [0176.330] malloc (_Size=0xc) returned 0x31dbc88 [0176.330] malloc (_Size=0xc) returned 0x31dbe38 [0176.330] malloc (_Size=0xc) returned 0x31dbcd0 [0176.330] malloc (_Size=0xc) returned 0x31dbce8 [0176.330] malloc (_Size=0xc) returned 0x31dbd30 [0176.330] malloc (_Size=0xc) returned 0x31dbd60 [0176.330] malloc (_Size=0xc) returned 0x31dbdc0 [0176.330] malloc (_Size=0xc) returned 0x31dbdd8 [0176.330] malloc (_Size=0xc) returned 0x31dbe68 [0176.330] malloc (_Size=0xc) returned 0x31dbeb0 [0176.330] malloc (_Size=0xc) returned 0x31dc078 [0176.331] malloc (_Size=0xc) returned 0x31dbfd0 [0176.331] malloc (_Size=0xc) returned 0x31dbf58 [0176.331] malloc (_Size=0xc) returned 0x31dc048 [0176.331] malloc (_Size=0xc) returned 0x31dbfb8 [0176.331] malloc (_Size=0xc) returned 0x31dc060 [0176.331] malloc (_Size=0xc) returned 0x31dbee0 [0176.331] malloc (_Size=0xc) returned 0x31dbf10 [0176.331] malloc (_Size=0xc) returned 0x31dbf70 [0176.331] malloc (_Size=0xc) returned 0x31dbfa0 [0176.331] malloc (_Size=0xc) returned 0x31dbfe8 [0176.331] malloc (_Size=0xc) returned 0x31dc000 [0176.331] malloc (_Size=0xc) returned 0x31dc018 [0176.331] malloc (_Size=0xc) returned 0x31dbf88 [0176.331] malloc (_Size=0xc) returned 0x31dbf28 [0176.331] malloc (_Size=0xc) returned 0x31dc030 [0176.331] malloc (_Size=0xc) returned 0x31dbef8 [0176.331] malloc (_Size=0xc) returned 0x31dbf40 [0176.331] malloc (_Size=0xc) returned 0x31da0e0 [0176.331] malloc (_Size=0xc) returned 0x31da218 [0176.332] malloc (_Size=0xc) returned 0x31da260 [0176.332] malloc (_Size=0xc) returned 0x31da128 [0176.332] malloc (_Size=0xc) returned 0x31da2d8 [0176.332] malloc (_Size=0xc) returned 0x31da2f0 [0176.332] malloc (_Size=0xc) returned 0x31da140 [0176.332] malloc (_Size=0xc) returned 0x31da248 [0176.332] malloc (_Size=0xc) returned 0x31da278 [0176.332] malloc (_Size=0xc) returned 0x31da110 [0176.332] malloc (_Size=0xc) returned 0x31da290 [0176.332] malloc (_Size=0xc) returned 0x31da170 [0176.332] malloc (_Size=0xc) returned 0x31da308 [0176.332] malloc (_Size=0xc) returned 0x31da1d0 [0176.332] malloc (_Size=0xc) returned 0x31da2a8 [0176.332] malloc (_Size=0xc) returned 0x31da2c0 [0176.332] malloc (_Size=0xc) returned 0x31da380 [0176.332] malloc (_Size=0xc) returned 0x31da320 [0176.332] malloc (_Size=0xc) returned 0x31da338 [0176.332] malloc (_Size=0xc) returned 0x31da0f8 [0176.332] malloc (_Size=0xc) returned 0x31da158 [0176.332] malloc (_Size=0xc) returned 0x31da200 [0176.332] malloc (_Size=0xc) returned 0x31da3c8 [0176.332] malloc (_Size=0xc) returned 0x31da188 [0176.332] malloc (_Size=0xc) returned 0x31da350 [0176.332] malloc (_Size=0xc) returned 0x31da368 [0176.333] malloc (_Size=0xc) returned 0x31da230 [0176.333] malloc (_Size=0xc) returned 0x31da398 [0176.333] malloc (_Size=0xc) returned 0x31da3b0 [0176.333] malloc (_Size=0xc) returned 0x31da1a0 [0176.333] malloc (_Size=0xc) returned 0x31da1b8 [0176.333] malloc (_Size=0xc) returned 0x31da1e8 [0176.333] malloc (_Size=0xc) returned 0x31da518 [0176.333] malloc (_Size=0xc) returned 0x31da440 [0176.333] malloc (_Size=0xc) returned 0x31da3e0 [0176.333] malloc (_Size=0xc) returned 0x31da668 [0176.333] malloc (_Size=0xc) returned 0x31da3f8 [0176.333] malloc (_Size=0xc) returned 0x31da488 [0176.333] malloc (_Size=0xc) returned 0x31da458 [0176.333] malloc (_Size=0xc) returned 0x31da410 [0176.333] malloc (_Size=0xc) returned 0x31da590 [0176.333] malloc (_Size=0xc) returned 0x31da428 [0176.333] malloc (_Size=0xc) returned 0x31da470 [0176.333] malloc (_Size=0xc) returned 0x31da548 [0176.333] malloc (_Size=0xc) returned 0x31da608 [0176.333] malloc (_Size=0xc) returned 0x31da680 [0176.334] realloc (_Block=0x31d7080, _Size=0x2000) returned 0x31de0a0 [0176.335] free (_Block=0x1d8c78) [0176.335] qsort (in: _Base=0x31e0a88, _NumOfElements=0x0, _SizeOfElements=0x4, _PtFuncCompare=0xb292e0 | out: _Base=0x31e0a88) [0176.482] GetCurrentThreadId () returned 0x1130 [0176.482] GetCurrentThreadId () returned 0x1130 [0176.635] GetCurrentThreadId () returned 0x1130 [0176.700] LoadLibraryW (lpLibFileName="libeay32.dll") returned 0x10000000 [0176.822] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_get_pubkey", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0176.823] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_get_pubkey", cchWideChar=15, lpMultiByteStr=0x24eb1ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_get_pubkey", lpUsedDefaultChar=0x0) returned 15 [0176.823] GetProcAddress (hModule=0x10000000, lpProcName="X509_get_pubkey") returned 0x1008a5e0 [0176.823] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BIO_free_all", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.823] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BIO_free_all", cchWideChar=12, lpMultiByteStr=0x24eb1ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIO_free_all", lpUsedDefaultChar=0x0) returned 12 [0176.823] GetProcAddress (hModule=0x10000000, lpProcName="BIO_free_all") returned 0x10054dd0 [0176.826] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="PEM_read_bio_PUBKEY", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0176.826] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="PEM_read_bio_PUBKEY", cchWideChar=19, lpMultiByteStr=0x2508b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PEM_read_bio_PUBKEY", lpUsedDefaultChar=0x0) returned 19 [0176.826] GetProcAddress (hModule=0x10000000, lpProcName="PEM_read_bio_PUBKEY") returned 0x100873f0 [0176.826] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="PEM_write_bio_PUBKEY", cchWideChar=20, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0176.826] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="PEM_write_bio_PUBKEY", cchWideChar=20, lpMultiByteStr=0x2508b2c, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PEM_write_bio_PUBKEY", lpUsedDefaultChar=0x0) returned 20 [0176.826] GetProcAddress (hModule=0x10000000, lpProcName="PEM_write_bio_PUBKEY") returned 0x10087450 [0176.826] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EVP_BytesToKey", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.826] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EVP_BytesToKey", cchWideChar=14, lpMultiByteStr=0x24eb1ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EVP_BytesToKey", lpUsedDefaultChar=0x0) returned 14 [0176.827] GetProcAddress (hModule=0x10000000, lpProcName="EVP_BytesToKey") returned 0x100639c0 [0176.827] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EVP_DecryptUpdate", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0176.827] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EVP_DecryptUpdate", cchWideChar=17, lpMultiByteStr=0x2508b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EVP_DecryptUpdate", lpUsedDefaultChar=0x0) returned 17 [0176.827] GetProcAddress (hModule=0x10000000, lpProcName="EVP_DecryptUpdate") returned 0x10062ed0 [0176.827] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EVP_DecryptFinal", cchWideChar=16, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0176.827] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EVP_DecryptFinal", cchWideChar=16, lpMultiByteStr=0x2508b2c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EVP_DecryptFinal", lpUsedDefaultChar=0x0) returned 16 [0176.827] GetProcAddress (hModule=0x10000000, lpProcName="EVP_DecryptFinal") returned 0x10063720 [0176.827] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EVP_DecryptFinal_ex", cchWideChar=19, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0176.827] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="EVP_DecryptFinal_ex", cchWideChar=19, lpMultiByteStr=0x2508b2c, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EVP_DecryptFinal_ex", lpUsedDefaultChar=0x0) returned 19 [0176.827] GetProcAddress (hModule=0x10000000, lpProcName="EVP_DecryptFinal_ex") returned 0x10063010 [0176.827] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BIO_push", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0176.827] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BIO_push", cchWideChar=8, lpMultiByteStr=0x24eb1ac, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIO_push", lpUsedDefaultChar=0x0) returned 8 [0176.828] GetProcAddress (hModule=0x10000000, lpProcName="BIO_push") returned 0x10054cb0 [0176.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BIO_pop", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0176.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BIO_pop", cchWideChar=7, lpMultiByteStr=0x24f3abc, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIO_pop", lpUsedDefaultChar=0x0) returned 7 [0176.828] GetProcAddress (hModule=0x10000000, lpProcName="BIO_pop") returned 0x10054d00 [0176.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BIO_set_next", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="BIO_set_next", cchWideChar=12, lpMultiByteStr=0x24eb1ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BIO_set_next", lpUsedDefaultChar=0x0) returned 12 [0176.828] GetProcAddress (hModule=0x10000000, lpProcName="BIO_set_next") returned 0x0 [0176.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RSA_print", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0176.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RSA_print", cchWideChar=9, lpMultiByteStr=0x24eb1ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RSA_print", lpUsedDefaultChar=0x0) returned 9 [0176.828] GetProcAddress (hModule=0x10000000, lpProcName="RSA_print") returned 0x1003f7c0 [0176.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="d2i_PKCS7_bio", cchWideChar=13, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.828] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="d2i_PKCS7_bio", cchWideChar=13, lpMultiByteStr=0x24eb1ac, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="d2i_PKCS7_bio", lpUsedDefaultChar=0x0) returned 13 [0176.829] GetProcAddress (hModule=0x10000000, lpProcName="d2i_PKCS7_bio") returned 0x100904c0 [0176.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="PKCS7_verify", cchWideChar=12, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="PKCS7_verify", cchWideChar=12, lpMultiByteStr=0x24eb1ac, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PKCS7_verify", lpUsedDefaultChar=0x0) returned 12 [0176.829] GetProcAddress (hModule=0x10000000, lpProcName="PKCS7_verify") returned 0x100a9da0 [0176.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_new", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="X509_STORE_new", cchWideChar=14, lpMultiByteStr=0x24eb1ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="X509_STORE_new", lpUsedDefaultChar=0x0) returned 14 [0176.829] GetProcAddress (hModule=0x10000000, lpProcName="X509_STORE_new") returned 0x1008f360 [0176.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_bytes", cchWideChar=10, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_bytes", cchWideChar=10, lpMultiByteStr=0x24eb1ac, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_bytes", lpUsedDefaultChar=0x0) returned 10 [0176.829] GetProcAddress (hModule=0x10000000, lpProcName="RAND_bytes") returned 0x1005d940 [0176.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_pseudo_bytes", cchWideChar=17, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0176.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_pseudo_bytes", cchWideChar=17, lpMultiByteStr=0x2508b2c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_pseudo_bytes", lpUsedDefaultChar=0x0) returned 17 [0176.829] GetProcAddress (hModule=0x10000000, lpProcName="RAND_pseudo_bytes") returned 0x1005d9a0 [0176.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_status", cchWideChar=11, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.829] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_status", cchWideChar=11, lpMultiByteStr=0x24eb1ac, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_status", lpUsedDefaultChar=0x0) returned 11 [0176.830] GetProcAddress (hModule=0x10000000, lpProcName="RAND_status") returned 0x1005da00 [0176.830] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_poll", cchWideChar=9, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0176.830] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_poll", cchWideChar=9, lpMultiByteStr=0x24eb1ac, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_poll", lpUsedDefaultChar=0x0) returned 9 [0176.830] GetProcAddress (hModule=0x10000000, lpProcName="RAND_poll") returned 0x1005dcc0 [0176.830] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_file_name", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.830] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_file_name", cchWideChar=14, lpMultiByteStr=0x24eb1ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_file_name", lpUsedDefaultChar=0x0) returned 14 [0176.830] GetProcAddress (hModule=0x10000000, lpProcName="RAND_file_name") returned 0x1005d640 [0176.830] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_load_file", cchWideChar=14, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.830] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_load_file", cchWideChar=14, lpMultiByteStr=0x24eb1ac, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_load_file", lpUsedDefaultChar=0x0) returned 14 [0176.830] GetProcAddress (hModule=0x10000000, lpProcName="RAND_load_file") returned 0x1005d3b0 [0176.830] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_write_file", cchWideChar=15, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0176.830] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="RAND_write_file", cchWideChar=15, lpMultiByteStr=0x24eb1ac, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RAND_write_file", lpUsedDefaultChar=0x0) returned 15 [0176.830] GetProcAddress (hModule=0x10000000, lpProcName="RAND_write_file") returned 0x1005d4f0 [0176.831] malloc (_Size=0x10) returned 0x31e0b90 [0176.831] free (_Block=0x1d1218) [0176.831] malloc (_Size=0x10) returned 0x31e0aa0 [0176.831] free (_Block=0x1d1248) [0176.831] malloc (_Size=0x10) returned 0x31e0bc0 [0176.831] free (_Block=0x1d1278) [0176.831] malloc (_Size=0x10) returned 0x31e0b18 [0176.831] free (_Block=0x1d12a8) [0176.831] malloc (_Size=0x10) returned 0x31e0c38 [0176.831] free (_Block=0x1d12d8) [0176.831] malloc (_Size=0x10) returned 0x31e0b48 [0176.831] free (_Block=0x1d1308) [0176.831] malloc (_Size=0x10) returned 0x31e0bf0 [0176.831] free (_Block=0x1d1338) [0176.831] malloc (_Size=0x10) returned 0x31e0c08 [0176.831] free (_Block=0x1d5768) [0176.831] malloc (_Size=0x10) returned 0x31e0cc8 [0176.831] free (_Block=0x1d5780) [0176.831] malloc (_Size=0x10) returned 0x31e0c50 [0176.831] free (_Block=0x1d5678) [0176.831] malloc (_Size=0x10) returned 0x31e0c20 [0176.831] free (_Block=0x1d5738) [0176.831] malloc (_Size=0x10) returned 0x31e0a40 [0176.831] free (_Block=0x1d5660) [0176.831] malloc (_Size=0x10) returned 0x31e0b78 [0176.832] free (_Block=0x1d57b0) [0176.832] malloc (_Size=0x10) returned 0x31e0c68 [0176.832] free (_Block=0x1d57c8) [0176.832] malloc (_Size=0x10) returned 0x31e0d10 [0176.832] free (_Block=0x1d57f8) [0176.832] malloc (_Size=0x10) returned 0x31e0c80 [0176.832] free (_Block=0x1d5828) [0176.832] malloc (_Size=0x10) returned 0x31e0c98 [0176.832] free (_Block=0x1d5690) [0176.832] malloc (_Size=0x10) returned 0x31e0cb0 [0176.832] free (_Block=0x1d5ef8) [0176.832] malloc (_Size=0x10) returned 0x31e0ce0 [0176.832] free (_Block=0x1d5e08) [0176.832] malloc (_Size=0x10) returned 0x31e0cf8 [0176.832] free (_Block=0x1d5df0) [0176.832] malloc (_Size=0x10) returned 0x31e0a28 [0176.832] free (_Block=0x1d5f28) [0176.832] malloc (_Size=0x10) returned 0x31e0db8 [0176.832] free (_Block=0x1d5f58) [0176.832] malloc (_Size=0x10) returned 0x31e0ff8 [0176.832] free (_Block=0x1d5e98) [0176.832] malloc (_Size=0x10) returned 0x31e0ed8 [0176.832] free (_Block=0x1d5d90) [0176.832] malloc (_Size=0x10) returned 0x31e0e60 [0176.832] free (_Block=0x31e05c0) [0176.832] malloc (_Size=0x10) returned 0x31e05c0 [0176.832] free (_Block=0x31e0680) [0176.832] malloc (_Size=0x10) returned 0x31e0680 [0176.833] free (_Block=0x1d5da8) [0176.833] malloc (_Size=0x10) returned 0x31e0fb0 [0176.833] free (_Block=0x1d5cb8) [0176.833] malloc (_Size=0x10) returned 0x31e0d40 [0176.833] free (_Block=0x1d5d18) [0176.833] malloc (_Size=0x10) returned 0x31e0dd0 [0176.833] free (_Block=0x1d5d60) [0176.833] malloc (_Size=0x10) returned 0x31e0d88 [0176.833] free (_Block=0x31e0650) [0176.833] malloc (_Size=0x10) returned 0x31e0650 [0176.833] free (_Block=0x31e0428) [0176.833] malloc (_Size=0x10) returned 0x31e0428 [0176.833] free (_Block=0x1d5eb0) [0176.833] malloc (_Size=0x10) returned 0x31e0d70 [0176.833] free (_Block=0x1d5f88) [0176.833] malloc (_Size=0x10) returned 0x31e0da0 [0176.833] free (_Block=0x1d5fa0) [0176.833] malloc (_Size=0x10) returned 0x31e0e90 [0176.833] free (_Block=0x1d6030) [0176.833] malloc (_Size=0x10) returned 0x31e0f50 [0176.833] free (_Block=0x1d5fe8) [0176.833] malloc (_Size=0x10) returned 0x31e0fc8 [0176.833] free (_Block=0x1d6018) [0176.834] malloc (_Size=0x10) returned 0x31e0de8 [0176.834] free (_Block=0x1d6378) [0176.834] malloc (_Size=0x10) returned 0x31e0d58 [0176.834] free (_Block=0x1d6420) [0176.834] malloc (_Size=0x10) returned 0x31e0e00 [0176.834] free (_Block=0x31e0530) [0176.834] malloc (_Size=0x10) returned 0x31e0530 [0176.834] free (_Block=0x31e0578) [0176.834] malloc (_Size=0x10) returned 0x31e0578 [0176.834] free (_Block=0x1d6330) [0176.834] malloc (_Size=0x10) returned 0x31e0ef0 [0176.834] free (_Block=0x1d6288) [0176.834] malloc (_Size=0x10) returned 0x31e0f80 [0176.834] free (_Block=0x1d62d0) [0176.834] malloc (_Size=0x10) returned 0x31e0f98 [0176.834] free (_Block=0x1d62b8) [0176.834] malloc (_Size=0x10) returned 0x31e0e18 [0176.834] free (_Block=0x1d6348) [0176.834] malloc (_Size=0x10) returned 0x31e0fe0 [0176.834] free (_Block=0x1d6138) [0176.834] malloc (_Size=0x10) returned 0x31e0ea8 [0176.834] free (_Block=0x1d6318) [0176.835] malloc (_Size=0x10) returned 0x31e1010 [0176.835] free (_Block=0x1d6228) [0176.835] malloc (_Size=0x10) returned 0x31e0d28 [0176.835] free (_Block=0x1d6078) [0176.835] malloc (_Size=0x10) returned 0x31e0f08 [0176.835] free (_Block=0x1d61e0) [0176.835] malloc (_Size=0x10) returned 0x31e0e30 [0176.835] free (_Block=0x31e04b8) [0176.835] malloc (_Size=0x10) returned 0x31e04b8 [0176.835] free (_Block=0x31e05d8) [0176.835] malloc (_Size=0x10) returned 0x31e05d8 [0176.835] free (_Block=0x1d6150) [0176.835] malloc (_Size=0x10) returned 0x31e0ec0 [0176.835] free (_Block=0x1d6198) [0176.835] malloc (_Size=0x10) returned 0x31e0e48 [0176.835] free (_Block=0x1d61b0) [0176.835] malloc (_Size=0x10) returned 0x31e0e78 [0176.835] free (_Block=0x1d6240) [0176.835] malloc (_Size=0x10) returned 0x31e0f20 [0176.835] free (_Block=0x1d64c8) [0176.835] malloc (_Size=0x10) returned 0x31e0f68 [0176.835] free (_Block=0x1d65e8) [0176.835] malloc (_Size=0x10) returned 0x31e0f38 [0176.835] free (_Block=0x1d64f8) [0176.836] malloc (_Size=0x10) returned 0x31e1028 [0176.836] free (_Block=0x1d6690) [0176.836] malloc (_Size=0x10) returned 0x31e1280 [0176.836] free (_Block=0x31e0728) [0176.836] malloc (_Size=0x10) returned 0x31e0728 [0176.836] free (_Block=0x31e0740) [0176.836] malloc (_Size=0x10) returned 0x31e0740 [0176.836] free (_Block=0x1d6528) [0176.836] malloc (_Size=0x10) returned 0x31e1130 [0176.836] free (_Block=0x1d6480) [0176.836] malloc (_Size=0x10) returned 0x31e12e0 [0176.836] free (_Block=0x1d6510) [0176.836] malloc (_Size=0x10) returned 0x31e10d0 [0176.836] free (_Block=0x1d6558) [0176.836] malloc (_Size=0x10) returned 0x31e10e8 [0176.836] free (_Block=0x1d6720) [0176.836] malloc (_Size=0x10) returned 0x31e1208 [0176.836] free (_Block=0x1d6738) [0176.836] malloc (_Size=0x10) returned 0x31e12c8 [0176.836] free (_Block=0x1d66a8) [0176.836] malloc (_Size=0x10) returned 0x31e1268 [0176.836] free (_Block=0x1d66c0) [0176.836] malloc (_Size=0x10) returned 0x31e11d8 [0176.836] free (_Block=0x31e05f0) [0176.836] malloc (_Size=0x10) returned 0x31e05f0 [0176.837] free (_Block=0x31e04a0) [0176.837] malloc (_Size=0x10) returned 0x31e04a0 [0176.837] free (_Block=0x31e04d0) [0176.837] malloc (_Size=0x10) returned 0x31e04d0 [0176.837] free (_Block=0x31e06f8) [0176.837] malloc (_Size=0x10) returned 0x31e06f8 [0176.837] free (_Block=0x1d6828) [0176.837] malloc (_Size=0x10) returned 0x31e1298 [0176.837] free (_Block=0x1d6798) [0176.837] malloc (_Size=0x10) returned 0x31e1040 [0176.837] free (_Block=0x1d67b0) [0176.837] malloc (_Size=0x10) returned 0x31e1310 [0176.837] free (_Block=0x1d6a20) [0176.837] malloc (_Size=0x10) returned 0x31e1220 [0176.837] free (_Block=0x1d69a8) [0176.837] malloc (_Size=0x10) returned 0x31e1070 [0176.837] free (_Block=0x1d6888) [0176.837] malloc (_Size=0x10) returned 0x31e1058 [0176.837] free (_Block=0x1d6af8) [0176.837] malloc (_Size=0x10) returned 0x31e1238 [0176.837] free (_Block=0x1d6b28) [0176.837] malloc (_Size=0x10) returned 0x31e1100 [0176.837] free (_Block=0x1d69c0) [0176.837] malloc (_Size=0x10) returned 0x31e1190 [0176.838] free (_Block=0x1d69d8) [0176.838] malloc (_Size=0x10) returned 0x31e12b0 [0176.838] free (_Block=0x1d69f0) [0176.838] malloc (_Size=0x10) returned 0x31e10a0 [0176.838] free (_Block=0x1d68b8) [0176.838] malloc (_Size=0x10) returned 0x31e11f0 [0176.838] free (_Block=0x1d6a50) [0176.838] malloc (_Size=0x10) returned 0x31e1250 [0176.838] free (_Block=0x1d6a68) [0176.839] malloc (_Size=0x10) returned 0x31e1088 [0176.839] free (_Block=0x1d6900) [0176.839] malloc (_Size=0x10) returned 0x31e12f8 [0176.839] free (_Block=0x1d6948) [0176.839] malloc (_Size=0x10) returned 0x31e10b8 [0176.839] free (_Block=0x1d6978) [0176.839] malloc (_Size=0x10) returned 0x31e1118 [0176.839] free (_Block=0x1d6ab0) [0176.839] malloc (_Size=0x10) returned 0x31e1148 [0176.839] free (_Block=0x1d6ae0) [0176.839] malloc (_Size=0x10) returned 0x31e1178 [0176.839] free (_Block=0x1d6bd0) [0176.839] malloc (_Size=0x10) returned 0x31e1160 [0176.839] free (_Block=0x1d6c00) [0176.839] malloc (_Size=0x10) returned 0x31e11a8 [0176.839] free (_Block=0x1d6be8) [0176.839] malloc (_Size=0x10) returned 0x31e11c0 [0176.839] free (_Block=0x1d6c18) [0176.839] malloc (_Size=0x10) returned 0x31e1610 [0176.839] free (_Block=0x1d6d68) [0176.839] malloc (_Size=0x10) returned 0x31e15c8 [0176.840] free (_Block=0x1d6d50) [0176.840] malloc (_Size=0x10) returned 0x31e1490 [0176.840] free (_Block=0x1d6f48) [0176.840] malloc (_Size=0x10) returned 0x31e1388 [0176.840] free (_Block=0x1d6ea0) [0176.840] malloc (_Size=0x10) returned 0x31e1430 [0176.840] free (_Block=0x1d6e88) [0176.840] malloc (_Size=0x10) returned 0x31e13d0 [0176.840] free (_Block=0x1d6df8) [0176.840] malloc (_Size=0x10) returned 0x31e14c0 [0176.840] free (_Block=0x31e0608) [0176.840] malloc (_Size=0x10) returned 0x31e0608 [0176.840] free (_Block=0x31e0668) [0176.840] malloc (_Size=0x10) returned 0x31e0668 [0176.840] free (_Block=0x1d6e10) [0176.840] malloc (_Size=0x10) returned 0x31e13a0 [0176.840] free (_Block=0x1d6de0) [0176.840] malloc (_Size=0x10) returned 0x31e1328 [0176.840] free (_Block=0x1d6d08) [0176.840] malloc (_Size=0x10) returned 0x31e1400 [0176.840] free (_Block=0x1d6f60) [0176.840] malloc (_Size=0x10) returned 0x31e1340 [0176.840] free (_Block=0x1d6e70) [0176.840] malloc (_Size=0x10) returned 0x31e15e0 [0176.840] free (_Block=0x1d6f18) [0176.840] malloc (_Size=0x10) returned 0x31e1478 [0176.840] free (_Block=0x1d6ca8) [0176.840] malloc (_Size=0x10) returned 0x31e15f8 [0176.841] free (_Block=0x1d6cc0) [0176.841] malloc (_Size=0x10) returned 0x31e14f0 [0176.841] free (_Block=0x1d7020) [0176.841] malloc (_Size=0x10) returned 0x31e1460 [0176.841] free (_Block=0x1d7038) [0176.841] malloc (_Size=0x10) returned 0x31e13e8 [0176.841] free (_Block=0x31e0470) [0176.841] malloc (_Size=0x10) returned 0x31e0470 [0176.841] free (_Block=0x31e0458) [0176.841] malloc (_Size=0x10) returned 0x31e0458 [0176.841] free (_Block=0x1d6ff0) [0176.841] malloc (_Size=0x10) returned 0x31e14d8 [0176.841] free (_Block=0x1d7158) [0176.841] malloc (_Size=0x10) returned 0x31e14a8 [0176.841] free (_Block=0x1d7128) [0176.841] malloc (_Size=0x10) returned 0x31e1598 [0176.841] free (_Block=0x1d7140) [0176.841] malloc (_Size=0x10) returned 0x31e13b8 [0176.841] free (_Block=0x1d71a0) [0176.841] malloc (_Size=0x10) returned 0x31e1448 [0176.841] free (_Block=0x1d7098) [0176.841] malloc (_Size=0x10) returned 0x31e1508 [0176.841] free (_Block=0x31e0698) [0176.841] malloc (_Size=0x10) returned 0x31e0698 [0176.841] free (_Block=0x31e06b0) [0176.841] malloc (_Size=0x10) returned 0x31e06b0 [0176.841] free (_Block=0x1d70b0) [0176.842] malloc (_Size=0x10) returned 0x31e1550 [0176.842] free (_Block=0x1d71d0) [0176.842] malloc (_Size=0x10) returned 0x31e1520 [0176.842] free (_Block=0x1d7248) [0176.842] malloc (_Size=0x10) returned 0x31e1418 [0176.842] free (_Block=0x1d7290) [0176.842] malloc (_Size=0x10) returned 0x31e1538 [0176.842] free (_Block=0x1d70e0) [0176.842] malloc (_Size=0x10) returned 0x31e1568 [0176.842] free (_Block=0x1d72a8) [0176.842] malloc (_Size=0x10) returned 0x31e1580 [0176.842] free (_Block=0x1d70f8) [0176.842] malloc (_Size=0x10) returned 0x31e15b0 [0176.842] free (_Block=0x1d72f0) [0176.842] malloc (_Size=0x10) returned 0x31e1358 [0176.842] free (_Block=0x1d7308) [0176.842] malloc (_Size=0x10) returned 0x31e1370 [0176.842] free (_Block=0x1d73f8) [0176.842] malloc (_Size=0x10) returned 0x31e17a8 [0176.842] free (_Block=0x1d7440) [0176.842] malloc (_Size=0x10) returned 0x31e1748 [0176.842] free (_Block=0x1d7458) [0176.842] malloc (_Size=0x10) returned 0x31e1820 [0176.842] free (_Block=0x1d73e0) [0176.842] malloc (_Size=0x10) returned 0x31e1628 [0176.842] free (_Block=0x1d7948) [0176.842] malloc (_Size=0x10) returned 0x31e18b0 [0176.843] free (_Block=0x1d78a0) [0176.843] malloc (_Size=0x10) returned 0x31e1898 [0176.843] free (_Block=0x1d7708) [0176.843] malloc (_Size=0x10) returned 0x31e1670 [0176.843] free (_Block=0x31e06c8) [0176.843] malloc (_Size=0x10) returned 0x31e06c8 [0176.843] free (_Block=0x31e0440) [0176.843] malloc (_Size=0x10) returned 0x31e0440 [0176.843] free (_Block=0x1d77e0) [0176.843] malloc (_Size=0x10) returned 0x31e1760 [0176.843] free (_Block=0x1d7810) [0176.843] malloc (_Size=0x10) returned 0x31e18c8 [0176.843] free (_Block=0x1d7978) [0176.843] malloc (_Size=0x10) returned 0x31e1778 [0176.843] free (_Block=0x1d77f8) [0176.843] malloc (_Size=0x10) returned 0x31e17d8 [0176.843] free (_Block=0x1d76a8) [0176.843] malloc (_Size=0x10) returned 0x31e1790 [0176.843] free (_Block=0x1d76f0) [0176.843] malloc (_Size=0x10) returned 0x31e16b8 [0176.843] free (_Block=0x1d7768) [0176.843] malloc (_Size=0x10) returned 0x31e1658 [0176.843] free (_Block=0x1d7870) [0176.843] malloc (_Size=0x10) returned 0x31e18e0 [0176.843] free (_Block=0x1d77b0) [0176.843] malloc (_Size=0x10) returned 0x31e17c0 [0176.843] free (_Block=0x1d78e8) [0176.843] malloc (_Size=0x10) returned 0x31e1910 [0176.843] free (_Block=0x31e0500) [0176.844] malloc (_Size=0x10) returned 0x31e0500 [0176.844] free (_Block=0x31e04e8) [0176.844] malloc (_Size=0x10) returned 0x31e04e8 [0176.844] free (_Block=0x1d7a38) [0176.844] malloc (_Size=0x10) returned 0x31e1640 [0176.844] free (_Block=0x1d7a68) [0176.844] malloc (_Size=0x10) returned 0x31e1688 [0176.844] free (_Block=0x1d79f0) [0176.844] malloc (_Size=0x10) returned 0x31e16a0 [0176.844] free (_Block=0x1d7a20) [0176.844] malloc (_Size=0x10) returned 0x31e16d0 [0176.844] free (_Block=0x1d7de0) [0176.844] malloc (_Size=0x10) returned 0x31e16e8 [0176.844] free (_Block=0x1d7e10) [0176.844] malloc (_Size=0x10) returned 0x31e1700 [0176.844] free (_Block=0x31e07b8) [0176.844] malloc (_Size=0x10) returned 0x31e07b8 [0176.844] free (_Block=0x31e0950) [0176.844] malloc (_Size=0x10) returned 0x31e0950 [0176.844] free (_Block=0x1d7cc0) [0176.844] malloc (_Size=0x10) returned 0x31e1718 [0176.844] free (_Block=0x1d7d08) [0176.844] malloc (_Size=0x10) returned 0x31e1730 [0176.844] free (_Block=0x1d7cf0) [0176.844] malloc (_Size=0x10) returned 0x31e18f8 [0176.844] free (_Block=0x1d7d68) [0176.844] malloc (_Size=0x10) returned 0x31e17f0 [0176.844] free (_Block=0x1d7b70) [0176.844] malloc (_Size=0x10) returned 0x31e1808 [0176.845] free (_Block=0x1d7d50) [0176.845] malloc (_Size=0x10) returned 0x31e1838 [0176.845] free (_Block=0x1d7c60) [0176.845] malloc (_Size=0x10) returned 0x31e1850 [0176.845] free (_Block=0x1d7ab0) [0176.845] malloc (_Size=0x10) returned 0x31e1868 [0176.845] free (_Block=0x1d7c18) [0176.845] malloc (_Size=0x10) returned 0x31e1880 [0176.845] free (_Block=0x1d7ae0) [0176.845] malloc (_Size=0x10) returned 0x31e1bc8 [0176.845] free (_Block=0x1d7b10) [0176.845] malloc (_Size=0x10) returned 0x31e1b80 [0176.845] free (_Block=0x1d7af8) [0176.845] malloc (_Size=0x10) returned 0x31e1a60 [0176.845] free (_Block=0x1d7b88) [0176.845] malloc (_Size=0x10) returned 0x31e1bb0 [0176.845] free (_Block=0x1d7ba0) [0176.845] malloc (_Size=0x10) returned 0x31e1988 [0176.845] free (_Block=0x1d7be8) [0176.845] malloc (_Size=0x10) returned 0x31e1aa8 [0176.845] free (_Block=0x1d7c78) [0176.845] malloc (_Size=0x10) returned 0x31e1a18 [0176.845] free (_Block=0x1d7f48) [0176.845] malloc (_Size=0x10) returned 0x31e1be0 [0176.845] free (_Block=0x1d8140) [0176.845] malloc (_Size=0x10) returned 0x31e1a48 [0176.845] free (_Block=0x1d8038) [0176.845] malloc (_Size=0x10) returned 0x31e1b38 [0176.846] free (_Block=0x1d8158) [0176.846] malloc (_Size=0x10) returned 0x31e1c10 [0176.846] free (_Block=0x1d7f18) [0176.846] malloc (_Size=0x10) returned 0x31e1b20 [0176.846] free (_Block=0x1d7f60) [0176.846] malloc (_Size=0x10) returned 0x31e1a78 [0176.846] free (_Block=0x1d7eb8) [0176.846] malloc (_Size=0x10) returned 0x31e1a90 [0176.846] free (_Block=0x1d7f30) [0176.846] malloc (_Size=0x10) returned 0x31e1ac0 [0176.846] free (_Block=0x1d7f90) [0176.846] malloc (_Size=0x10) returned 0x31e1b98 [0176.846] free (_Block=0x1d8170) [0176.846] malloc (_Size=0x10) returned 0x31e1b50 [0176.846] free (_Block=0x31e0998) [0176.846] malloc (_Size=0x10) returned 0x31e0998 [0176.846] free (_Block=0x31e0a10) [0176.846] malloc (_Size=0x10) returned 0x31e0a10 [0176.846] free (_Block=0x1d80c8) [0176.846] malloc (_Size=0x10) returned 0x31e1ad8 [0176.846] free (_Block=0x1d80b0) [0176.846] malloc (_Size=0x10) returned 0x31e1a30 [0176.846] free (_Block=0x1d8128) [0176.846] malloc (_Size=0x10) returned 0x31e1af0 [0176.846] free (_Block=0x1d80f8) [0176.846] malloc (_Size=0x10) returned 0x31e1b08 [0176.846] free (_Block=0x1d83e0) [0176.847] malloc (_Size=0x10) returned 0x31e19a0 [0176.847] free (_Block=0x1d83f8) [0176.847] malloc (_Size=0x10) returned 0x31e19b8 [0176.847] free (_Block=0x1d8218) [0176.847] malloc (_Size=0x10) returned 0x31e1bf8 [0176.847] free (_Block=0x1d8308) [0176.847] malloc (_Size=0x10) returned 0x31e1b68 [0176.847] free (_Block=0x1d8410) [0176.847] malloc (_Size=0x10) returned 0x31e1928 [0176.847] free (_Block=0x1d8350) [0176.847] malloc (_Size=0x10) returned 0x31e1940 [0176.847] free (_Block=0x1d82d8) [0176.847] malloc (_Size=0x10) returned 0x31e1958 [0176.847] free (_Block=0x1d81b8) [0176.847] malloc (_Size=0x10) returned 0x31e1970 [0176.847] free (_Block=0x1d8428) [0176.847] malloc (_Size=0x10) returned 0x31e19d0 [0176.847] free (_Block=0x1d8458) [0176.847] malloc (_Size=0x10) returned 0x31e19e8 [0176.847] free (_Block=0x31e0890) [0176.847] malloc (_Size=0x10) returned 0x31e0890 [0176.847] free (_Block=0x31e07e8) [0176.847] malloc (_Size=0x10) returned 0x31e07e8 [0176.847] free (_Block=0x31e0848) [0176.847] malloc (_Size=0x10) returned 0x31e0848 [0176.847] free (_Block=0x31e07d0) [0176.847] malloc (_Size=0x10) returned 0x31e07d0 [0176.847] free (_Block=0x31e0968) [0176.848] malloc (_Size=0x10) returned 0x31e0968 [0176.848] free (_Block=0x31e0800) [0176.848] malloc (_Size=0x10) returned 0x31e0800 [0176.848] free (_Block=0x1d8668) [0176.848] malloc (_Size=0x10) returned 0x31e1a00 [0176.848] free (_Block=0x1d8518) [0176.848] malloc (_Size=0x10) returned 0x31e1f10 [0176.848] free (_Block=0x1d8548) [0176.848] malloc (_Size=0x10) returned 0x31e1c28 [0176.848] free (_Block=0x1d8620) [0176.848] malloc (_Size=0x10) returned 0x31e1d90 [0176.848] free (_Block=0x1d85c0) [0176.848] malloc (_Size=0x10) returned 0x31e1ce8 [0176.848] free (_Block=0x1d85d8) [0176.848] malloc (_Size=0x10) returned 0x31e1d48 [0176.848] free (_Block=0x31e0758) [0176.848] malloc (_Size=0x10) returned 0x31e0758 [0176.848] free (_Block=0x31e0818) [0176.849] malloc (_Size=0x10) returned 0x31e0818 [0176.849] free (_Block=0x31e0830) [0176.849] malloc (_Size=0x10) returned 0x31e0830 [0176.849] free (_Block=0x31e0860) [0176.849] malloc (_Size=0x10) returned 0x31e0860 [0176.849] free (_Block=0x31e0878) [0176.849] malloc (_Size=0x10) returned 0x31e0878 [0176.849] free (_Block=0x31e08a8) [0176.849] malloc (_Size=0x10) returned 0x31e08a8 [0176.849] free (_Block=0x31e0b60) [0176.849] malloc (_Size=0x10) returned 0x31e0b60 [0176.849] free (_Block=0x31e0ab8) [0176.849] malloc (_Size=0x10) returned 0x31e0ab8 [0176.849] free (_Block=0x31e0a58) [0176.849] malloc (_Size=0x10) returned 0x31e0a58 [0176.849] free (_Block=0x31e0ba8) [0176.849] malloc (_Size=0x10) returned 0x31e0ba8 [0176.849] free (_Block=0x31e0bd8) [0176.849] malloc (_Size=0x10) returned 0x31e0bd8 [0176.849] free (_Block=0x31e0b30) [0176.849] malloc (_Size=0x10) returned 0x31e0b30 [0176.849] free (_Block=0x31e0ae8) [0176.849] malloc (_Size=0x10) returned 0x31e0ae8 [0176.849] free (_Block=0x31e0b00) [0176.850] malloc (_Size=0x10) returned 0x31e0b00 [0176.850] free (_Block=0x31e0ae8) [0176.850] malloc (_Size=0x10) returned 0x31e0ae8 [0176.850] free (_Block=0x1d8ba0) [0176.850] malloc (_Size=0x10) returned 0x31e1eb0 [0176.850] free (_Block=0x1d8c30) [0176.850] malloc (_Size=0x10) returned 0x31e1c40 [0176.850] free (_Block=0x1d8c60) [0176.850] malloc (_Size=0x10) returned 0x31e1c58 [0176.850] free (_Block=0x1d8a08) [0176.850] malloc (_Size=0x10) returned 0x31e1d00 [0176.850] free (_Block=0x1d8a98) [0176.850] malloc (_Size=0x10) returned 0x31e1d60 [0176.850] free (_Block=0x1d8a80) [0176.850] malloc (_Size=0x10) returned 0x31e1dc0 [0176.850] free (_Block=0x1d8e28) [0176.850] malloc (_Size=0x10) returned 0x31e1dd8 [0176.850] free (_Block=0x1d8cc0) [0176.850] malloc (_Size=0x10) returned 0x31e1df0 [0176.850] free (_Block=0x1d8dc8) [0176.850] malloc (_Size=0x10) returned 0x31e1cd0 [0176.850] free (_Block=0x1d8d98) [0176.850] malloc (_Size=0x10) returned 0x31e1c70 [0176.850] free (_Block=0x31e09b0) [0176.850] malloc (_Size=0x10) returned 0x31e09b0 [0176.850] free (_Block=0x31e0770) [0176.850] malloc (_Size=0x10) returned 0x31e0770 [0176.851] free (_Block=0x31e08f0) [0176.851] malloc (_Size=0x10) returned 0x31e08f0 [0176.851] free (_Block=0x31e08c0) [0176.851] malloc (_Size=0x10) returned 0x31e08c0 [0176.851] free (_Block=0x31e09c8) [0176.851] GetCurrentThreadId () returned 0x1130 [0176.851] GetCurrentThreadId () returned 0x1130 [0176.851] GetCurrentThreadId () returned 0x1130 [0176.851] GetCurrentThreadId () returned 0x1130 [0176.851] GetCurrentThreadId () returned 0x1130 [0176.851] GetCurrentThreadId () returned 0x1130 [0176.851] GetCurrentThreadId () returned 0x1130 [0176.851] GetCurrentThreadId () returned 0x1130 [0176.851] GetCurrentThreadId () returned 0x1130 [0176.851] GetCurrentThreadId () returned 0x1130 [0176.851] GetCurrentThreadId () returned 0x1130 [0176.851] GetCurrentThreadId () returned 0x1130 [0176.919] GetCurrentThreadId () returned 0x1130 [0176.919] GetCurrentThreadId () returned 0x1130 [0176.919] GetCurrentThreadId () returned 0x1130 [0176.919] GetCurrentThreadId () returned 0x1130 [0176.919] GetCurrentThreadId () returned 0x1130 [0177.113] GetCurrentThreadId () returned 0x1130 [0177.113] GetCurrentThreadId () returned 0x1130 [0177.113] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.143] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.144] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.145] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.146] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.147] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.148] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.149] GetCurrentThreadId () returned 0x1130 [0177.150] GetCurrentThreadId () returned 0x1130 [0177.150] GetCurrentThreadId () returned 0x1130 [0177.150] GetCurrentThreadId () returned 0x1130 [0177.150] GetCurrentThreadId () returned 0x1130 [0177.150] GetCurrentThreadId () returned 0x1130 [0177.150] GetCurrentThreadId () returned 0x1130 [0177.150] GetCurrentThreadId () returned 0x1130 [0177.150] GetCurrentThreadId () returned 0x1130 [0177.150] GetCurrentThreadId () returned 0x1130 [0177.150] GetCurrentThreadId () returned 0x1130 [0177.150] GetCurrentThreadId () returned 0x1130 [0177.254] GetCPInfo (in: CodePage=0xfde9, lpCPInfo=0x19fc10 | out: lpCPInfo=0x19fc10) returned 1 [0177.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="o№BcZmR67(KFrf>}R;\\Eg65\\.L{7\\m`8BEKxQ", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0177.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="o№BcZmR67(KFrf>}R;\\Eg65\\.L{7\\m`8BEKxQ", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0177.283] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="o№BcZmR67(KFrf>}R;\\Eg65\\.L{7\\m`8BEKxQ", cchWideChar=37, lpMultiByteStr=0x2524fd0, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="oâ\x84\x96BcZmR67(KFrf>}R;\\Eg65\\.L{7\\m`8BEKxQE", lpUsedDefaultChar=0x0) returned 39 [0177.283] GetCurrentThreadId () returned 0x1130 [0177.283] GetCurrentThreadId () returned 0x1130 [0177.307] GetCurrentThreadId () returned 0x1130 [0177.412] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\masterdescriptor.en-us.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0177.601] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x33c [0177.646] GetCurrentThreadId () returned 0x1130 [0177.646] GetCurrentThreadId () returned 0x1130 [0177.646] GetCurrentThreadId () returned 0x1130 [0177.646] GetCurrentThreadId () returned 0x1130 [0177.647] GetCurrentThreadId () returned 0x1130 [0177.647] GetCurrentThreadId () returned 0x1130 [0177.647] GetCurrentThreadId () returned 0x1130 [0177.647] GetCurrentThreadId () returned 0x1130 [0177.647] GetCurrentThreadId () returned 0x1130 [0177.647] GetCurrentThreadId () returned 0x1130 [0177.647] LoadLibraryA (lpLibFileName="ADVAPI32.DLL") returned 0x756e0000 [0177.647] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x772d0000 [0177.648] LoadLibraryA (lpLibFileName="NETAPI32.DLL") returned 0x73fe0000 [0177.648] GetProcAddress (hModule=0x73fe0000, lpProcName="NetStatisticsGet") returned 0x73fe2ad0 [0177.648] GetProcAddress (hModule=0x73fe0000, lpProcName="NetApiBufferFree") returned 0x73fd17c0 [0177.649] NetStatisticsGet (in: ServerName=0x0, Service=0x100d24e8, Level=0x0, Options=0x0, Buffer=0x19f7c4 | out: Buffer=0x19f7c4) returned 0x0 [0177.994] GetCurrentThreadId () returned 0x1130 [0177.994] GetCurrentThreadId () returned 0x1130 [0177.994] GetCurrentThreadId () returned 0x1130 [0177.994] GetCurrentThreadId () returned 0x1130 [0177.994] GetCurrentThreadId () returned 0x1130 [0177.995] GetCurrentThreadId () returned 0x1130 [0177.995] GetCurrentThreadId () returned 0x1130 [0177.995] malloc (_Size=0x64) returned 0x1d0520 [0177.995] free (_Block=0x1d0520) [0177.995] NetApiBufferFree (Buffer=0x9305e8) returned 0x0 [0177.995] NetStatisticsGet (in: ServerName=0x0, Service=0x100d24c0, Level=0x0, Options=0x0, Buffer=0x19f7c4 | out: Buffer=0x19f7c4) returned 0x0 [0178.027] GetCurrentThreadId () returned 0x1130 [0178.027] GetCurrentThreadId () returned 0x1130 [0178.027] GetCurrentThreadId () returned 0x1130 [0178.027] GetCurrentThreadId () returned 0x1130 [0178.028] GetCurrentThreadId () returned 0x1130 [0178.028] GetCurrentThreadId () returned 0x1130 [0178.028] GetCurrentThreadId () returned 0x1130 [0178.028] malloc (_Size=0x64) returned 0x1d0520 [0178.028] free (_Block=0x1d0520) [0178.028] NetApiBufferFree (Buffer=0x9409f0) returned 0x0 [0178.028] FreeLibrary (hLibModule=0x73fe0000) returned 1 [0178.028] GetProcAddress (hModule=0x756e0000, lpProcName="CryptAcquireContextW") returned 0x756ffa40 [0178.029] GetProcAddress (hModule=0x756e0000, lpProcName="CryptGenRandom") returned 0x75700730 [0178.029] GetProcAddress (hModule=0x756e0000, lpProcName="CryptReleaseContext") returned 0x756ffbc0 [0178.029] CryptAcquireContextW (in: phProv=0x19f7ac, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x19f7ac*=0x956a60) returned 1 [0178.035] CryptGenRandom (in: hProv=0x956a60, dwLen=0x40, pbBuffer=0x19fb34 | out: pbBuffer=0x19fb34) returned 1 [0178.035] GetCurrentThreadId () returned 0x1130 [0178.035] GetCurrentThreadId () returned 0x1130 [0178.035] GetCurrentThreadId () returned 0x1130 [0178.035] GetCurrentThreadId () returned 0x1130 [0178.035] GetCurrentThreadId () returned 0x1130 [0178.035] GetCurrentThreadId () returned 0x1130 [0178.035] GetCurrentThreadId () returned 0x1130 [0178.036] malloc (_Size=0x64) returned 0x1d0520 [0178.036] free (_Block=0x1d0520) [0178.036] CryptReleaseContext (hProv=0x956a60, dwFlags=0x0) returned 1 [0178.036] CryptAcquireContextW (in: phProv=0x19f7ac, szContainer=0x0, szProvider="Intel Hardware Cryptographic Service Provider", dwProvType=0x16, dwFlags=0x0 | out: phProv=0x19f7ac*=0x956a60) returned 0 [0178.036] FreeLibrary (hLibModule=0x756e0000) returned 1 [0178.036] GetVersion () returned 0x23f00206 [0178.036] GetDesktopWindow () returned 0x10010 [0178.037] GetProcessWindowStation () returned 0x130 [0178.037] GetUserObjectInformationW (in: hObj=0x130, nIndex=2, pvInfo=0x0, nLength=0x0, lpnLengthNeeded=0x19f6f4 | out: pvInfo=0x0, lpnLengthNeeded=0x19f6f4) returned 0 [0178.037] GetLastError () returned 0x7a [0178.037] GetUserObjectInformationW (in: hObj=0x130, nIndex=2, pvInfo=0x19f6d0, nLength=0x10, lpnLengthNeeded=0x19f6f4 | out: pvInfo=0x19f6d0, lpnLengthNeeded=0x19f6f4) returned 1 [0178.037] wcsstr (_Str="WinSta0", _SubStr="Service-0x") returned 0x0 [0178.037] LoadLibraryA (lpLibFileName="USER32.DLL") returned 0x750c0000 [0178.037] GetProcAddress (hModule=0x750c0000, lpProcName="GetForegroundWindow") returned 0x750f3420 [0178.038] GetProcAddress (hModule=0x750c0000, lpProcName="GetCursorInfo") returned 0x750f33b0 [0178.038] GetProcAddress (hModule=0x750c0000, lpProcName="GetQueueStatus") returned 0x750ef510 [0178.038] GetForegroundWindow () returned 0x202bc [0178.038] GetCurrentThreadId () returned 0x1130 [0178.038] GetCurrentThreadId () returned 0x1130 [0178.038] GetCurrentThreadId () returned 0x1130 [0178.038] GetCurrentThreadId () returned 0x1130 [0178.038] GetCurrentThreadId () returned 0x1130 [0178.038] GetCurrentThreadId () returned 0x1130 [0178.038] GetCurrentThreadId () returned 0x1130 [0178.038] malloc (_Size=0x64) returned 0x1d0520 [0178.038] free (_Block=0x1d0520) [0178.038] GetVersion () returned 0x23f00206 [0178.038] GetVersion () returned 0x23f00206 [0178.038] GetCursorInfo (in: pci=0x19f78c | out: pci=0x19f78c) returned 1 [0178.039] GetQueueStatus (flags=0xbf) returned 0x0 [0178.039] GetCurrentThreadId () returned 0x1130 [0178.039] GetCurrentThreadId () returned 0x1130 [0178.039] GetCurrentThreadId () returned 0x1130 [0178.039] GetCurrentThreadId () returned 0x1130 [0178.039] GetCurrentThreadId () returned 0x1130 [0178.039] GetCurrentThreadId () returned 0x1130 [0178.039] GetCurrentThreadId () returned 0x1130 [0178.039] malloc (_Size=0x64) returned 0x1d0520 [0178.039] free (_Block=0x1d0520) [0178.039] FreeLibrary (hLibModule=0x750c0000) returned 1 [0178.039] GetProcAddress (hModule=0x772d0000, lpProcName="CreateToolhelp32Snapshot") returned 0x7731edc0 [0178.040] GetProcAddress (hModule=0x772d0000, lpProcName="CloseToolhelp32Snapshot") returned 0x0 [0178.040] GetProcAddress (hModule=0x772d0000, lpProcName="Heap32First") returned 0x7731f2f0 [0178.040] GetProcAddress (hModule=0x772d0000, lpProcName="Heap32Next") returned 0x7731f510 [0178.040] GetProcAddress (hModule=0x772d0000, lpProcName="Heap32ListFirst") returned 0x7731f1a0 [0178.040] GetProcAddress (hModule=0x772d0000, lpProcName="Heap32ListNext") returned 0x7731f250 [0178.041] GetProcAddress (hModule=0x772d0000, lpProcName="Process32First") returned 0x7731f810 [0178.041] GetProcAddress (hModule=0x772d0000, lpProcName="Process32Next") returned 0x7731f9a0 [0178.041] GetProcAddress (hModule=0x772d0000, lpProcName="Thread32First") returned 0x7731fa80 [0178.041] GetProcAddress (hModule=0x772d0000, lpProcName="Thread32Next") returned 0x7731fb30 [0178.041] GetProcAddress (hModule=0x772d0000, lpProcName="Module32First") returned 0x7731fc90 [0178.041] GetProcAddress (hModule=0x772d0000, lpProcName="Module32Next") returned 0x7731fe30 [0178.041] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x410 [0178.073] GetTickCount () returned 0x116d2a9 [0178.073] Heap32ListFirst (hSnapshot=0x410, lphl=0x19f790) returned 1 [0178.074] GetCurrentThreadId () returned 0x1130 [0178.074] GetCurrentThreadId () returned 0x1130 [0178.074] GetCurrentThreadId () returned 0x1130 [0178.074] GetCurrentThreadId () returned 0x1130 [0178.074] GetCurrentThreadId () returned 0x1130 [0178.074] GetCurrentThreadId () returned 0x1130 [0178.074] GetCurrentThreadId () returned 0x1130 [0178.074] malloc (_Size=0x64) returned 0x1d0520 [0178.075] free (_Block=0x1d0520) [0178.075] Heap32First (lphe=0x19f750, th32ProcessID=0x1134, th32HeapID=0x900000) returned 1 [0178.087] GetCurrentThreadId () returned 0x1130 [0178.087] GetCurrentThreadId () returned 0x1130 [0178.087] GetCurrentThreadId () returned 0x1130 [0178.087] GetCurrentThreadId () returned 0x1130 [0178.087] GetCurrentThreadId () returned 0x1130 [0178.087] GetCurrentThreadId () returned 0x1130 [0178.087] GetCurrentThreadId () returned 0x1130 [0178.087] malloc (_Size=0x64) returned 0x1d0520 [0178.088] free (_Block=0x1d0520) [0178.088] Heap32Next (lphe=0x19f750) returned 1 [0178.099] GetTickCount () returned 0x116d2c8 [0178.099] GetCurrentThreadId () returned 0x1130 [0178.099] GetCurrentThreadId () returned 0x1130 [0178.099] GetCurrentThreadId () returned 0x1130 [0178.099] GetCurrentThreadId () returned 0x1130 [0178.099] GetCurrentThreadId () returned 0x1130 [0178.099] GetCurrentThreadId () returned 0x1130 [0178.099] GetCurrentThreadId () returned 0x1130 [0178.099] malloc (_Size=0x64) returned 0x1d0520 [0178.099] free (_Block=0x1d0520) [0178.099] Heap32Next (lphe=0x19f750) returned 1 [0178.114] GetTickCount () returned 0x116d2d8 [0178.114] GetCurrentThreadId () returned 0x1130 [0178.114] GetCurrentThreadId () returned 0x1130 [0178.114] GetCurrentThreadId () returned 0x1130 [0178.114] GetCurrentThreadId () returned 0x1130 [0178.114] GetCurrentThreadId () returned 0x1130 [0178.114] GetCurrentThreadId () returned 0x1130 [0178.114] GetCurrentThreadId () returned 0x1130 [0178.114] malloc (_Size=0x64) returned 0x1d0520 [0178.114] free (_Block=0x1d0520) [0178.114] Heap32Next (lphe=0x19f750) returned 1 [0178.130] GetTickCount () returned 0x116d2e8 [0178.130] GetCurrentThreadId () returned 0x1130 [0178.130] GetCurrentThreadId () returned 0x1130 [0178.130] GetCurrentThreadId () returned 0x1130 [0178.130] GetCurrentThreadId () returned 0x1130 [0178.131] GetCurrentThreadId () returned 0x1130 [0178.131] GetCurrentThreadId () returned 0x1130 [0178.131] GetCurrentThreadId () returned 0x1130 [0178.131] malloc (_Size=0x64) returned 0x1d0520 [0178.131] free (_Block=0x1d0520) [0178.131] Heap32Next (lphe=0x19f750) returned 1 [0178.144] GetTickCount () returned 0x116d2f7 [0178.144] GetCurrentThreadId () returned 0x1130 [0178.145] GetCurrentThreadId () returned 0x1130 [0178.145] GetCurrentThreadId () returned 0x1130 [0178.145] GetCurrentThreadId () returned 0x1130 [0178.145] GetCurrentThreadId () returned 0x1130 [0178.145] GetCurrentThreadId () returned 0x1130 [0178.145] GetCurrentThreadId () returned 0x1130 [0178.145] malloc (_Size=0x64) returned 0x1d0520 [0178.145] free (_Block=0x1d0520) [0178.145] Heap32Next (lphe=0x19f750) returned 1 [0178.155] GetTickCount () returned 0x116d307 [0178.155] GetCurrentThreadId () returned 0x1130 [0178.155] GetCurrentThreadId () returned 0x1130 [0178.155] GetCurrentThreadId () returned 0x1130 [0178.155] GetCurrentThreadId () returned 0x1130 [0178.155] GetCurrentThreadId () returned 0x1130 [0178.155] GetCurrentThreadId () returned 0x1130 [0178.155] GetCurrentThreadId () returned 0x1130 [0178.155] malloc (_Size=0x64) returned 0x1d0520 [0178.155] free (_Block=0x1d0520) [0178.155] Heap32Next (lphe=0x19f750) returned 1 [0178.166] GetTickCount () returned 0x116d307 [0178.166] GetCurrentThreadId () returned 0x1130 [0178.166] GetCurrentThreadId () returned 0x1130 [0178.166] GetCurrentThreadId () returned 0x1130 [0178.166] GetCurrentThreadId () returned 0x1130 [0178.167] GetCurrentThreadId () returned 0x1130 [0178.167] GetCurrentThreadId () returned 0x1130 [0178.167] GetCurrentThreadId () returned 0x1130 [0178.167] malloc (_Size=0x64) returned 0x1d0520 [0178.167] free (_Block=0x1d0520) [0178.167] Heap32Next (lphe=0x19f750) returned 1 [0178.205] GetTickCount () returned 0x116d336 [0178.205] GetCurrentThreadId () returned 0x1130 [0178.205] GetCurrentThreadId () returned 0x1130 [0178.205] GetCurrentThreadId () returned 0x1130 [0178.205] GetCurrentThreadId () returned 0x1130 [0178.205] GetCurrentThreadId () returned 0x1130 [0178.205] GetCurrentThreadId () returned 0x1130 [0178.205] GetCurrentThreadId () returned 0x1130 [0178.205] malloc (_Size=0x64) returned 0x1d0520 [0178.206] free (_Block=0x1d0520) [0178.206] Heap32Next (lphe=0x19f750) returned 1 [0178.217] GetTickCount () returned 0x116d345 [0178.217] GetCurrentThreadId () returned 0x1130 [0178.217] GetCurrentThreadId () returned 0x1130 [0178.217] GetCurrentThreadId () returned 0x1130 [0178.217] GetCurrentThreadId () returned 0x1130 [0178.217] GetCurrentThreadId () returned 0x1130 [0178.217] GetCurrentThreadId () returned 0x1130 [0178.217] GetCurrentThreadId () returned 0x1130 [0178.217] malloc (_Size=0x64) returned 0x1d0520 [0178.218] free (_Block=0x1d0520) [0178.218] Heap32Next (lphe=0x19f750) returned 1 [0178.226] GetTickCount () returned 0x116d345 [0178.226] GetCurrentThreadId () returned 0x1130 [0178.226] GetCurrentThreadId () returned 0x1130 [0178.226] GetCurrentThreadId () returned 0x1130 [0178.226] GetCurrentThreadId () returned 0x1130 [0178.226] GetCurrentThreadId () returned 0x1130 [0178.226] GetCurrentThreadId () returned 0x1130 [0178.226] GetCurrentThreadId () returned 0x1130 [0178.226] malloc (_Size=0x64) returned 0x1d0520 [0178.227] free (_Block=0x1d0520) [0178.227] Heap32Next (lphe=0x19f750) returned 1 [0178.240] GetTickCount () returned 0x116d355 [0178.240] GetCurrentThreadId () returned 0x1130 [0178.240] GetCurrentThreadId () returned 0x1130 [0178.240] GetCurrentThreadId () returned 0x1130 [0178.240] GetCurrentThreadId () returned 0x1130 [0178.240] GetCurrentThreadId () returned 0x1130 [0178.241] GetCurrentThreadId () returned 0x1130 [0178.241] GetCurrentThreadId () returned 0x1130 [0178.241] malloc (_Size=0x64) returned 0x1d0520 [0178.241] free (_Block=0x1d0520) [0178.241] Heap32Next (lphe=0x19f750) returned 1 [0178.252] GetTickCount () returned 0x116d365 [0178.252] GetCurrentThreadId () returned 0x1130 [0178.252] GetCurrentThreadId () returned 0x1130 [0178.252] GetCurrentThreadId () returned 0x1130 [0178.252] GetCurrentThreadId () returned 0x1130 [0178.252] GetCurrentThreadId () returned 0x1130 [0178.252] GetCurrentThreadId () returned 0x1130 [0178.252] GetCurrentThreadId () returned 0x1130 [0178.252] malloc (_Size=0x64) returned 0x1d0520 [0178.252] free (_Block=0x1d0520) [0178.252] Heap32Next (lphe=0x19f750) returned 1 [0178.263] GetTickCount () returned 0x116d374 [0178.263] GetCurrentThreadId () returned 0x1130 [0178.263] GetCurrentThreadId () returned 0x1130 [0178.263] GetCurrentThreadId () returned 0x1130 [0178.263] GetCurrentThreadId () returned 0x1130 [0178.263] GetCurrentThreadId () returned 0x1130 [0178.263] GetCurrentThreadId () returned 0x1130 [0178.263] GetCurrentThreadId () returned 0x1130 [0178.263] malloc (_Size=0x64) returned 0x1d0520 [0178.263] free (_Block=0x1d0520) [0178.263] Heap32Next (lphe=0x19f750) returned 1 [0178.273] GetTickCount () returned 0x116d374 [0178.273] GetCurrentThreadId () returned 0x1130 [0178.273] GetCurrentThreadId () returned 0x1130 [0178.273] GetCurrentThreadId () returned 0x1130 [0178.273] GetCurrentThreadId () returned 0x1130 [0178.273] GetCurrentThreadId () returned 0x1130 [0178.273] GetCurrentThreadId () returned 0x1130 [0178.274] GetCurrentThreadId () returned 0x1130 [0178.274] malloc (_Size=0x64) returned 0x1d0520 [0178.274] free (_Block=0x1d0520) [0178.274] Heap32Next (lphe=0x19f750) returned 1 [0178.292] GetTickCount () returned 0x116d384 [0178.292] GetCurrentThreadId () returned 0x1130 [0178.292] GetCurrentThreadId () returned 0x1130 [0178.292] GetCurrentThreadId () returned 0x1130 [0178.292] GetCurrentThreadId () returned 0x1130 [0178.292] GetCurrentThreadId () returned 0x1130 [0178.292] GetCurrentThreadId () returned 0x1130 [0178.293] GetCurrentThreadId () returned 0x1130 [0178.293] malloc (_Size=0x64) returned 0x1d0520 [0178.293] free (_Block=0x1d0520) [0178.293] Heap32Next (lphe=0x19f750) returned 1 [0178.302] GetTickCount () returned 0x116d393 [0178.302] GetCurrentThreadId () returned 0x1130 [0178.302] GetCurrentThreadId () returned 0x1130 [0178.302] GetCurrentThreadId () returned 0x1130 [0178.302] GetCurrentThreadId () returned 0x1130 [0178.302] GetCurrentThreadId () returned 0x1130 [0178.302] GetCurrentThreadId () returned 0x1130 [0178.302] GetCurrentThreadId () returned 0x1130 [0178.302] malloc (_Size=0x64) returned 0x1d0520 [0178.302] free (_Block=0x1d0520) [0178.302] Heap32Next (lphe=0x19f750) returned 1 [0178.316] GetTickCount () returned 0x116d3a3 [0178.316] GetCurrentThreadId () returned 0x1130 [0178.316] GetCurrentThreadId () returned 0x1130 [0178.316] GetCurrentThreadId () returned 0x1130 [0178.316] GetCurrentThreadId () returned 0x1130 [0178.316] GetCurrentThreadId () returned 0x1130 [0178.316] GetCurrentThreadId () returned 0x1130 [0178.317] GetCurrentThreadId () returned 0x1130 [0178.317] malloc (_Size=0x64) returned 0x1d0520 [0178.317] free (_Block=0x1d0520) [0178.317] Heap32Next (lphe=0x19f750) returned 1 [0178.335] GetTickCount () returned 0x116d3b3 [0178.335] GetCurrentThreadId () returned 0x1130 [0178.335] GetCurrentThreadId () returned 0x1130 [0178.335] GetCurrentThreadId () returned 0x1130 [0178.335] GetCurrentThreadId () returned 0x1130 [0178.336] GetCurrentThreadId () returned 0x1130 [0178.336] GetCurrentThreadId () returned 0x1130 [0178.336] GetCurrentThreadId () returned 0x1130 [0178.336] malloc (_Size=0x64) returned 0x1d0520 [0178.336] free (_Block=0x1d0520) [0178.336] Heap32Next (lphe=0x19f750) returned 1 [0178.349] GetTickCount () returned 0x116d3c2 [0178.349] GetCurrentThreadId () returned 0x1130 [0178.349] GetCurrentThreadId () returned 0x1130 [0178.349] GetCurrentThreadId () returned 0x1130 [0178.349] GetCurrentThreadId () returned 0x1130 [0178.349] GetCurrentThreadId () returned 0x1130 [0178.349] GetCurrentThreadId () returned 0x1130 [0178.349] GetCurrentThreadId () returned 0x1130 [0178.349] malloc (_Size=0x64) returned 0x1d0520 [0178.350] free (_Block=0x1d0520) [0178.350] Heap32Next (lphe=0x19f750) returned 1 [0178.361] GetTickCount () returned 0x116d3d2 [0178.361] GetCurrentThreadId () returned 0x1130 [0178.361] GetCurrentThreadId () returned 0x1130 [0178.361] GetCurrentThreadId () returned 0x1130 [0178.361] GetCurrentThreadId () returned 0x1130 [0178.361] GetCurrentThreadId () returned 0x1130 [0178.361] GetCurrentThreadId () returned 0x1130 [0178.361] GetCurrentThreadId () returned 0x1130 [0178.362] malloc (_Size=0x64) returned 0x1d0520 [0178.362] free (_Block=0x1d0520) [0178.362] Heap32Next (lphe=0x19f750) returned 1 [0178.379] GetTickCount () returned 0x116d3e2 [0178.379] GetCurrentThreadId () returned 0x1130 [0178.379] GetCurrentThreadId () returned 0x1130 [0178.379] GetCurrentThreadId () returned 0x1130 [0178.379] GetCurrentThreadId () returned 0x1130 [0178.379] GetCurrentThreadId () returned 0x1130 [0178.379] GetCurrentThreadId () returned 0x1130 [0178.380] GetCurrentThreadId () returned 0x1130 [0178.380] malloc (_Size=0x64) returned 0x1d0520 [0178.380] free (_Block=0x1d0520) [0178.380] Heap32Next (lphe=0x19f750) returned 1 [0178.392] GetTickCount () returned 0x116d3f1 [0178.393] GetCurrentThreadId () returned 0x1130 [0178.393] GetCurrentThreadId () returned 0x1130 [0178.393] GetCurrentThreadId () returned 0x1130 [0178.393] GetCurrentThreadId () returned 0x1130 [0178.393] GetCurrentThreadId () returned 0x1130 [0178.393] GetCurrentThreadId () returned 0x1130 [0178.393] GetCurrentThreadId () returned 0x1130 [0178.393] malloc (_Size=0x64) returned 0x1d0520 [0178.393] free (_Block=0x1d0520) [0178.393] Heap32Next (lphe=0x19f750) returned 1 [0178.405] GetTickCount () returned 0x116d401 [0178.405] GetCurrentThreadId () returned 0x1130 [0178.405] GetCurrentThreadId () returned 0x1130 [0178.405] GetCurrentThreadId () returned 0x1130 [0178.405] GetCurrentThreadId () returned 0x1130 [0178.405] GetCurrentThreadId () returned 0x1130 [0178.405] GetCurrentThreadId () returned 0x1130 [0178.405] GetCurrentThreadId () returned 0x1130 [0178.405] malloc (_Size=0x64) returned 0x1d0520 [0178.405] free (_Block=0x1d0520) [0178.405] Heap32Next (lphe=0x19f750) returned 1 [0178.416] GetTickCount () returned 0x116d401 [0178.416] GetCurrentThreadId () returned 0x1130 [0178.416] GetCurrentThreadId () returned 0x1130 [0178.416] GetCurrentThreadId () returned 0x1130 [0178.416] GetCurrentThreadId () returned 0x1130 [0178.416] GetCurrentThreadId () returned 0x1130 [0178.416] GetCurrentThreadId () returned 0x1130 [0178.416] GetCurrentThreadId () returned 0x1130 [0178.416] malloc (_Size=0x64) returned 0x1d0520 [0178.417] free (_Block=0x1d0520) [0178.417] Heap32Next (lphe=0x19f750) returned 1 [0178.555] GetTickCount () returned 0x116d48d [0178.555] GetCurrentThreadId () returned 0x1130 [0178.555] GetCurrentThreadId () returned 0x1130 [0178.555] GetCurrentThreadId () returned 0x1130 [0178.555] GetCurrentThreadId () returned 0x1130 [0178.555] GetCurrentThreadId () returned 0x1130 [0178.555] GetCurrentThreadId () returned 0x1130 [0178.555] GetCurrentThreadId () returned 0x1130 [0178.555] malloc (_Size=0x64) returned 0x1d0520 [0178.555] free (_Block=0x1d0520) [0178.555] Heap32Next (lphe=0x19f750) returned 1 [0178.565] GetTickCount () returned 0x116d49d [0178.565] GetCurrentThreadId () returned 0x1130 [0178.565] GetCurrentThreadId () returned 0x1130 [0178.565] GetCurrentThreadId () returned 0x1130 [0178.565] GetCurrentThreadId () returned 0x1130 [0178.566] GetCurrentThreadId () returned 0x1130 [0178.566] GetCurrentThreadId () returned 0x1130 [0178.566] GetCurrentThreadId () returned 0x1130 [0178.566] malloc (_Size=0x64) returned 0x1d0520 [0178.566] free (_Block=0x1d0520) [0178.566] Heap32Next (lphe=0x19f750) returned 1 [0178.576] GetTickCount () returned 0x116d4ad [0178.576] GetCurrentThreadId () returned 0x1130 [0178.576] GetCurrentThreadId () returned 0x1130 [0178.576] GetCurrentThreadId () returned 0x1130 [0178.576] GetCurrentThreadId () returned 0x1130 [0178.576] GetCurrentThreadId () returned 0x1130 [0178.576] GetCurrentThreadId () returned 0x1130 [0178.576] GetCurrentThreadId () returned 0x1130 [0178.576] malloc (_Size=0x64) returned 0x1d0520 [0178.576] free (_Block=0x1d0520) [0178.576] Heap32Next (lphe=0x19f750) returned 1 [0178.585] GetTickCount () returned 0x116d4ad [0178.585] GetCurrentThreadId () returned 0x1130 [0178.585] GetCurrentThreadId () returned 0x1130 [0178.585] GetCurrentThreadId () returned 0x1130 [0178.585] GetCurrentThreadId () returned 0x1130 [0178.585] GetCurrentThreadId () returned 0x1130 [0178.585] GetCurrentThreadId () returned 0x1130 [0178.585] GetCurrentThreadId () returned 0x1130 [0178.585] malloc (_Size=0x64) returned 0x1d0520 [0178.585] free (_Block=0x1d0520) [0178.585] Heap32Next (lphe=0x19f750) returned 1 [0178.646] GetTickCount () returned 0x116d4eb [0178.646] GetCurrentThreadId () returned 0x1130 [0178.646] GetCurrentThreadId () returned 0x1130 [0178.646] GetCurrentThreadId () returned 0x1130 [0178.646] GetCurrentThreadId () returned 0x1130 [0178.646] GetCurrentThreadId () returned 0x1130 [0178.646] GetCurrentThreadId () returned 0x1130 [0178.646] GetCurrentThreadId () returned 0x1130 [0178.646] malloc (_Size=0x64) returned 0x1d0520 [0178.646] free (_Block=0x1d0520) [0178.646] Heap32Next (lphe=0x19f750) returned 1 [0178.657] GetTickCount () returned 0x116d4fb [0178.657] GetCurrentThreadId () returned 0x1130 [0178.657] GetCurrentThreadId () returned 0x1130 [0178.657] GetCurrentThreadId () returned 0x1130 [0178.657] GetCurrentThreadId () returned 0x1130 [0178.657] GetCurrentThreadId () returned 0x1130 [0178.657] GetCurrentThreadId () returned 0x1130 [0178.657] GetCurrentThreadId () returned 0x1130 [0178.658] malloc (_Size=0x64) returned 0x1d0520 [0178.658] free (_Block=0x1d0520) [0178.658] Heap32Next (lphe=0x19f750) returned 1 [0178.668] GetTickCount () returned 0x116d50a [0178.668] GetCurrentThreadId () returned 0x1130 [0178.668] GetCurrentThreadId () returned 0x1130 [0178.669] GetCurrentThreadId () returned 0x1130 [0178.669] GetCurrentThreadId () returned 0x1130 [0178.669] GetCurrentThreadId () returned 0x1130 [0178.669] GetCurrentThreadId () returned 0x1130 [0178.669] GetCurrentThreadId () returned 0x1130 [0178.669] malloc (_Size=0x64) returned 0x1d0520 [0178.669] free (_Block=0x1d0520) [0178.669] Heap32Next (lphe=0x19f750) returned 1 [0178.683] GetTickCount () returned 0x116d50a [0178.683] GetCurrentThreadId () returned 0x1130 [0178.683] GetCurrentThreadId () returned 0x1130 [0178.683] GetCurrentThreadId () returned 0x1130 [0178.793] GetCurrentThreadId () returned 0x1130 [0178.793] GetCurrentThreadId () returned 0x1130 [0178.793] GetCurrentThreadId () returned 0x1130 [0178.793] GetCurrentThreadId () returned 0x1130 [0178.793] malloc (_Size=0x64) returned 0x1d0520 [0178.793] free (_Block=0x1d0520) [0178.793] Heap32Next (lphe=0x19f750) returned 1 [0178.804] GetTickCount () returned 0x116d587 [0178.804] GetCurrentThreadId () returned 0x1130 [0178.804] GetCurrentThreadId () returned 0x1130 [0178.804] GetCurrentThreadId () returned 0x1130 [0178.804] GetCurrentThreadId () returned 0x1130 [0178.805] GetCurrentThreadId () returned 0x1130 [0178.805] GetCurrentThreadId () returned 0x1130 [0178.805] GetCurrentThreadId () returned 0x1130 [0178.805] malloc (_Size=0x64) returned 0x1d0520 [0178.805] free (_Block=0x1d0520) [0178.805] Heap32Next (lphe=0x19f750) returned 1 [0178.817] GetTickCount () returned 0x116d597 [0178.817] GetCurrentThreadId () returned 0x1130 [0178.817] GetCurrentThreadId () returned 0x1130 [0178.817] GetCurrentThreadId () returned 0x1130 [0178.817] GetCurrentThreadId () returned 0x1130 [0178.817] GetCurrentThreadId () returned 0x1130 [0178.817] GetCurrentThreadId () returned 0x1130 [0178.817] GetCurrentThreadId () returned 0x1130 [0178.817] malloc (_Size=0x64) returned 0x1d0520 [0178.817] free (_Block=0x1d0520) [0178.817] Heap32Next (lphe=0x19f750) returned 1 [0178.831] GetTickCount () returned 0x116d5a7 [0178.831] GetCurrentThreadId () returned 0x1130 [0178.831] GetCurrentThreadId () returned 0x1130 [0178.831] GetCurrentThreadId () returned 0x1130 [0178.831] GetCurrentThreadId () returned 0x1130 [0178.832] GetCurrentThreadId () returned 0x1130 [0178.832] GetCurrentThreadId () returned 0x1130 [0178.832] GetCurrentThreadId () returned 0x1130 [0178.832] malloc (_Size=0x64) returned 0x1d0520 [0178.832] free (_Block=0x1d0520) [0178.832] Heap32Next (lphe=0x19f750) returned 1 [0179.021] GetTickCount () returned 0x116d662 [0179.021] GetCurrentThreadId () returned 0x1130 [0179.021] GetCurrentThreadId () returned 0x1130 [0179.021] GetCurrentThreadId () returned 0x1130 [0179.021] GetCurrentThreadId () returned 0x1130 [0179.021] GetCurrentThreadId () returned 0x1130 [0179.021] GetCurrentThreadId () returned 0x1130 [0179.021] GetCurrentThreadId () returned 0x1130 [0179.022] malloc (_Size=0x64) returned 0x1d0520 [0179.022] free (_Block=0x1d0520) [0179.022] Heap32Next (lphe=0x19f750) returned 1 [0179.045] GetTickCount () returned 0x116d681 [0179.045] GetCurrentThreadId () returned 0x1130 [0179.045] GetCurrentThreadId () returned 0x1130 [0179.045] GetCurrentThreadId () returned 0x1130 [0179.045] GetCurrentThreadId () returned 0x1130 [0179.045] GetCurrentThreadId () returned 0x1130 [0179.045] GetCurrentThreadId () returned 0x1130 [0179.045] GetCurrentThreadId () returned 0x1130 [0179.045] malloc (_Size=0x64) returned 0x1d0520 [0179.045] free (_Block=0x1d0520) [0179.045] Heap32Next (lphe=0x19f750) returned 1 [0179.111] GetTickCount () returned 0x116d6c0 [0179.111] Heap32ListNext (hSnapshot=0x410, lphl=0x19f790) returned 1 [0179.112] GetTickCount () returned 0x116d6c0 [0179.112] GetTickCount () returned 0x116d6c0 [0179.112] Process32First (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0179.114] GetCurrentThreadId () returned 0x1130 [0179.114] GetCurrentThreadId () returned 0x1130 [0179.114] GetCurrentThreadId () returned 0x1130 [0179.114] GetCurrentThreadId () returned 0x1130 [0179.114] GetCurrentThreadId () returned 0x1130 [0179.114] GetCurrentThreadId () returned 0x1130 [0179.114] GetCurrentThreadId () returned 0x1130 [0179.115] malloc (_Size=0x64) returned 0x1d0520 [0179.115] free (_Block=0x1d0520) [0179.115] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6a, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0179.117] GetTickCount () returned 0x116d6c0 [0179.117] GetCurrentThreadId () returned 0x1130 [0179.117] GetCurrentThreadId () returned 0x1130 [0179.117] GetCurrentThreadId () returned 0x1130 [0179.117] GetCurrentThreadId () returned 0x1130 [0179.117] GetCurrentThreadId () returned 0x1130 [0179.117] GetCurrentThreadId () returned 0x1130 [0179.117] GetCurrentThreadId () returned 0x1130 [0179.117] malloc (_Size=0x64) returned 0x1d0520 [0179.117] free (_Block=0x1d0520) [0179.117] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0179.119] GetTickCount () returned 0x116d6c0 [0179.119] GetCurrentThreadId () returned 0x1130 [0179.119] GetCurrentThreadId () returned 0x1130 [0179.119] GetCurrentThreadId () returned 0x1130 [0179.120] GetCurrentThreadId () returned 0x1130 [0179.120] GetCurrentThreadId () returned 0x1130 [0179.120] GetCurrentThreadId () returned 0x1130 [0179.120] GetCurrentThreadId () returned 0x1130 [0179.120] malloc (_Size=0x64) returned 0x1d0520 [0179.120] free (_Block=0x1d0520) [0179.120] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0179.123] GetTickCount () returned 0x116d6d0 [0179.123] GetCurrentThreadId () returned 0x1130 [0179.123] GetCurrentThreadId () returned 0x1130 [0179.123] GetCurrentThreadId () returned 0x1130 [0179.123] GetCurrentThreadId () returned 0x1130 [0179.123] GetCurrentThreadId () returned 0x1130 [0179.123] GetCurrentThreadId () returned 0x1130 [0179.123] GetCurrentThreadId () returned 0x1130 [0179.123] malloc (_Size=0x64) returned 0x1d0520 [0179.124] free (_Block=0x1d0520) [0179.124] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0179.126] GetTickCount () returned 0x116d6d0 [0179.126] GetCurrentThreadId () returned 0x1130 [0179.126] GetCurrentThreadId () returned 0x1130 [0179.126] GetCurrentThreadId () returned 0x1130 [0179.126] GetCurrentThreadId () returned 0x1130 [0179.126] GetCurrentThreadId () returned 0x1130 [0179.126] GetCurrentThreadId () returned 0x1130 [0179.126] GetCurrentThreadId () returned 0x1130 [0179.126] malloc (_Size=0x64) returned 0x1d0520 [0179.126] free (_Block=0x1d0520) [0179.126] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0179.128] GetTickCount () returned 0x116d6d0 [0179.128] GetCurrentThreadId () returned 0x1130 [0179.128] GetCurrentThreadId () returned 0x1130 [0179.128] GetCurrentThreadId () returned 0x1130 [0179.128] GetCurrentThreadId () returned 0x1130 [0179.128] GetCurrentThreadId () returned 0x1130 [0179.128] GetCurrentThreadId () returned 0x1130 [0179.128] GetCurrentThreadId () returned 0x1130 [0179.129] malloc (_Size=0x64) returned 0x1d0520 [0179.129] free (_Block=0x1d0520) [0179.129] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0179.131] GetTickCount () returned 0x116d6d0 [0179.131] GetCurrentThreadId () returned 0x1130 [0179.131] GetCurrentThreadId () returned 0x1130 [0179.131] GetCurrentThreadId () returned 0x1130 [0179.131] GetCurrentThreadId () returned 0x1130 [0179.131] GetCurrentThreadId () returned 0x1130 [0179.131] GetCurrentThreadId () returned 0x1130 [0179.131] GetCurrentThreadId () returned 0x1130 [0179.131] malloc (_Size=0x64) returned 0x1d0520 [0179.131] free (_Block=0x1d0520) [0179.131] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0179.133] GetTickCount () returned 0x116d6d0 [0179.133] GetCurrentThreadId () returned 0x1130 [0179.133] GetCurrentThreadId () returned 0x1130 [0179.133] GetCurrentThreadId () returned 0x1130 [0179.133] GetCurrentThreadId () returned 0x1130 [0179.134] GetCurrentThreadId () returned 0x1130 [0179.134] GetCurrentThreadId () returned 0x1130 [0179.134] GetCurrentThreadId () returned 0x1130 [0179.134] malloc (_Size=0x64) returned 0x1d0520 [0179.134] free (_Block=0x1d0520) [0179.134] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0179.136] GetTickCount () returned 0x116d6d0 [0179.136] GetCurrentThreadId () returned 0x1130 [0179.136] GetCurrentThreadId () returned 0x1130 [0179.136] GetCurrentThreadId () returned 0x1130 [0179.136] GetCurrentThreadId () returned 0x1130 [0179.136] GetCurrentThreadId () returned 0x1130 [0179.136] GetCurrentThreadId () returned 0x1130 [0179.136] GetCurrentThreadId () returned 0x1130 [0179.136] malloc (_Size=0x64) returned 0x1d0520 [0179.137] free (_Block=0x1d0520) [0179.137] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.138] GetTickCount () returned 0x116d6df [0179.138] GetCurrentThreadId () returned 0x1130 [0179.138] GetCurrentThreadId () returned 0x1130 [0179.138] GetCurrentThreadId () returned 0x1130 [0179.139] GetCurrentThreadId () returned 0x1130 [0179.139] GetCurrentThreadId () returned 0x1130 [0179.139] GetCurrentThreadId () returned 0x1130 [0179.139] GetCurrentThreadId () returned 0x1130 [0179.139] malloc (_Size=0x64) returned 0x1d0520 [0179.139] free (_Block=0x1d0520) [0179.139] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0179.141] GetTickCount () returned 0x116d6df [0179.141] GetCurrentThreadId () returned 0x1130 [0179.141] GetCurrentThreadId () returned 0x1130 [0179.141] GetCurrentThreadId () returned 0x1130 [0179.141] GetCurrentThreadId () returned 0x1130 [0179.141] GetCurrentThreadId () returned 0x1130 [0179.141] GetCurrentThreadId () returned 0x1130 [0179.141] GetCurrentThreadId () returned 0x1130 [0179.141] malloc (_Size=0x64) returned 0x1d0520 [0179.141] free (_Block=0x1d0520) [0179.141] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0179.143] GetTickCount () returned 0x116d6df [0179.143] GetCurrentThreadId () returned 0x1130 [0179.143] GetCurrentThreadId () returned 0x1130 [0179.143] GetCurrentThreadId () returned 0x1130 [0179.143] GetCurrentThreadId () returned 0x1130 [0179.143] GetCurrentThreadId () returned 0x1130 [0179.143] GetCurrentThreadId () returned 0x1130 [0179.143] GetCurrentThreadId () returned 0x1130 [0179.143] malloc (_Size=0x64) returned 0x1d0520 [0179.143] free (_Block=0x1d0520) [0179.143] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.145] GetTickCount () returned 0x116d6df [0179.145] GetCurrentThreadId () returned 0x1130 [0179.145] GetCurrentThreadId () returned 0x1130 [0179.145] GetCurrentThreadId () returned 0x1130 [0179.145] GetCurrentThreadId () returned 0x1130 [0179.145] GetCurrentThreadId () returned 0x1130 [0179.145] GetCurrentThreadId () returned 0x1130 [0179.145] GetCurrentThreadId () returned 0x1130 [0179.145] malloc (_Size=0x64) returned 0x1d0520 [0179.146] free (_Block=0x1d0520) [0179.146] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0179.147] GetTickCount () returned 0x116d6df [0179.147] GetCurrentThreadId () returned 0x1130 [0179.147] GetCurrentThreadId () returned 0x1130 [0179.147] GetCurrentThreadId () returned 0x1130 [0179.147] GetCurrentThreadId () returned 0x1130 [0179.147] GetCurrentThreadId () returned 0x1130 [0179.147] GetCurrentThreadId () returned 0x1130 [0179.147] GetCurrentThreadId () returned 0x1130 [0179.148] malloc (_Size=0x64) returned 0x1d0520 [0179.148] free (_Block=0x1d0520) [0179.148] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x68, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.149] GetTickCount () returned 0x116d6df [0179.149] GetCurrentThreadId () returned 0x1130 [0179.149] GetCurrentThreadId () returned 0x1130 [0179.149] GetCurrentThreadId () returned 0x1130 [0179.149] GetCurrentThreadId () returned 0x1130 [0179.149] GetCurrentThreadId () returned 0x1130 [0179.150] GetCurrentThreadId () returned 0x1130 [0179.150] GetCurrentThreadId () returned 0x1130 [0179.150] malloc (_Size=0x64) returned 0x1d0520 [0179.150] free (_Block=0x1d0520) [0179.150] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.151] GetTickCount () returned 0x116d6df [0179.151] GetCurrentThreadId () returned 0x1130 [0179.151] GetCurrentThreadId () returned 0x1130 [0179.151] GetCurrentThreadId () returned 0x1130 [0179.151] GetCurrentThreadId () returned 0x1130 [0179.152] GetCurrentThreadId () returned 0x1130 [0179.152] GetCurrentThreadId () returned 0x1130 [0179.152] GetCurrentThreadId () returned 0x1130 [0179.201] malloc (_Size=0x64) returned 0x1d0520 [0179.201] free (_Block=0x1d0520) [0179.201] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.204] GetTickCount () returned 0x116d71e [0179.204] GetCurrentThreadId () returned 0x1130 [0179.204] GetCurrentThreadId () returned 0x1130 [0179.204] GetCurrentThreadId () returned 0x1130 [0179.204] GetCurrentThreadId () returned 0x1130 [0179.204] GetCurrentThreadId () returned 0x1130 [0179.204] GetCurrentThreadId () returned 0x1130 [0179.204] GetCurrentThreadId () returned 0x1130 [0179.204] malloc (_Size=0x64) returned 0x1d0520 [0179.204] free (_Block=0x1d0520) [0179.204] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.206] GetTickCount () returned 0x116d71e [0179.206] GetCurrentThreadId () returned 0x1130 [0179.206] GetCurrentThreadId () returned 0x1130 [0179.207] GetCurrentThreadId () returned 0x1130 [0179.207] GetCurrentThreadId () returned 0x1130 [0179.207] GetCurrentThreadId () returned 0x1130 [0179.207] GetCurrentThreadId () returned 0x1130 [0179.207] GetCurrentThreadId () returned 0x1130 [0179.207] malloc (_Size=0x64) returned 0x1d0520 [0179.207] free (_Block=0x1d0520) [0179.207] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.209] GetTickCount () returned 0x116d71e [0179.209] GetCurrentThreadId () returned 0x1130 [0179.209] GetCurrentThreadId () returned 0x1130 [0179.209] GetCurrentThreadId () returned 0x1130 [0179.209] GetCurrentThreadId () returned 0x1130 [0179.209] GetCurrentThreadId () returned 0x1130 [0179.209] GetCurrentThreadId () returned 0x1130 [0179.209] GetCurrentThreadId () returned 0x1130 [0179.210] malloc (_Size=0x64) returned 0x1d0520 [0179.210] free (_Block=0x1d0520) [0179.210] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.212] GetTickCount () returned 0x116d71e [0179.212] GetCurrentThreadId () returned 0x1130 [0179.212] GetCurrentThreadId () returned 0x1130 [0179.212] GetCurrentThreadId () returned 0x1130 [0179.212] GetCurrentThreadId () returned 0x1130 [0179.212] GetCurrentThreadId () returned 0x1130 [0179.212] GetCurrentThreadId () returned 0x1130 [0179.212] GetCurrentThreadId () returned 0x1130 [0179.212] malloc (_Size=0x64) returned 0x1d0520 [0179.213] free (_Block=0x1d0520) [0179.213] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.214] GetTickCount () returned 0x116d72d [0179.214] GetCurrentThreadId () returned 0x1130 [0179.214] GetCurrentThreadId () returned 0x1130 [0179.215] GetCurrentThreadId () returned 0x1130 [0179.215] GetCurrentThreadId () returned 0x1130 [0179.215] GetCurrentThreadId () returned 0x1130 [0179.215] GetCurrentThreadId () returned 0x1130 [0179.215] GetCurrentThreadId () returned 0x1130 [0179.215] malloc (_Size=0x64) returned 0x1d0520 [0179.215] free (_Block=0x1d0520) [0179.215] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.217] GetTickCount () returned 0x116d72d [0179.217] GetCurrentThreadId () returned 0x1130 [0179.217] GetCurrentThreadId () returned 0x1130 [0179.217] GetCurrentThreadId () returned 0x1130 [0179.217] GetCurrentThreadId () returned 0x1130 [0179.217] GetCurrentThreadId () returned 0x1130 [0179.217] GetCurrentThreadId () returned 0x1130 [0179.217] GetCurrentThreadId () returned 0x1130 [0179.217] malloc (_Size=0x64) returned 0x1d0520 [0179.217] free (_Block=0x1d0520) [0179.217] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.219] GetTickCount () returned 0x116d72d [0179.219] GetCurrentThreadId () returned 0x1130 [0179.219] GetCurrentThreadId () returned 0x1130 [0179.219] GetCurrentThreadId () returned 0x1130 [0179.219] GetCurrentThreadId () returned 0x1130 [0179.219] GetCurrentThreadId () returned 0x1130 [0179.220] GetCurrentThreadId () returned 0x1130 [0179.220] GetCurrentThreadId () returned 0x1130 [0179.220] malloc (_Size=0x64) returned 0x1d0520 [0179.220] free (_Block=0x1d0520) [0179.220] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.222] GetTickCount () returned 0x116d72d [0179.222] GetCurrentThreadId () returned 0x1130 [0179.222] GetCurrentThreadId () returned 0x1130 [0179.222] GetCurrentThreadId () returned 0x1130 [0179.222] GetCurrentThreadId () returned 0x1130 [0179.222] GetCurrentThreadId () returned 0x1130 [0179.222] GetCurrentThreadId () returned 0x1130 [0179.222] GetCurrentThreadId () returned 0x1130 [0179.222] malloc (_Size=0x64) returned 0x1d0520 [0179.222] free (_Block=0x1d0520) [0179.222] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0179.224] GetTickCount () returned 0x116d72d [0179.224] GetCurrentThreadId () returned 0x1130 [0179.224] GetCurrentThreadId () returned 0x1130 [0179.224] GetCurrentThreadId () returned 0x1130 [0179.224] GetCurrentThreadId () returned 0x1130 [0179.224] GetCurrentThreadId () returned 0x1130 [0179.224] GetCurrentThreadId () returned 0x1130 [0179.224] GetCurrentThreadId () returned 0x1130 [0179.224] malloc (_Size=0x64) returned 0x1d0520 [0179.224] free (_Block=0x1d0520) [0179.224] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.226] GetTickCount () returned 0x116d72d [0179.226] GetCurrentThreadId () returned 0x1130 [0179.226] GetCurrentThreadId () returned 0x1130 [0179.226] GetCurrentThreadId () returned 0x1130 [0179.226] GetCurrentThreadId () returned 0x1130 [0179.226] GetCurrentThreadId () returned 0x1130 [0179.226] GetCurrentThreadId () returned 0x1130 [0179.226] GetCurrentThreadId () returned 0x1130 [0179.226] malloc (_Size=0x64) returned 0x1d0520 [0179.226] free (_Block=0x1d0520) [0179.227] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0179.228] GetTickCount () returned 0x116d72d [0179.228] GetCurrentThreadId () returned 0x1130 [0179.228] GetCurrentThreadId () returned 0x1130 [0179.228] GetCurrentThreadId () returned 0x1130 [0179.228] GetCurrentThreadId () returned 0x1130 [0179.228] GetCurrentThreadId () returned 0x1130 [0179.228] GetCurrentThreadId () returned 0x1130 [0179.228] GetCurrentThreadId () returned 0x1130 [0179.228] malloc (_Size=0x64) returned 0x1d0520 [0179.228] free (_Block=0x1d0520) [0179.229] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0179.233] GetTickCount () returned 0x116d73d [0179.233] GetCurrentThreadId () returned 0x1130 [0179.233] GetCurrentThreadId () returned 0x1130 [0179.233] GetCurrentThreadId () returned 0x1130 [0179.233] GetCurrentThreadId () returned 0x1130 [0179.233] GetCurrentThreadId () returned 0x1130 [0179.233] GetCurrentThreadId () returned 0x1130 [0179.233] GetCurrentThreadId () returned 0x1130 [0179.234] malloc (_Size=0x64) returned 0x1d0520 [0179.234] free (_Block=0x1d0520) [0179.234] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.235] GetTickCount () returned 0x116d73d [0179.235] GetCurrentThreadId () returned 0x1130 [0179.235] GetCurrentThreadId () returned 0x1130 [0179.235] GetCurrentThreadId () returned 0x1130 [0179.236] GetCurrentThreadId () returned 0x1130 [0179.236] GetCurrentThreadId () returned 0x1130 [0179.236] GetCurrentThreadId () returned 0x1130 [0179.236] GetCurrentThreadId () returned 0x1130 [0179.236] malloc (_Size=0x64) returned 0x1d0520 [0179.236] free (_Block=0x1d0520) [0179.236] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0179.238] GetTickCount () returned 0x116d73d [0179.238] GetCurrentThreadId () returned 0x1130 [0179.238] GetCurrentThreadId () returned 0x1130 [0179.238] GetCurrentThreadId () returned 0x1130 [0179.238] GetCurrentThreadId () returned 0x1130 [0179.238] GetCurrentThreadId () returned 0x1130 [0179.238] GetCurrentThreadId () returned 0x1130 [0179.238] GetCurrentThreadId () returned 0x1130 [0179.238] malloc (_Size=0x64) returned 0x1d0520 [0179.238] free (_Block=0x1d0520) [0179.238] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x37, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.240] GetTickCount () returned 0x116d73d [0179.240] GetCurrentThreadId () returned 0x1130 [0179.240] GetCurrentThreadId () returned 0x1130 [0179.240] GetCurrentThreadId () returned 0x1130 [0179.240] GetCurrentThreadId () returned 0x1130 [0179.240] GetCurrentThreadId () returned 0x1130 [0179.240] GetCurrentThreadId () returned 0x1130 [0179.240] GetCurrentThreadId () returned 0x1130 [0179.240] malloc (_Size=0x64) returned 0x1d0520 [0179.241] free (_Block=0x1d0520) [0179.241] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0179.242] GetTickCount () returned 0x116d73d [0179.242] GetCurrentThreadId () returned 0x1130 [0179.242] GetCurrentThreadId () returned 0x1130 [0179.242] GetCurrentThreadId () returned 0x1130 [0179.242] GetCurrentThreadId () returned 0x1130 [0179.242] GetCurrentThreadId () returned 0x1130 [0179.242] GetCurrentThreadId () returned 0x1130 [0179.243] GetCurrentThreadId () returned 0x1130 [0179.243] malloc (_Size=0x64) returned 0x1d0520 [0179.243] free (_Block=0x1d0520) [0179.243] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0179.244] GetTickCount () returned 0x116d73d [0179.244] GetCurrentThreadId () returned 0x1130 [0179.244] GetCurrentThreadId () returned 0x1130 [0179.244] GetCurrentThreadId () returned 0x1130 [0179.245] GetCurrentThreadId () returned 0x1130 [0179.245] GetCurrentThreadId () returned 0x1130 [0179.245] GetCurrentThreadId () returned 0x1130 [0179.245] GetCurrentThreadId () returned 0x1130 [0179.245] malloc (_Size=0x64) returned 0x1d0520 [0179.245] free (_Block=0x1d0520) [0179.245] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0179.336] GetTickCount () returned 0x116d79b [0179.336] GetCurrentThreadId () returned 0x1130 [0179.336] GetCurrentThreadId () returned 0x1130 [0179.336] GetCurrentThreadId () returned 0x1130 [0179.336] GetCurrentThreadId () returned 0x1130 [0179.336] GetCurrentThreadId () returned 0x1130 [0179.336] GetCurrentThreadId () returned 0x1130 [0179.336] GetCurrentThreadId () returned 0x1130 [0179.337] malloc (_Size=0x64) returned 0x1d0520 [0179.337] free (_Block=0x1d0520) [0179.337] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0179.338] GetTickCount () returned 0x116d79b [0179.338] GetCurrentThreadId () returned 0x1130 [0179.339] GetCurrentThreadId () returned 0x1130 [0179.339] GetCurrentThreadId () returned 0x1130 [0179.339] GetCurrentThreadId () returned 0x1130 [0179.339] GetCurrentThreadId () returned 0x1130 [0179.339] GetCurrentThreadId () returned 0x1130 [0179.339] GetCurrentThreadId () returned 0x1130 [0179.339] malloc (_Size=0x64) returned 0x1d0520 [0179.339] free (_Block=0x1d0520) [0179.339] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0179.341] GetTickCount () returned 0x116d7aa [0179.341] GetCurrentThreadId () returned 0x1130 [0179.341] GetCurrentThreadId () returned 0x1130 [0179.341] GetCurrentThreadId () returned 0x1130 [0179.341] GetCurrentThreadId () returned 0x1130 [0179.342] GetCurrentThreadId () returned 0x1130 [0179.342] GetCurrentThreadId () returned 0x1130 [0179.342] GetCurrentThreadId () returned 0x1130 [0179.342] malloc (_Size=0x64) returned 0x1d0520 [0179.342] free (_Block=0x1d0520) [0179.342] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0179.345] GetTickCount () returned 0x116d7aa [0179.345] GetCurrentThreadId () returned 0x1130 [0179.345] GetCurrentThreadId () returned 0x1130 [0179.345] GetCurrentThreadId () returned 0x1130 [0179.345] GetCurrentThreadId () returned 0x1130 [0179.345] GetCurrentThreadId () returned 0x1130 [0179.345] GetCurrentThreadId () returned 0x1130 [0179.345] GetCurrentThreadId () returned 0x1130 [0179.345] malloc (_Size=0x64) returned 0x1d0520 [0179.346] free (_Block=0x1d0520) [0179.346] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0179.348] GetTickCount () returned 0x116d7aa [0179.348] GetCurrentThreadId () returned 0x1130 [0179.348] GetCurrentThreadId () returned 0x1130 [0179.348] GetCurrentThreadId () returned 0x1130 [0179.348] GetCurrentThreadId () returned 0x1130 [0179.348] GetCurrentThreadId () returned 0x1130 [0179.348] GetCurrentThreadId () returned 0x1130 [0179.348] GetCurrentThreadId () returned 0x1130 [0179.348] malloc (_Size=0x64) returned 0x1d0520 [0179.348] free (_Block=0x1d0520) [0179.348] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1 [0179.350] GetTickCount () returned 0x116d7aa [0179.350] GetCurrentThreadId () returned 0x1130 [0179.350] GetCurrentThreadId () returned 0x1130 [0179.350] GetCurrentThreadId () returned 0x1130 [0179.350] GetCurrentThreadId () returned 0x1130 [0179.350] GetCurrentThreadId () returned 0x1130 [0179.350] GetCurrentThreadId () returned 0x1130 [0179.350] GetCurrentThreadId () returned 0x1130 [0179.350] malloc (_Size=0x64) returned 0x1d0520 [0179.350] free (_Block=0x1d0520) [0179.350] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x380, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="uncle.exe")) returned 1 [0179.351] GetTickCount () returned 0x116d7aa [0179.351] GetCurrentThreadId () returned 0x1130 [0179.351] GetCurrentThreadId () returned 0x1130 [0179.351] GetCurrentThreadId () returned 0x1130 [0179.352] GetCurrentThreadId () returned 0x1130 [0179.352] GetCurrentThreadId () returned 0x1130 [0179.352] GetCurrentThreadId () returned 0x1130 [0179.352] GetCurrentThreadId () returned 0x1130 [0179.352] malloc (_Size=0x64) returned 0x1d0520 [0179.352] free (_Block=0x1d0520) [0179.352] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="excitement.exe")) returned 1 [0179.353] GetTickCount () returned 0x116d7aa [0179.353] GetCurrentThreadId () returned 0x1130 [0179.353] GetCurrentThreadId () returned 0x1130 [0179.353] GetCurrentThreadId () returned 0x1130 [0179.353] GetCurrentThreadId () returned 0x1130 [0179.353] GetCurrentThreadId () returned 0x1130 [0179.353] GetCurrentThreadId () returned 0x1130 [0179.353] GetCurrentThreadId () returned 0x1130 [0179.353] malloc (_Size=0x64) returned 0x1d0520 [0179.354] free (_Block=0x1d0520) [0179.354] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x550, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="holder.exe")) returned 1 [0179.355] GetTickCount () returned 0x116d7ba [0179.355] GetCurrentThreadId () returned 0x1130 [0179.355] GetCurrentThreadId () returned 0x1130 [0179.355] GetCurrentThreadId () returned 0x1130 [0179.355] GetCurrentThreadId () returned 0x1130 [0179.355] malloc (_Size=0x64) returned 0x1d0520 [0179.356] free (_Block=0x1d0520) [0179.356] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="passenger smoke author.exe")) returned 1 [0179.357] GetTickCount () returned 0x116d7ba [0179.357] GetCurrentThreadId () returned 0x1130 [0179.357] malloc (_Size=0x64) returned 0x1d0520 [0179.357] free (_Block=0x1d0520) [0179.357] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="softball.exe")) returned 1 [0179.358] GetTickCount () returned 0x116d7ba [0179.358] GetCurrentThreadId () returned 0x1130 [0179.358] malloc (_Size=0x64) returned 0x1d0520 [0179.359] free (_Block=0x1d0520) [0179.359] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="huge std.exe")) returned 1 [0179.360] GetTickCount () returned 0x116d7ba [0179.360] GetCurrentThreadId () returned 0x1130 [0179.360] malloc (_Size=0x64) returned 0x1d0520 [0179.360] free (_Block=0x1d0520) [0179.360] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lone terrace.exe")) returned 1 [0179.361] GetTickCount () returned 0x116d7ba [0179.361] GetCurrentThreadId () returned 0x1130 [0179.362] malloc (_Size=0x64) returned 0x1d0520 [0179.362] free (_Block=0x1d0520) [0179.362] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xac0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="poly-actually-kent.exe")) returned 1 [0179.363] GetTickCount () returned 0x116d7ba [0179.363] GetCurrentThreadId () returned 0x1130 [0179.363] malloc (_Size=0x64) returned 0x1d0520 [0179.363] free (_Block=0x1d0520) [0179.363] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xab4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="inn project.exe")) returned 1 [0179.364] GetTickCount () returned 0x116d7ba [0179.364] GetCurrentThreadId () returned 0x1130 [0179.364] malloc (_Size=0x64) returned 0x1d0520 [0179.365] free (_Block=0x1d0520) [0179.365] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="voluntaryfluidheating.exe")) returned 1 [0179.366] GetTickCount () returned 0x116d7ba [0179.366] GetCurrentThreadId () returned 0x1130 [0179.366] malloc (_Size=0x64) returned 0x1d0520 [0179.366] free (_Block=0x1d0520) [0179.366] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="hamburg.exe")) returned 1 [0179.367] GetTickCount () returned 0x116d7ba [0179.367] GetCurrentThreadId () returned 0x1130 [0179.367] malloc (_Size=0x64) returned 0x1d0520 [0179.367] free (_Block=0x1d0520) [0179.367] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="modules-recommend.exe")) returned 1 [0179.369] GetTickCount () returned 0x116d7ba [0179.369] GetCurrentThreadId () returned 0x1130 [0179.369] malloc (_Size=0x64) returned 0x1d0520 [0179.369] free (_Block=0x1d0520) [0179.369] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="tamil.exe")) returned 1 [0179.370] GetTickCount () returned 0x116d7ba [0179.370] GetCurrentThreadId () returned 0x1130 [0179.370] malloc (_Size=0x64) returned 0x1d0520 [0179.370] free (_Block=0x1d0520) [0179.370] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accounting-tunnel.exe")) returned 1 [0179.466] GetTickCount () returned 0x116d827 [0179.466] GetCurrentThreadId () returned 0x1130 [0179.467] malloc (_Size=0x64) returned 0x1d0520 [0179.467] free (_Block=0x1d0520) [0179.467] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="builder.exe")) returned 1 [0179.469] GetTickCount () returned 0x116d827 [0179.469] GetCurrentThreadId () returned 0x1130 [0179.469] malloc (_Size=0x64) returned 0x1d0520 [0179.469] free (_Block=0x1d0520) [0179.469] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="george.exe")) returned 1 [0179.471] GetTickCount () returned 0x116d827 [0179.471] GetCurrentThreadId () returned 0x1130 [0179.471] malloc (_Size=0x64) returned 0x1d0520 [0179.471] free (_Block=0x1d0520) [0179.471] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xde0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0179.473] GetTickCount () returned 0x116d827 [0179.473] GetCurrentThreadId () returned 0x1130 [0179.473] malloc (_Size=0x64) returned 0x1d0520 [0179.473] free (_Block=0x1d0520) [0179.473] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0179.475] GetTickCount () returned 0x116d827 [0179.475] GetCurrentThreadId () returned 0x1130 [0179.475] malloc (_Size=0x64) returned 0x1d0520 [0179.475] free (_Block=0x1d0520) [0179.475] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0179.478] GetTickCount () returned 0x116d827 [0179.478] GetCurrentThreadId () returned 0x1130 [0179.478] malloc (_Size=0x64) returned 0x1d0520 [0179.478] free (_Block=0x1d0520) [0179.478] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0179.480] GetTickCount () returned 0x116d827 [0179.480] GetCurrentThreadId () returned 0x1130 [0179.480] GetCurrentThreadId () returned 0x1130 [0179.480] GetCurrentThreadId () returned 0x1130 [0179.480] GetCurrentThreadId () returned 0x1130 [0179.481] GetCurrentThreadId () returned 0x1130 [0179.481] GetCurrentThreadId () returned 0x1130 [0179.481] GetCurrentThreadId () returned 0x1130 [0179.481] malloc (_Size=0x64) returned 0x1d0520 [0179.481] free (_Block=0x1d0520) [0179.481] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0179.482] GetTickCount () returned 0x116d837 [0179.482] GetCurrentThreadId () returned 0x1130 [0179.482] GetCurrentThreadId () returned 0x1130 [0179.482] GetCurrentThreadId () returned 0x1130 [0179.482] GetCurrentThreadId () returned 0x1130 [0179.482] GetCurrentThreadId () returned 0x1130 [0179.482] GetCurrentThreadId () returned 0x1130 [0179.482] GetCurrentThreadId () returned 0x1130 [0179.482] malloc (_Size=0x64) returned 0x1d0520 [0179.483] free (_Block=0x1d0520) [0179.483] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0179.484] GetTickCount () returned 0x116d837 [0179.484] GetCurrentThreadId () returned 0x1130 [0179.484] GetCurrentThreadId () returned 0x1130 [0179.484] GetCurrentThreadId () returned 0x1130 [0179.484] GetCurrentThreadId () returned 0x1130 [0179.484] GetCurrentThreadId () returned 0x1130 [0179.484] GetCurrentThreadId () returned 0x1130 [0179.484] GetCurrentThreadId () returned 0x1130 [0179.484] malloc (_Size=0x64) returned 0x1d0520 [0179.484] free (_Block=0x1d0520) [0179.484] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0179.486] GetTickCount () returned 0x116d837 [0179.486] GetCurrentThreadId () returned 0x1130 [0179.486] GetCurrentThreadId () returned 0x1130 [0179.486] GetCurrentThreadId () returned 0x1130 [0179.486] GetCurrentThreadId () returned 0x1130 [0179.486] GetCurrentThreadId () returned 0x1130 [0179.486] GetCurrentThreadId () returned 0x1130 [0179.486] GetCurrentThreadId () returned 0x1130 [0179.486] malloc (_Size=0x64) returned 0x1d0520 [0179.486] free (_Block=0x1d0520) [0179.486] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0179.488] GetTickCount () returned 0x116d837 [0179.488] GetCurrentThreadId () returned 0x1130 [0179.488] GetCurrentThreadId () returned 0x1130 [0179.488] GetCurrentThreadId () returned 0x1130 [0179.488] GetCurrentThreadId () returned 0x1130 [0179.488] GetCurrentThreadId () returned 0x1130 [0179.488] GetCurrentThreadId () returned 0x1130 [0179.488] GetCurrentThreadId () returned 0x1130 [0179.488] malloc (_Size=0x64) returned 0x1d0520 [0179.488] free (_Block=0x1d0520) [0179.488] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0179.489] GetTickCount () returned 0x116d837 [0179.490] GetCurrentThreadId () returned 0x1130 [0179.490] GetCurrentThreadId () returned 0x1130 [0179.490] GetCurrentThreadId () returned 0x1130 [0179.490] GetCurrentThreadId () returned 0x1130 [0179.490] GetCurrentThreadId () returned 0x1130 [0179.490] GetCurrentThreadId () returned 0x1130 [0179.490] GetCurrentThreadId () returned 0x1130 [0179.490] malloc (_Size=0x64) returned 0x1d0520 [0179.490] free (_Block=0x1d0520) [0179.490] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0179.491] GetTickCount () returned 0x116d837 [0179.491] GetCurrentThreadId () returned 0x1130 [0179.491] GetCurrentThreadId () returned 0x1130 [0179.491] GetCurrentThreadId () returned 0x1130 [0179.491] GetCurrentThreadId () returned 0x1130 [0179.491] GetCurrentThreadId () returned 0x1130 [0179.491] GetCurrentThreadId () returned 0x1130 [0179.491] GetCurrentThreadId () returned 0x1130 [0179.491] malloc (_Size=0x64) returned 0x1d0520 [0179.492] free (_Block=0x1d0520) [0179.492] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0179.493] GetTickCount () returned 0x116d837 [0179.493] GetCurrentThreadId () returned 0x1130 [0179.493] GetCurrentThreadId () returned 0x1130 [0179.493] GetCurrentThreadId () returned 0x1130 [0179.493] GetCurrentThreadId () returned 0x1130 [0179.493] GetCurrentThreadId () returned 0x1130 [0179.493] GetCurrentThreadId () returned 0x1130 [0179.493] GetCurrentThreadId () returned 0x1130 [0179.493] malloc (_Size=0x64) returned 0x1d0520 [0179.493] free (_Block=0x1d0520) [0179.493] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0179.495] GetTickCount () returned 0x116d837 [0179.495] GetCurrentThreadId () returned 0x1130 [0179.495] GetCurrentThreadId () returned 0x1130 [0179.495] GetCurrentThreadId () returned 0x1130 [0179.495] GetCurrentThreadId () returned 0x1130 [0179.495] GetCurrentThreadId () returned 0x1130 [0179.495] GetCurrentThreadId () returned 0x1130 [0179.495] GetCurrentThreadId () returned 0x1130 [0179.495] malloc (_Size=0x64) returned 0x1d0520 [0179.495] free (_Block=0x1d0520) [0179.495] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0179.601] GetTickCount () returned 0x116d8a4 [0179.601] GetCurrentThreadId () returned 0x1130 [0179.601] GetCurrentThreadId () returned 0x1130 [0179.601] GetCurrentThreadId () returned 0x1130 [0179.601] GetCurrentThreadId () returned 0x1130 [0179.601] GetCurrentThreadId () returned 0x1130 [0179.601] GetCurrentThreadId () returned 0x1130 [0179.602] GetCurrentThreadId () returned 0x1130 [0179.602] malloc (_Size=0x64) returned 0x1d0520 [0179.602] free (_Block=0x1d0520) [0179.602] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0179.603] GetTickCount () returned 0x116d8a4 [0179.603] GetCurrentThreadId () returned 0x1130 [0179.604] GetCurrentThreadId () returned 0x1130 [0179.604] GetCurrentThreadId () returned 0x1130 [0179.604] GetCurrentThreadId () returned 0x1130 [0179.604] GetCurrentThreadId () returned 0x1130 [0179.604] GetCurrentThreadId () returned 0x1130 [0179.604] GetCurrentThreadId () returned 0x1130 [0179.604] malloc (_Size=0x64) returned 0x1d0520 [0179.604] free (_Block=0x1d0520) [0179.604] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0179.655] GetTickCount () returned 0x116d8e3 [0179.655] GetCurrentThreadId () returned 0x1130 [0179.655] GetCurrentThreadId () returned 0x1130 [0179.655] GetCurrentThreadId () returned 0x1130 [0179.655] GetCurrentThreadId () returned 0x1130 [0179.655] GetCurrentThreadId () returned 0x1130 [0179.655] GetCurrentThreadId () returned 0x1130 [0179.655] GetCurrentThreadId () returned 0x1130 [0179.655] malloc (_Size=0x64) returned 0x1d0520 [0179.656] free (_Block=0x1d0520) [0179.656] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0179.657] GetTickCount () returned 0x116d8e3 [0179.657] GetCurrentThreadId () returned 0x1130 [0179.657] GetCurrentThreadId () returned 0x1130 [0179.657] GetCurrentThreadId () returned 0x1130 [0179.657] GetCurrentThreadId () returned 0x1130 [0179.657] GetCurrentThreadId () returned 0x1130 [0179.657] GetCurrentThreadId () returned 0x1130 [0179.657] GetCurrentThreadId () returned 0x1130 [0179.657] malloc (_Size=0x64) returned 0x1d0520 [0179.657] free (_Block=0x1d0520) [0179.657] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0179.659] GetTickCount () returned 0x116d8e3 [0179.659] GetCurrentThreadId () returned 0x1130 [0179.659] GetCurrentThreadId () returned 0x1130 [0179.659] GetCurrentThreadId () returned 0x1130 [0179.659] GetCurrentThreadId () returned 0x1130 [0179.659] GetCurrentThreadId () returned 0x1130 [0179.659] GetCurrentThreadId () returned 0x1130 [0179.659] GetCurrentThreadId () returned 0x1130 [0179.659] malloc (_Size=0x64) returned 0x1d0520 [0179.659] free (_Block=0x1d0520) [0179.659] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0179.660] GetTickCount () returned 0x116d8e3 [0179.660] GetCurrentThreadId () returned 0x1130 [0179.660] GetCurrentThreadId () returned 0x1130 [0179.660] GetCurrentThreadId () returned 0x1130 [0179.660] GetCurrentThreadId () returned 0x1130 [0179.660] GetCurrentThreadId () returned 0x1130 [0179.661] GetCurrentThreadId () returned 0x1130 [0179.661] GetCurrentThreadId () returned 0x1130 [0179.661] malloc (_Size=0x64) returned 0x1d0520 [0179.661] free (_Block=0x1d0520) [0179.661] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0179.662] GetTickCount () returned 0x116d8e3 [0179.662] GetCurrentThreadId () returned 0x1130 [0179.662] GetCurrentThreadId () returned 0x1130 [0179.662] GetCurrentThreadId () returned 0x1130 [0179.662] GetCurrentThreadId () returned 0x1130 [0179.662] GetCurrentThreadId () returned 0x1130 [0179.662] GetCurrentThreadId () returned 0x1130 [0179.662] GetCurrentThreadId () returned 0x1130 [0179.662] malloc (_Size=0x64) returned 0x1d0520 [0179.662] free (_Block=0x1d0520) [0179.662] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0179.664] GetTickCount () returned 0x116d8e3 [0179.664] GetCurrentThreadId () returned 0x1130 [0179.664] GetCurrentThreadId () returned 0x1130 [0179.664] GetCurrentThreadId () returned 0x1130 [0179.664] GetCurrentThreadId () returned 0x1130 [0179.664] GetCurrentThreadId () returned 0x1130 [0179.664] GetCurrentThreadId () returned 0x1130 [0179.664] GetCurrentThreadId () returned 0x1130 [0179.664] malloc (_Size=0x64) returned 0x1d0520 [0179.664] free (_Block=0x1d0520) [0179.664] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xee8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0179.665] GetTickCount () returned 0x116d8e3 [0179.665] GetCurrentThreadId () returned 0x1130 [0179.665] GetCurrentThreadId () returned 0x1130 [0179.665] GetCurrentThreadId () returned 0x1130 [0179.665] GetCurrentThreadId () returned 0x1130 [0179.665] GetCurrentThreadId () returned 0x1130 [0179.665] GetCurrentThreadId () returned 0x1130 [0179.665] GetCurrentThreadId () returned 0x1130 [0179.665] malloc (_Size=0x64) returned 0x1d0520 [0179.666] free (_Block=0x1d0520) [0179.666] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0179.667] GetTickCount () returned 0x116d8e3 [0179.667] GetCurrentThreadId () returned 0x1130 [0179.667] GetCurrentThreadId () returned 0x1130 [0179.667] GetCurrentThreadId () returned 0x1130 [0179.667] GetCurrentThreadId () returned 0x1130 [0179.667] GetCurrentThreadId () returned 0x1130 [0179.667] GetCurrentThreadId () returned 0x1130 [0179.667] GetCurrentThreadId () returned 0x1130 [0179.667] malloc (_Size=0x64) returned 0x1d0520 [0179.667] free (_Block=0x1d0520) [0179.667] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0179.669] GetTickCount () returned 0x116d8f2 [0179.669] GetCurrentThreadId () returned 0x1130 [0179.669] GetCurrentThreadId () returned 0x1130 [0179.669] GetCurrentThreadId () returned 0x1130 [0179.669] GetCurrentThreadId () returned 0x1130 [0179.669] GetCurrentThreadId () returned 0x1130 [0179.669] GetCurrentThreadId () returned 0x1130 [0179.669] GetCurrentThreadId () returned 0x1130 [0179.669] malloc (_Size=0x64) returned 0x1d0520 [0179.669] free (_Block=0x1d0520) [0179.669] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0179.670] GetTickCount () returned 0x116d8f2 [0179.670] GetCurrentThreadId () returned 0x1130 [0179.670] GetCurrentThreadId () returned 0x1130 [0179.671] GetCurrentThreadId () returned 0x1130 [0179.671] GetCurrentThreadId () returned 0x1130 [0179.671] GetCurrentThreadId () returned 0x1130 [0179.671] GetCurrentThreadId () returned 0x1130 [0179.671] GetCurrentThreadId () returned 0x1130 [0179.671] malloc (_Size=0x64) returned 0x1d0520 [0179.671] free (_Block=0x1d0520) [0179.671] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0179.672] GetTickCount () returned 0x116d8f2 [0179.672] GetCurrentThreadId () returned 0x1130 [0179.672] GetCurrentThreadId () returned 0x1130 [0179.672] GetCurrentThreadId () returned 0x1130 [0179.672] GetCurrentThreadId () returned 0x1130 [0179.672] GetCurrentThreadId () returned 0x1130 [0179.672] GetCurrentThreadId () returned 0x1130 [0179.673] GetCurrentThreadId () returned 0x1130 [0179.673] malloc (_Size=0x64) returned 0x1d0520 [0179.673] free (_Block=0x1d0520) [0179.673] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0179.674] GetTickCount () returned 0x116d8f2 [0179.674] GetCurrentThreadId () returned 0x1130 [0179.674] GetCurrentThreadId () returned 0x1130 [0179.674] GetCurrentThreadId () returned 0x1130 [0179.674] GetCurrentThreadId () returned 0x1130 [0179.674] GetCurrentThreadId () returned 0x1130 [0179.674] GetCurrentThreadId () returned 0x1130 [0179.674] GetCurrentThreadId () returned 0x1130 [0179.674] malloc (_Size=0x64) returned 0x1d0520 [0179.675] free (_Block=0x1d0520) [0179.675] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0179.676] GetTickCount () returned 0x116d8f2 [0179.676] GetCurrentThreadId () returned 0x1130 [0179.676] GetCurrentThreadId () returned 0x1130 [0179.676] GetCurrentThreadId () returned 0x1130 [0179.676] GetCurrentThreadId () returned 0x1130 [0179.676] GetCurrentThreadId () returned 0x1130 [0179.676] GetCurrentThreadId () returned 0x1130 [0179.676] GetCurrentThreadId () returned 0x1130 [0179.676] malloc (_Size=0x64) returned 0x1d0520 [0179.676] free (_Block=0x1d0520) [0179.676] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0179.678] GetTickCount () returned 0x116d8f2 [0179.678] GetCurrentThreadId () returned 0x1130 [0179.678] GetCurrentThreadId () returned 0x1130 [0179.678] GetCurrentThreadId () returned 0x1130 [0179.678] GetCurrentThreadId () returned 0x1130 [0179.678] GetCurrentThreadId () returned 0x1130 [0179.678] GetCurrentThreadId () returned 0x1130 [0179.678] GetCurrentThreadId () returned 0x1130 [0179.678] malloc (_Size=0x64) returned 0x1d0520 [0179.678] free (_Block=0x1d0520) [0179.678] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0179.680] GetTickCount () returned 0x116d8f2 [0179.680] GetCurrentThreadId () returned 0x1130 [0179.680] GetCurrentThreadId () returned 0x1130 [0179.680] GetCurrentThreadId () returned 0x1130 [0179.680] GetCurrentThreadId () returned 0x1130 [0179.680] GetCurrentThreadId () returned 0x1130 [0179.680] GetCurrentThreadId () returned 0x1130 [0179.680] GetCurrentThreadId () returned 0x1130 [0179.680] malloc (_Size=0x64) returned 0x1d0520 [0179.680] free (_Block=0x1d0520) [0179.680] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xfbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0179.682] GetTickCount () returned 0x116d8f2 [0179.682] GetCurrentThreadId () returned 0x1130 [0179.682] GetCurrentThreadId () returned 0x1130 [0179.682] GetCurrentThreadId () returned 0x1130 [0179.682] GetCurrentThreadId () returned 0x1130 [0179.682] GetCurrentThreadId () returned 0x1130 [0179.682] GetCurrentThreadId () returned 0x1130 [0179.682] GetCurrentThreadId () returned 0x1130 [0179.682] malloc (_Size=0x64) returned 0x1d0520 [0179.682] free (_Block=0x1d0520) [0179.682] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xff8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0179.684] GetTickCount () returned 0x116d902 [0179.684] GetCurrentThreadId () returned 0x1130 [0179.684] GetCurrentThreadId () returned 0x1130 [0179.684] GetCurrentThreadId () returned 0x1130 [0179.684] GetCurrentThreadId () returned 0x1130 [0179.684] GetCurrentThreadId () returned 0x1130 [0179.684] GetCurrentThreadId () returned 0x1130 [0179.684] GetCurrentThreadId () returned 0x1130 [0179.684] malloc (_Size=0x64) returned 0x1d0520 [0179.685] free (_Block=0x1d0520) [0179.685] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x764, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0179.686] GetTickCount () returned 0x116d902 [0179.686] GetCurrentThreadId () returned 0x1130 [0179.686] GetCurrentThreadId () returned 0x1130 [0179.686] GetCurrentThreadId () returned 0x1130 [0179.686] GetCurrentThreadId () returned 0x1130 [0179.686] GetCurrentThreadId () returned 0x1130 [0179.686] GetCurrentThreadId () returned 0x1130 [0179.686] GetCurrentThreadId () returned 0x1130 [0179.686] malloc (_Size=0x64) returned 0x1d0520 [0179.686] free (_Block=0x1d0520) [0179.686] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x368, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0179.689] GetTickCount () returned 0x116d902 [0179.690] GetCurrentThreadId () returned 0x1130 [0179.690] GetCurrentThreadId () returned 0x1130 [0179.690] GetCurrentThreadId () returned 0x1130 [0179.690] GetCurrentThreadId () returned 0x1130 [0179.690] GetCurrentThreadId () returned 0x1130 [0179.690] GetCurrentThreadId () returned 0x1130 [0179.690] GetCurrentThreadId () returned 0x1130 [0179.690] malloc (_Size=0x64) returned 0x1d0520 [0179.690] free (_Block=0x1d0520) [0179.690] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0179.692] GetTickCount () returned 0x116d902 [0179.692] GetCurrentThreadId () returned 0x1130 [0179.692] GetCurrentThreadId () returned 0x1130 [0179.692] GetCurrentThreadId () returned 0x1130 [0179.692] GetCurrentThreadId () returned 0x1130 [0179.692] GetCurrentThreadId () returned 0x1130 [0179.692] GetCurrentThreadId () returned 0x1130 [0179.692] GetCurrentThreadId () returned 0x1130 [0179.692] malloc (_Size=0x64) returned 0x1d0520 [0179.692] free (_Block=0x1d0520) [0179.692] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0179.693] GetTickCount () returned 0x116d902 [0179.693] GetCurrentThreadId () returned 0x1130 [0179.693] GetCurrentThreadId () returned 0x1130 [0179.693] GetCurrentThreadId () returned 0x1130 [0179.693] GetCurrentThreadId () returned 0x1130 [0179.694] GetCurrentThreadId () returned 0x1130 [0179.694] GetCurrentThreadId () returned 0x1130 [0179.694] GetCurrentThreadId () returned 0x1130 [0179.694] malloc (_Size=0x64) returned 0x1d0520 [0179.694] free (_Block=0x1d0520) [0179.694] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0179.695] GetTickCount () returned 0x116d902 [0179.695] GetCurrentThreadId () returned 0x1130 [0179.696] GetCurrentThreadId () returned 0x1130 [0179.696] GetCurrentThreadId () returned 0x1130 [0179.696] GetCurrentThreadId () returned 0x1130 [0179.696] GetCurrentThreadId () returned 0x1130 [0179.696] GetCurrentThreadId () returned 0x1130 [0179.696] GetCurrentThreadId () returned 0x1130 [0179.696] malloc (_Size=0x64) returned 0x1d0520 [0179.696] free (_Block=0x1d0520) [0179.696] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0179.697] GetTickCount () returned 0x116d902 [0179.697] GetCurrentThreadId () returned 0x1130 [0179.697] GetCurrentThreadId () returned 0x1130 [0179.697] GetCurrentThreadId () returned 0x1130 [0179.697] GetCurrentThreadId () returned 0x1130 [0179.698] GetCurrentThreadId () returned 0x1130 [0179.698] GetCurrentThreadId () returned 0x1130 [0179.698] GetCurrentThreadId () returned 0x1130 [0179.698] malloc (_Size=0x64) returned 0x1d0520 [0179.698] free (_Block=0x1d0520) [0179.698] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0179.699] GetTickCount () returned 0x116d902 [0179.699] GetCurrentThreadId () returned 0x1130 [0179.699] GetCurrentThreadId () returned 0x1130 [0179.699] GetCurrentThreadId () returned 0x1130 [0179.699] GetCurrentThreadId () returned 0x1130 [0179.699] GetCurrentThreadId () returned 0x1130 [0179.776] GetCurrentThreadId () returned 0x1130 [0179.776] GetCurrentThreadId () returned 0x1130 [0179.776] malloc (_Size=0x64) returned 0x1d0520 [0179.776] free (_Block=0x1d0520) [0179.777] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0179.778] GetTickCount () returned 0x116d960 [0179.778] GetCurrentThreadId () returned 0x1130 [0179.778] GetCurrentThreadId () returned 0x1130 [0179.778] GetCurrentThreadId () returned 0x1130 [0179.778] GetCurrentThreadId () returned 0x1130 [0179.778] GetCurrentThreadId () returned 0x1130 [0179.778] GetCurrentThreadId () returned 0x1130 [0179.778] GetCurrentThreadId () returned 0x1130 [0179.778] malloc (_Size=0x64) returned 0x1d0520 [0179.778] free (_Block=0x1d0520) [0179.778] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xeb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0179.781] GetTickCount () returned 0x116d960 [0179.781] GetCurrentThreadId () returned 0x1130 [0179.781] GetCurrentThreadId () returned 0x1130 [0179.781] GetCurrentThreadId () returned 0x1130 [0179.781] GetCurrentThreadId () returned 0x1130 [0179.781] GetCurrentThreadId () returned 0x1130 [0179.781] GetCurrentThreadId () returned 0x1130 [0179.781] GetCurrentThreadId () returned 0x1130 [0179.781] malloc (_Size=0x64) returned 0x1d0520 [0179.781] free (_Block=0x1d0520) [0179.781] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0179.783] GetTickCount () returned 0x116d960 [0179.783] GetCurrentThreadId () returned 0x1130 [0179.783] GetCurrentThreadId () returned 0x1130 [0179.783] GetCurrentThreadId () returned 0x1130 [0179.783] GetCurrentThreadId () returned 0x1130 [0179.783] GetCurrentThreadId () returned 0x1130 [0179.783] GetCurrentThreadId () returned 0x1130 [0179.783] GetCurrentThreadId () returned 0x1130 [0179.783] malloc (_Size=0x64) returned 0x1d0520 [0179.783] free (_Block=0x1d0520) [0179.783] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xfe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0179.785] GetTickCount () returned 0x116d960 [0179.785] GetCurrentThreadId () returned 0x1130 [0179.785] GetCurrentThreadId () returned 0x1130 [0179.785] GetCurrentThreadId () returned 0x1130 [0179.785] GetCurrentThreadId () returned 0x1130 [0179.785] GetCurrentThreadId () returned 0x1130 [0179.785] GetCurrentThreadId () returned 0x1130 [0179.785] GetCurrentThreadId () returned 0x1130 [0179.785] malloc (_Size=0x64) returned 0x1d0520 [0179.785] free (_Block=0x1d0520) [0179.785] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xfdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0179.787] GetTickCount () returned 0x116d960 [0179.787] GetCurrentThreadId () returned 0x1130 [0179.787] GetCurrentThreadId () returned 0x1130 [0179.787] GetCurrentThreadId () returned 0x1130 [0179.787] GetCurrentThreadId () returned 0x1130 [0179.787] GetCurrentThreadId () returned 0x1130 [0179.787] GetCurrentThreadId () returned 0x1130 [0179.787] GetCurrentThreadId () returned 0x1130 [0179.787] malloc (_Size=0x64) returned 0x1d0520 [0179.787] free (_Block=0x1d0520) [0179.787] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xfec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0179.788] GetTickCount () returned 0x116d960 [0179.788] GetCurrentThreadId () returned 0x1130 [0179.788] GetCurrentThreadId () returned 0x1130 [0179.788] GetCurrentThreadId () returned 0x1130 [0179.788] GetCurrentThreadId () returned 0x1130 [0179.789] GetCurrentThreadId () returned 0x1130 [0179.789] GetCurrentThreadId () returned 0x1130 [0179.789] GetCurrentThreadId () returned 0x1130 [0179.789] malloc (_Size=0x64) returned 0x1d0520 [0179.789] free (_Block=0x1d0520) [0179.789] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="soldiers_operation.exe")) returned 1 [0179.790] GetTickCount () returned 0x116d960 [0179.790] GetCurrentThreadId () returned 0x1130 [0179.790] GetCurrentThreadId () returned 0x1130 [0179.790] GetCurrentThreadId () returned 0x1130 [0179.790] GetCurrentThreadId () returned 0x1130 [0179.790] malloc (_Size=0x64) returned 0x1d0520 [0179.790] free (_Block=0x1d0520) [0179.791] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="andrea summit.exe")) returned 1 [0179.792] GetTickCount () returned 0x116d960 [0179.792] GetCurrentThreadId () returned 0x1130 [0179.792] malloc (_Size=0x64) returned 0x1d0520 [0179.793] free (_Block=0x1d0520) [0179.793] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1008, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="memo playing intl.exe")) returned 1 [0179.794] GetTickCount () returned 0x116d960 [0179.794] GetCurrentThreadId () returned 0x1130 [0179.794] malloc (_Size=0x64) returned 0x1d0520 [0179.794] free (_Block=0x1d0520) [0179.794] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x101c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bonds_chorus.exe")) returned 1 [0179.798] GetTickCount () returned 0x116d96f [0179.798] GetCurrentThreadId () returned 0x1130 [0179.798] malloc (_Size=0x64) returned 0x1d0520 [0179.798] free (_Block=0x1d0520) [0179.798] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0179.799] GetTickCount () returned 0x116d96f [0179.799] GetCurrentThreadId () returned 0x1130 [0179.799] malloc (_Size=0x64) returned 0x1d0520 [0179.800] free (_Block=0x1d0520) [0179.800] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.802] GetTickCount () returned 0x116d96f [0179.802] GetCurrentThreadId () returned 0x1130 [0179.802] malloc (_Size=0x64) returned 0x1d0520 [0179.802] free (_Block=0x1d0520) [0179.802] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1164, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0179.804] GetTickCount () returned 0x116d96f [0179.804] GetCurrentThreadId () returned 0x1130 [0179.804] malloc (_Size=0x64) returned 0x1d0520 [0179.804] free (_Block=0x1d0520) [0179.804] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x11e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0179.805] GetTickCount () returned 0x116d96f [0179.806] GetCurrentThreadId () returned 0x1130 [0179.806] malloc (_Size=0x64) returned 0x1d0520 [0179.806] free (_Block=0x1d0520) [0179.806] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x11fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0179.807] GetTickCount () returned 0x116d96f [0179.808] GetCurrentThreadId () returned 0x1130 [0179.808] malloc (_Size=0x64) returned 0x1d0520 [0179.808] free (_Block=0x1d0520) [0179.808] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x120c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0179.809] GetTickCount () returned 0x116d97f [0179.809] GetCurrentThreadId () returned 0x1130 [0179.809] malloc (_Size=0x64) returned 0x1d0520 [0179.810] free (_Block=0x1d0520) [0179.810] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x11fc, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0179.811] GetTickCount () returned 0x116d97f [0179.811] GetCurrentThreadId () returned 0x1130 [0179.811] malloc (_Size=0x64) returned 0x1d0520 [0179.811] free (_Block=0x1d0520) [0179.811] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="????? ????????? ?? 365 ????.exe")) returned 1 [0179.812] GetTickCount () returned 0x116d97f [0179.812] GetCurrentThreadId () returned 0x1130 [0179.813] malloc (_Size=0x64) returned 0x1d0520 [0179.813] free (_Block=0x1d0520) [0179.813] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1090, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0179.814] GetTickCount () returned 0x116d97f [0179.814] GetCurrentThreadId () returned 0x1130 [0179.814] malloc (_Size=0x64) returned 0x1d0520 [0179.814] free (_Block=0x1d0520) [0179.814] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0179.816] GetTickCount () returned 0x116d97f [0179.816] GetCurrentThreadId () returned 0x1130 [0179.816] malloc (_Size=0x64) returned 0x1d0520 [0179.816] free (_Block=0x1d0520) [0179.816] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x760, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0179.817] GetTickCount () returned 0x116d97f [0179.817] GetCurrentThreadId () returned 0x1130 [0179.818] malloc (_Size=0x64) returned 0x1d0520 [0179.818] free (_Block=0x1d0520) [0179.818] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1134, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1 [0179.819] GetTickCount () returned 0x116d97f [0179.819] GetCurrentThreadId () returned 0x1130 [0179.820] malloc (_Size=0x64) returned 0x1d0520 [0179.820] free (_Block=0x1d0520) [0179.820] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xa10, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0179.821] GetTickCount () returned 0x116d97f [0179.821] GetCurrentThreadId () returned 0x1130 [0179.821] malloc (_Size=0x64) returned 0x1d0520 [0179.821] free (_Block=0x1d0520) [0179.822] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xfb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0xa10, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0179.823] GetTickCount () returned 0x116d97f [0179.823] GetCurrentThreadId () returned 0x1130 [0179.823] malloc (_Size=0x64) returned 0x1d0520 [0179.823] free (_Block=0x1d0520) [0179.824] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="sc.exe")) returned 1 [0179.872] GetTickCount () returned 0x116d9be [0179.872] GetCurrentThreadId () returned 0x1130 [0179.872] malloc (_Size=0x64) returned 0x1d0520 [0179.873] free (_Block=0x1d0520) [0179.873] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xa8c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0179.874] GetTickCount () returned 0x116d9be [0179.874] GetCurrentThreadId () returned 0x1130 [0179.874] malloc (_Size=0x64) returned 0x1d0520 [0179.875] free (_Block=0x1d0520) [0179.875] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0179.876] GetTickCount () returned 0x116d9be [0179.876] GetCurrentThreadId () returned 0x1130 [0179.876] malloc (_Size=0x64) returned 0x1d0520 [0179.876] free (_Block=0x1d0520) [0179.876] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0179.878] GetTickCount () returned 0x116d9be [0179.878] GetCurrentThreadId () returned 0x1130 [0179.878] malloc (_Size=0x64) returned 0x1d0520 [0179.878] free (_Block=0x1d0520) [0179.878] Process32Next (in: hSnapshot=0x410, lppe=0x19fa0c | out: lppe=0x19fa0c*(dwSize=0x128, cntUsage=0x80, th32ProcessID=0x11, th32DefaultHeapID=0x3000003, th32ModuleID=0x1d0284, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=1900544, dwFlags=0xe, szExeFile="Wmp")) returned 0 [0179.879] GetTickCount () returned 0x116d9be [0179.879] Thread32First (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.881] GetCurrentThreadId () returned 0x1130 [0179.881] GetCurrentThreadId () returned 0x1130 [0179.881] GetCurrentThreadId () returned 0x1130 [0179.881] GetCurrentThreadId () returned 0x1130 [0179.881] GetCurrentThreadId () returned 0x1130 [0179.881] GetCurrentThreadId () returned 0x1130 [0179.881] GetCurrentThreadId () returned 0x1130 [0179.881] malloc (_Size=0x64) returned 0x1d0520 [0179.881] free (_Block=0x1d0520) [0179.881] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.883] GetTickCount () returned 0x116d9be [0179.883] GetCurrentThreadId () returned 0x1130 [0179.883] GetCurrentThreadId () returned 0x1130 [0179.883] GetCurrentThreadId () returned 0x1130 [0179.883] GetCurrentThreadId () returned 0x1130 [0179.883] GetCurrentThreadId () returned 0x1130 [0179.883] GetCurrentThreadId () returned 0x1130 [0179.883] GetCurrentThreadId () returned 0x1130 [0179.883] malloc (_Size=0x64) returned 0x1d0520 [0179.884] free (_Block=0x1d0520) [0179.884] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.885] GetTickCount () returned 0x116d9be [0179.885] GetCurrentThreadId () returned 0x1130 [0179.885] GetCurrentThreadId () returned 0x1130 [0179.885] GetCurrentThreadId () returned 0x1130 [0179.886] GetCurrentThreadId () returned 0x1130 [0179.886] GetCurrentThreadId () returned 0x1130 [0179.886] GetCurrentThreadId () returned 0x1130 [0179.886] GetCurrentThreadId () returned 0x1130 [0179.886] malloc (_Size=0x64) returned 0x1d0520 [0179.886] free (_Block=0x1d0520) [0179.886] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.891] GetTickCount () returned 0x116d9cd [0179.892] GetCurrentThreadId () returned 0x1130 [0179.892] GetCurrentThreadId () returned 0x1130 [0179.892] GetCurrentThreadId () returned 0x1130 [0179.892] GetCurrentThreadId () returned 0x1130 [0179.892] GetCurrentThreadId () returned 0x1130 [0179.892] GetCurrentThreadId () returned 0x1130 [0179.892] GetCurrentThreadId () returned 0x1130 [0179.893] malloc (_Size=0x64) returned 0x1d0520 [0179.893] free (_Block=0x1d0520) [0179.893] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.894] GetTickCount () returned 0x116d9cd [0179.894] GetCurrentThreadId () returned 0x1130 [0179.894] GetCurrentThreadId () returned 0x1130 [0179.894] GetCurrentThreadId () returned 0x1130 [0179.894] GetCurrentThreadId () returned 0x1130 [0179.894] GetCurrentThreadId () returned 0x1130 [0179.894] GetCurrentThreadId () returned 0x1130 [0179.894] GetCurrentThreadId () returned 0x1130 [0179.894] malloc (_Size=0x64) returned 0x1d0520 [0179.894] free (_Block=0x1d0520) [0179.894] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.896] GetTickCount () returned 0x116d9cd [0179.896] GetCurrentThreadId () returned 0x1130 [0179.896] GetCurrentThreadId () returned 0x1130 [0179.896] GetCurrentThreadId () returned 0x1130 [0179.896] GetCurrentThreadId () returned 0x1130 [0179.896] GetCurrentThreadId () returned 0x1130 [0179.896] GetCurrentThreadId () returned 0x1130 [0179.896] GetCurrentThreadId () returned 0x1130 [0179.896] malloc (_Size=0x64) returned 0x1d0520 [0179.896] free (_Block=0x1d0520) [0179.896] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.897] GetTickCount () returned 0x116d9cd [0179.897] GetCurrentThreadId () returned 0x1130 [0179.897] GetCurrentThreadId () returned 0x1130 [0179.897] GetCurrentThreadId () returned 0x1130 [0179.897] GetCurrentThreadId () returned 0x1130 [0179.897] GetCurrentThreadId () returned 0x1130 [0179.897] GetCurrentThreadId () returned 0x1130 [0179.898] GetCurrentThreadId () returned 0x1130 [0179.898] malloc (_Size=0x64) returned 0x1d0520 [0179.898] free (_Block=0x1d0520) [0179.898] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.899] GetTickCount () returned 0x116d9cd [0179.899] GetCurrentThreadId () returned 0x1130 [0179.899] GetCurrentThreadId () returned 0x1130 [0179.899] GetCurrentThreadId () returned 0x1130 [0179.899] GetCurrentThreadId () returned 0x1130 [0179.899] GetCurrentThreadId () returned 0x1130 [0179.899] GetCurrentThreadId () returned 0x1130 [0179.899] GetCurrentThreadId () returned 0x1130 [0179.899] malloc (_Size=0x64) returned 0x1d0520 [0179.899] free (_Block=0x1d0520) [0179.899] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.901] GetTickCount () returned 0x116d9cd [0179.901] GetCurrentThreadId () returned 0x1130 [0179.901] GetCurrentThreadId () returned 0x1130 [0179.901] GetCurrentThreadId () returned 0x1130 [0179.901] GetCurrentThreadId () returned 0x1130 [0179.901] GetCurrentThreadId () returned 0x1130 [0179.901] GetCurrentThreadId () returned 0x1130 [0179.901] GetCurrentThreadId () returned 0x1130 [0179.901] malloc (_Size=0x64) returned 0x1d0520 [0179.901] free (_Block=0x1d0520) [0179.901] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.902] GetTickCount () returned 0x116d9dd [0179.902] GetCurrentThreadId () returned 0x1130 [0179.902] GetCurrentThreadId () returned 0x1130 [0179.902] GetCurrentThreadId () returned 0x1130 [0179.902] GetCurrentThreadId () returned 0x1130 [0179.902] GetCurrentThreadId () returned 0x1130 [0179.902] GetCurrentThreadId () returned 0x1130 [0179.902] GetCurrentThreadId () returned 0x1130 [0179.903] malloc (_Size=0x64) returned 0x1d0520 [0179.903] free (_Block=0x1d0520) [0179.903] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.904] GetTickCount () returned 0x116d9dd [0179.904] GetCurrentThreadId () returned 0x1130 [0179.904] GetCurrentThreadId () returned 0x1130 [0179.904] GetCurrentThreadId () returned 0x1130 [0179.904] GetCurrentThreadId () returned 0x1130 [0179.904] GetCurrentThreadId () returned 0x1130 [0179.904] GetCurrentThreadId () returned 0x1130 [0179.904] GetCurrentThreadId () returned 0x1130 [0179.904] malloc (_Size=0x64) returned 0x1d0520 [0179.904] free (_Block=0x1d0520) [0179.904] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.906] GetTickCount () returned 0x116d9dd [0179.906] GetCurrentThreadId () returned 0x1130 [0179.906] GetCurrentThreadId () returned 0x1130 [0179.906] GetCurrentThreadId () returned 0x1130 [0179.906] GetCurrentThreadId () returned 0x1130 [0179.906] GetCurrentThreadId () returned 0x1130 [0179.906] GetCurrentThreadId () returned 0x1130 [0179.906] GetCurrentThreadId () returned 0x1130 [0179.906] malloc (_Size=0x64) returned 0x1d0520 [0179.906] free (_Block=0x1d0520) [0179.906] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.907] GetTickCount () returned 0x116d9dd [0179.907] GetCurrentThreadId () returned 0x1130 [0179.907] GetCurrentThreadId () returned 0x1130 [0179.907] GetCurrentThreadId () returned 0x1130 [0179.907] GetCurrentThreadId () returned 0x1130 [0179.908] GetCurrentThreadId () returned 0x1130 [0179.908] GetCurrentThreadId () returned 0x1130 [0179.908] GetCurrentThreadId () returned 0x1130 [0179.908] malloc (_Size=0x64) returned 0x1d0520 [0179.908] free (_Block=0x1d0520) [0179.908] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.909] GetTickCount () returned 0x116d9dd [0179.909] GetCurrentThreadId () returned 0x1130 [0179.909] GetCurrentThreadId () returned 0x1130 [0179.909] GetCurrentThreadId () returned 0x1130 [0179.909] GetCurrentThreadId () returned 0x1130 [0179.909] GetCurrentThreadId () returned 0x1130 [0179.909] GetCurrentThreadId () returned 0x1130 [0179.909] GetCurrentThreadId () returned 0x1130 [0179.909] malloc (_Size=0x64) returned 0x1d0520 [0179.909] free (_Block=0x1d0520) [0179.909] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.912] GetTickCount () returned 0x116d9dd [0179.912] GetCurrentThreadId () returned 0x1130 [0179.912] GetCurrentThreadId () returned 0x1130 [0179.912] GetCurrentThreadId () returned 0x1130 [0179.912] GetCurrentThreadId () returned 0x1130 [0179.912] GetCurrentThreadId () returned 0x1130 [0179.912] GetCurrentThreadId () returned 0x1130 [0179.912] GetCurrentThreadId () returned 0x1130 [0179.912] malloc (_Size=0x64) returned 0x1d0520 [0179.912] free (_Block=0x1d0520) [0179.912] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.914] GetTickCount () returned 0x116d9dd [0179.914] GetCurrentThreadId () returned 0x1130 [0179.914] GetCurrentThreadId () returned 0x1130 [0179.914] GetCurrentThreadId () returned 0x1130 [0179.914] GetCurrentThreadId () returned 0x1130 [0179.914] GetCurrentThreadId () returned 0x1130 [0179.914] GetCurrentThreadId () returned 0x1130 [0179.914] GetCurrentThreadId () returned 0x1130 [0179.914] malloc (_Size=0x64) returned 0x1d0520 [0179.914] free (_Block=0x1d0520) [0179.914] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.916] GetTickCount () returned 0x116d9dd [0179.916] GetCurrentThreadId () returned 0x1130 [0179.916] GetCurrentThreadId () returned 0x1130 [0179.916] GetCurrentThreadId () returned 0x1130 [0179.916] GetCurrentThreadId () returned 0x1130 [0179.916] GetCurrentThreadId () returned 0x1130 [0179.916] GetCurrentThreadId () returned 0x1130 [0179.916] GetCurrentThreadId () returned 0x1130 [0179.916] malloc (_Size=0x64) returned 0x1d0520 [0179.917] free (_Block=0x1d0520) [0179.917] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.965] GetTickCount () returned 0x116da1b [0179.965] GetCurrentThreadId () returned 0x1130 [0179.965] GetCurrentThreadId () returned 0x1130 [0179.966] GetCurrentThreadId () returned 0x1130 [0179.966] GetCurrentThreadId () returned 0x1130 [0179.966] GetCurrentThreadId () returned 0x1130 [0179.966] GetCurrentThreadId () returned 0x1130 [0179.966] GetCurrentThreadId () returned 0x1130 [0179.966] malloc (_Size=0x64) returned 0x1d0520 [0179.966] free (_Block=0x1d0520) [0179.966] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.967] GetTickCount () returned 0x116da1b [0179.967] GetCurrentThreadId () returned 0x1130 [0179.967] GetCurrentThreadId () returned 0x1130 [0179.967] GetCurrentThreadId () returned 0x1130 [0179.967] GetCurrentThreadId () returned 0x1130 [0179.968] GetCurrentThreadId () returned 0x1130 [0179.968] GetCurrentThreadId () returned 0x1130 [0179.968] GetCurrentThreadId () returned 0x1130 [0179.968] malloc (_Size=0x64) returned 0x1d0520 [0179.968] free (_Block=0x1d0520) [0179.968] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.969] GetTickCount () returned 0x116da1b [0179.969] GetCurrentThreadId () returned 0x1130 [0179.969] GetCurrentThreadId () returned 0x1130 [0179.969] GetCurrentThreadId () returned 0x1130 [0179.969] GetCurrentThreadId () returned 0x1130 [0179.969] GetCurrentThreadId () returned 0x1130 [0179.969] GetCurrentThreadId () returned 0x1130 [0179.969] GetCurrentThreadId () returned 0x1130 [0179.969] malloc (_Size=0x64) returned 0x1d0520 [0179.969] free (_Block=0x1d0520) [0179.969] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.970] GetTickCount () returned 0x116da1b [0179.970] GetCurrentThreadId () returned 0x1130 [0179.970] GetCurrentThreadId () returned 0x1130 [0179.970] GetCurrentThreadId () returned 0x1130 [0179.970] GetCurrentThreadId () returned 0x1130 [0179.971] GetCurrentThreadId () returned 0x1130 [0179.971] GetCurrentThreadId () returned 0x1130 [0179.971] GetCurrentThreadId () returned 0x1130 [0179.971] malloc (_Size=0x64) returned 0x1d0520 [0179.971] free (_Block=0x1d0520) [0179.971] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.972] GetTickCount () returned 0x116da1b [0179.972] GetCurrentThreadId () returned 0x1130 [0179.972] GetCurrentThreadId () returned 0x1130 [0179.972] GetCurrentThreadId () returned 0x1130 [0179.972] GetCurrentThreadId () returned 0x1130 [0179.972] GetCurrentThreadId () returned 0x1130 [0179.972] GetCurrentThreadId () returned 0x1130 [0179.972] GetCurrentThreadId () returned 0x1130 [0179.972] malloc (_Size=0x64) returned 0x1d0520 [0179.972] free (_Block=0x1d0520) [0179.972] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.973] GetTickCount () returned 0x116da1b [0179.973] GetCurrentThreadId () returned 0x1130 [0179.973] GetCurrentThreadId () returned 0x1130 [0179.973] GetCurrentThreadId () returned 0x1130 [0179.973] GetCurrentThreadId () returned 0x1130 [0179.973] GetCurrentThreadId () returned 0x1130 [0179.973] GetCurrentThreadId () returned 0x1130 [0179.973] GetCurrentThreadId () returned 0x1130 [0179.973] malloc (_Size=0x64) returned 0x1d0520 [0179.973] free (_Block=0x1d0520) [0179.973] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.974] GetTickCount () returned 0x116da1b [0179.974] GetCurrentThreadId () returned 0x1130 [0179.974] GetCurrentThreadId () returned 0x1130 [0179.974] GetCurrentThreadId () returned 0x1130 [0179.974] GetCurrentThreadId () returned 0x1130 [0179.975] GetCurrentThreadId () returned 0x1130 [0179.975] GetCurrentThreadId () returned 0x1130 [0179.975] GetCurrentThreadId () returned 0x1130 [0179.975] malloc (_Size=0x64) returned 0x1d0520 [0179.975] free (_Block=0x1d0520) [0179.975] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.976] GetTickCount () returned 0x116da1b [0179.976] GetCurrentThreadId () returned 0x1130 [0179.976] GetCurrentThreadId () returned 0x1130 [0179.976] GetCurrentThreadId () returned 0x1130 [0179.976] GetCurrentThreadId () returned 0x1130 [0179.976] GetCurrentThreadId () returned 0x1130 [0179.976] GetCurrentThreadId () returned 0x1130 [0179.976] GetCurrentThreadId () returned 0x1130 [0179.976] malloc (_Size=0x64) returned 0x1d0520 [0179.976] free (_Block=0x1d0520) [0179.976] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.977] GetTickCount () returned 0x116da1b [0179.977] GetCurrentThreadId () returned 0x1130 [0179.977] GetCurrentThreadId () returned 0x1130 [0179.977] GetCurrentThreadId () returned 0x1130 [0179.977] GetCurrentThreadId () returned 0x1130 [0179.977] GetCurrentThreadId () returned 0x1130 [0179.977] GetCurrentThreadId () returned 0x1130 [0179.977] GetCurrentThreadId () returned 0x1130 [0179.977] malloc (_Size=0x64) returned 0x1d0520 [0179.977] free (_Block=0x1d0520) [0179.977] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.978] GetTickCount () returned 0x116da1b [0179.978] GetCurrentThreadId () returned 0x1130 [0179.978] GetCurrentThreadId () returned 0x1130 [0179.979] GetCurrentThreadId () returned 0x1130 [0179.979] GetCurrentThreadId () returned 0x1130 [0179.979] GetCurrentThreadId () returned 0x1130 [0179.979] GetCurrentThreadId () returned 0x1130 [0179.979] GetCurrentThreadId () returned 0x1130 [0179.979] malloc (_Size=0x64) returned 0x1d0520 [0179.979] free (_Block=0x1d0520) [0179.979] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.980] GetTickCount () returned 0x116da1b [0179.980] GetCurrentThreadId () returned 0x1130 [0179.980] GetCurrentThreadId () returned 0x1130 [0179.980] GetCurrentThreadId () returned 0x1130 [0179.980] GetCurrentThreadId () returned 0x1130 [0179.980] GetCurrentThreadId () returned 0x1130 [0179.980] GetCurrentThreadId () returned 0x1130 [0179.980] GetCurrentThreadId () returned 0x1130 [0179.980] malloc (_Size=0x64) returned 0x1d0520 [0179.980] free (_Block=0x1d0520) [0179.980] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.982] GetTickCount () returned 0x116da2b [0179.982] GetCurrentThreadId () returned 0x1130 [0179.982] GetCurrentThreadId () returned 0x1130 [0179.982] GetCurrentThreadId () returned 0x1130 [0179.982] GetCurrentThreadId () returned 0x1130 [0179.982] GetCurrentThreadId () returned 0x1130 [0179.982] GetCurrentThreadId () returned 0x1130 [0179.982] GetCurrentThreadId () returned 0x1130 [0179.982] malloc (_Size=0x64) returned 0x1d0520 [0179.983] free (_Block=0x1d0520) [0179.983] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.984] GetTickCount () returned 0x116da2b [0179.984] GetCurrentThreadId () returned 0x1130 [0179.984] GetCurrentThreadId () returned 0x1130 [0179.985] GetCurrentThreadId () returned 0x1130 [0179.985] GetCurrentThreadId () returned 0x1130 [0179.985] GetCurrentThreadId () returned 0x1130 [0179.985] GetCurrentThreadId () returned 0x1130 [0179.985] GetCurrentThreadId () returned 0x1130 [0179.985] malloc (_Size=0x64) returned 0x1d0520 [0179.985] free (_Block=0x1d0520) [0179.985] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.986] GetTickCount () returned 0x116da2b [0179.986] GetCurrentThreadId () returned 0x1130 [0179.986] GetCurrentThreadId () returned 0x1130 [0179.986] GetCurrentThreadId () returned 0x1130 [0179.986] GetCurrentThreadId () returned 0x1130 [0179.986] GetCurrentThreadId () returned 0x1130 [0179.986] GetCurrentThreadId () returned 0x1130 [0179.986] GetCurrentThreadId () returned 0x1130 [0179.986] malloc (_Size=0x64) returned 0x1d0520 [0179.986] free (_Block=0x1d0520) [0179.986] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.987] GetTickCount () returned 0x116da2b [0179.987] GetCurrentThreadId () returned 0x1130 [0179.987] GetCurrentThreadId () returned 0x1130 [0179.987] GetCurrentThreadId () returned 0x1130 [0179.988] GetCurrentThreadId () returned 0x1130 [0179.988] GetCurrentThreadId () returned 0x1130 [0179.988] GetCurrentThreadId () returned 0x1130 [0179.988] GetCurrentThreadId () returned 0x1130 [0179.988] malloc (_Size=0x64) returned 0x1d0520 [0179.988] free (_Block=0x1d0520) [0179.988] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.989] GetTickCount () returned 0x116da2b [0179.989] GetCurrentThreadId () returned 0x1130 [0179.989] GetCurrentThreadId () returned 0x1130 [0179.989] GetCurrentThreadId () returned 0x1130 [0179.989] GetCurrentThreadId () returned 0x1130 [0179.989] GetCurrentThreadId () returned 0x1130 [0179.989] GetCurrentThreadId () returned 0x1130 [0179.989] GetCurrentThreadId () returned 0x1130 [0179.989] malloc (_Size=0x64) returned 0x1d0520 [0179.989] free (_Block=0x1d0520) [0179.989] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.990] GetTickCount () returned 0x116da2b [0179.990] GetCurrentThreadId () returned 0x1130 [0179.990] GetCurrentThreadId () returned 0x1130 [0179.990] GetCurrentThreadId () returned 0x1130 [0179.990] GetCurrentThreadId () returned 0x1130 [0179.990] GetCurrentThreadId () returned 0x1130 [0179.990] GetCurrentThreadId () returned 0x1130 [0179.990] GetCurrentThreadId () returned 0x1130 [0179.990] malloc (_Size=0x64) returned 0x1d0520 [0179.991] free (_Block=0x1d0520) [0179.991] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.992] GetTickCount () returned 0x116da2b [0179.992] GetCurrentThreadId () returned 0x1130 [0179.992] GetCurrentThreadId () returned 0x1130 [0179.992] GetCurrentThreadId () returned 0x1130 [0179.992] GetCurrentThreadId () returned 0x1130 [0179.992] GetCurrentThreadId () returned 0x1130 [0179.992] GetCurrentThreadId () returned 0x1130 [0179.992] GetCurrentThreadId () returned 0x1130 [0179.992] malloc (_Size=0x64) returned 0x1d0520 [0179.992] free (_Block=0x1d0520) [0179.992] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.993] GetTickCount () returned 0x116da2b [0179.993] GetCurrentThreadId () returned 0x1130 [0179.993] GetCurrentThreadId () returned 0x1130 [0179.993] GetCurrentThreadId () returned 0x1130 [0179.993] GetCurrentThreadId () returned 0x1130 [0179.993] GetCurrentThreadId () returned 0x1130 [0179.993] GetCurrentThreadId () returned 0x1130 [0179.993] GetCurrentThreadId () returned 0x1130 [0179.993] malloc (_Size=0x64) returned 0x1d0520 [0179.993] free (_Block=0x1d0520) [0179.993] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.994] GetTickCount () returned 0x116da2b [0179.994] GetCurrentThreadId () returned 0x1130 [0179.994] GetCurrentThreadId () returned 0x1130 [0179.994] GetCurrentThreadId () returned 0x1130 [0179.994] GetCurrentThreadId () returned 0x1130 [0179.994] GetCurrentThreadId () returned 0x1130 [0179.994] GetCurrentThreadId () returned 0x1130 [0179.994] GetCurrentThreadId () returned 0x1130 [0179.994] malloc (_Size=0x64) returned 0x1d0520 [0179.995] free (_Block=0x1d0520) [0179.995] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.996] GetTickCount () returned 0x116da3b [0179.996] GetCurrentThreadId () returned 0x1130 [0179.996] GetCurrentThreadId () returned 0x1130 [0179.996] GetCurrentThreadId () returned 0x1130 [0179.996] GetCurrentThreadId () returned 0x1130 [0179.996] GetCurrentThreadId () returned 0x1130 [0179.996] GetCurrentThreadId () returned 0x1130 [0179.996] GetCurrentThreadId () returned 0x1130 [0179.996] malloc (_Size=0x64) returned 0x1d0520 [0179.996] free (_Block=0x1d0520) [0179.996] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.997] GetTickCount () returned 0x116da3b [0179.997] GetCurrentThreadId () returned 0x1130 [0179.997] GetCurrentThreadId () returned 0x1130 [0179.997] GetCurrentThreadId () returned 0x1130 [0179.997] GetCurrentThreadId () returned 0x1130 [0179.997] GetCurrentThreadId () returned 0x1130 [0179.997] GetCurrentThreadId () returned 0x1130 [0179.997] GetCurrentThreadId () returned 0x1130 [0179.997] malloc (_Size=0x64) returned 0x1d0520 [0179.997] free (_Block=0x1d0520) [0179.997] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0179.998] GetTickCount () returned 0x116da3b [0179.998] GetCurrentThreadId () returned 0x1130 [0179.998] GetCurrentThreadId () returned 0x1130 [0179.998] GetCurrentThreadId () returned 0x1130 [0179.998] GetCurrentThreadId () returned 0x1130 [0179.998] GetCurrentThreadId () returned 0x1130 [0179.998] GetCurrentThreadId () returned 0x1130 [0179.998] GetCurrentThreadId () returned 0x1130 [0179.999] malloc (_Size=0x64) returned 0x1d0520 [0179.999] free (_Block=0x1d0520) [0179.999] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.000] GetTickCount () returned 0x116da3b [0180.000] GetCurrentThreadId () returned 0x1130 [0180.000] GetCurrentThreadId () returned 0x1130 [0180.000] GetCurrentThreadId () returned 0x1130 [0180.000] GetCurrentThreadId () returned 0x1130 [0180.000] GetCurrentThreadId () returned 0x1130 [0180.000] GetCurrentThreadId () returned 0x1130 [0180.000] GetCurrentThreadId () returned 0x1130 [0180.000] malloc (_Size=0x64) returned 0x1d0520 [0180.000] free (_Block=0x1d0520) [0180.000] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.001] GetTickCount () returned 0x116da3b [0180.001] GetCurrentThreadId () returned 0x1130 [0180.001] GetCurrentThreadId () returned 0x1130 [0180.001] GetCurrentThreadId () returned 0x1130 [0180.001] GetCurrentThreadId () returned 0x1130 [0180.001] malloc (_Size=0x64) returned 0x1d0520 [0180.002] free (_Block=0x1d0520) [0180.002] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.003] GetTickCount () returned 0x116da3b [0180.003] GetCurrentThreadId () returned 0x1130 [0180.003] malloc (_Size=0x64) returned 0x1d0520 [0180.003] free (_Block=0x1d0520) [0180.003] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.005] GetTickCount () returned 0x116da3b [0180.005] GetCurrentThreadId () returned 0x1130 [0180.005] malloc (_Size=0x64) returned 0x1d0520 [0180.005] free (_Block=0x1d0520) [0180.005] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.006] GetTickCount () returned 0x116da3b [0180.006] GetCurrentThreadId () returned 0x1130 [0180.007] malloc (_Size=0x64) returned 0x1d0520 [0180.007] free (_Block=0x1d0520) [0180.007] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.008] GetTickCount () returned 0x116da3b [0180.008] GetCurrentThreadId () returned 0x1130 [0180.008] malloc (_Size=0x64) returned 0x1d0520 [0180.008] free (_Block=0x1d0520) [0180.008] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.010] GetTickCount () returned 0x116da3b [0180.010] GetCurrentThreadId () returned 0x1130 [0180.010] malloc (_Size=0x64) returned 0x1d0520 [0180.010] free (_Block=0x1d0520) [0180.010] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.011] GetTickCount () returned 0x116da3b [0180.011] GetCurrentThreadId () returned 0x1130 [0180.106] malloc (_Size=0x64) returned 0x1d0520 [0180.106] free (_Block=0x1d0520) [0180.106] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.108] GetTickCount () returned 0x116daa8 [0180.108] GetCurrentThreadId () returned 0x1130 [0180.108] malloc (_Size=0x64) returned 0x1d0520 [0180.108] free (_Block=0x1d0520) [0180.108] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.109] GetTickCount () returned 0x116daa8 [0180.109] GetCurrentThreadId () returned 0x1130 [0180.109] malloc (_Size=0x64) returned 0x1d0520 [0180.109] free (_Block=0x1d0520) [0180.109] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.110] GetTickCount () returned 0x116daa8 [0180.110] GetCurrentThreadId () returned 0x1130 [0180.110] malloc (_Size=0x64) returned 0x1d0520 [0180.110] free (_Block=0x1d0520) [0180.111] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.112] GetTickCount () returned 0x116daa8 [0180.112] GetCurrentThreadId () returned 0x1130 [0180.112] malloc (_Size=0x64) returned 0x1d0520 [0180.112] free (_Block=0x1d0520) [0180.112] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.113] GetTickCount () returned 0x116daa8 [0180.113] GetCurrentThreadId () returned 0x1130 [0180.113] malloc (_Size=0x64) returned 0x1d0520 [0180.113] free (_Block=0x1d0520) [0180.114] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.115] GetTickCount () returned 0x116daa8 [0180.115] GetCurrentThreadId () returned 0x1130 [0180.115] malloc (_Size=0x64) returned 0x1d0520 [0180.115] free (_Block=0x1d0520) [0180.115] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.116] GetTickCount () returned 0x116daa8 [0180.116] GetCurrentThreadId () returned 0x1130 [0180.116] malloc (_Size=0x64) returned 0x1d0520 [0180.116] free (_Block=0x1d0520) [0180.117] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.118] GetTickCount () returned 0x116daa8 [0180.118] GetCurrentThreadId () returned 0x1130 [0180.118] malloc (_Size=0x64) returned 0x1d0520 [0180.118] free (_Block=0x1d0520) [0180.118] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.119] GetTickCount () returned 0x116daa8 [0180.119] GetCurrentThreadId () returned 0x1130 [0180.119] malloc (_Size=0x64) returned 0x1d0520 [0180.119] free (_Block=0x1d0520) [0180.119] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.121] GetTickCount () returned 0x116dab8 [0180.121] GetCurrentThreadId () returned 0x1130 [0180.121] malloc (_Size=0x64) returned 0x1d0520 [0180.121] free (_Block=0x1d0520) [0180.121] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.122] GetTickCount () returned 0x116dab8 [0180.123] GetCurrentThreadId () returned 0x1130 [0180.123] malloc (_Size=0x64) returned 0x1d0520 [0180.123] free (_Block=0x1d0520) [0180.123] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.124] GetTickCount () returned 0x116dab8 [0180.124] GetCurrentThreadId () returned 0x1130 [0180.124] malloc (_Size=0x64) returned 0x1d0520 [0180.125] free (_Block=0x1d0520) [0180.125] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.126] GetTickCount () returned 0x116dab8 [0180.126] GetCurrentThreadId () returned 0x1130 [0180.126] malloc (_Size=0x64) returned 0x1d0520 [0180.126] free (_Block=0x1d0520) [0180.126] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.127] GetTickCount () returned 0x116dab8 [0180.127] GetCurrentThreadId () returned 0x1130 [0180.128] malloc (_Size=0x64) returned 0x1d0520 [0180.128] free (_Block=0x1d0520) [0180.128] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.129] GetTickCount () returned 0x116dab8 [0180.129] GetCurrentThreadId () returned 0x1130 [0180.129] malloc (_Size=0x64) returned 0x1d0520 [0180.129] free (_Block=0x1d0520) [0180.130] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.131] GetTickCount () returned 0x116dab8 [0180.131] GetCurrentThreadId () returned 0x1130 [0180.131] malloc (_Size=0x64) returned 0x1d0520 [0180.131] free (_Block=0x1d0520) [0180.131] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.133] GetTickCount () returned 0x116dab8 [0180.133] GetCurrentThreadId () returned 0x1130 [0180.133] malloc (_Size=0x64) returned 0x1d0520 [0180.133] free (_Block=0x1d0520) [0180.133] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.135] GetTickCount () returned 0x116dab8 [0180.135] GetCurrentThreadId () returned 0x1130 [0180.135] malloc (_Size=0x64) returned 0x1d0520 [0180.135] free (_Block=0x1d0520) [0180.135] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.137] GetTickCount () returned 0x116dac7 [0180.137] GetCurrentThreadId () returned 0x1130 [0180.137] malloc (_Size=0x64) returned 0x1d0520 [0180.137] free (_Block=0x1d0520) [0180.137] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.138] GetTickCount () returned 0x116dac7 [0180.139] GetCurrentThreadId () returned 0x1130 [0180.139] malloc (_Size=0x64) returned 0x1d0520 [0180.139] free (_Block=0x1d0520) [0180.139] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.140] GetTickCount () returned 0x116dac7 [0180.140] GetCurrentThreadId () returned 0x1130 [0180.140] malloc (_Size=0x64) returned 0x1d0520 [0180.141] free (_Block=0x1d0520) [0180.141] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.142] GetTickCount () returned 0x116dac7 [0180.142] GetCurrentThreadId () returned 0x1130 [0180.142] malloc (_Size=0x64) returned 0x1d0520 [0180.142] free (_Block=0x1d0520) [0180.142] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.144] GetTickCount () returned 0x116dac7 [0180.144] GetCurrentThreadId () returned 0x1130 [0180.144] malloc (_Size=0x64) returned 0x1d0520 [0180.144] free (_Block=0x1d0520) [0180.144] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.146] GetTickCount () returned 0x116dac7 [0180.146] GetCurrentThreadId () returned 0x1130 [0180.146] malloc (_Size=0x64) returned 0x1d0520 [0180.146] free (_Block=0x1d0520) [0180.146] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.148] GetTickCount () returned 0x116dac7 [0180.148] GetCurrentThreadId () returned 0x1130 [0180.148] malloc (_Size=0x64) returned 0x1d0520 [0180.148] free (_Block=0x1d0520) [0180.148] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.149] GetTickCount () returned 0x116dac7 [0180.149] GetCurrentThreadId () returned 0x1130 [0180.149] malloc (_Size=0x64) returned 0x1d0520 [0180.149] free (_Block=0x1d0520) [0180.149] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.151] GetTickCount () returned 0x116dac7 [0180.151] GetCurrentThreadId () returned 0x1130 [0180.151] malloc (_Size=0x64) returned 0x1d0520 [0180.151] free (_Block=0x1d0520) [0180.151] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.201] GetTickCount () returned 0x116db06 [0180.201] GetCurrentThreadId () returned 0x1130 [0180.201] malloc (_Size=0x64) returned 0x1d0520 [0180.202] free (_Block=0x1d0520) [0180.202] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.203] GetTickCount () returned 0x116db06 [0180.203] GetCurrentThreadId () returned 0x1130 [0180.203] malloc (_Size=0x64) returned 0x1d0520 [0180.203] free (_Block=0x1d0520) [0180.203] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.205] GetTickCount () returned 0x116db06 [0180.205] GetCurrentThreadId () returned 0x1130 [0180.205] malloc (_Size=0x64) returned 0x1d0520 [0180.205] free (_Block=0x1d0520) [0180.205] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.207] GetTickCount () returned 0x116db06 [0180.207] GetCurrentThreadId () returned 0x1130 [0180.207] malloc (_Size=0x64) returned 0x1d0520 [0180.207] free (_Block=0x1d0520) [0180.207] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.208] GetTickCount () returned 0x116db06 [0180.208] GetCurrentThreadId () returned 0x1130 [0180.208] malloc (_Size=0x64) returned 0x1d0520 [0180.208] free (_Block=0x1d0520) [0180.208] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.210] GetTickCount () returned 0x116db06 [0180.210] GetCurrentThreadId () returned 0x1130 [0180.210] malloc (_Size=0x64) returned 0x1d0520 [0180.210] free (_Block=0x1d0520) [0180.210] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.211] GetTickCount () returned 0x116db06 [0180.211] GetCurrentThreadId () returned 0x1130 [0180.211] malloc (_Size=0x64) returned 0x1d0520 [0180.211] free (_Block=0x1d0520) [0180.212] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.213] GetTickCount () returned 0x116db06 [0180.213] GetCurrentThreadId () returned 0x1130 [0180.213] malloc (_Size=0x64) returned 0x1d0520 [0180.213] free (_Block=0x1d0520) [0180.213] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.214] GetTickCount () returned 0x116db06 [0180.214] GetCurrentThreadId () returned 0x1130 [0180.214] malloc (_Size=0x64) returned 0x1d0520 [0180.214] free (_Block=0x1d0520) [0180.214] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.216] GetTickCount () returned 0x116db15 [0180.216] GetCurrentThreadId () returned 0x1130 [0180.216] malloc (_Size=0x64) returned 0x1d0520 [0180.216] free (_Block=0x1d0520) [0180.216] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.217] GetTickCount () returned 0x116db15 [0180.218] GetCurrentThreadId () returned 0x1130 [0180.218] malloc (_Size=0x64) returned 0x1d0520 [0180.218] free (_Block=0x1d0520) [0180.218] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.219] GetTickCount () returned 0x116db15 [0180.219] GetCurrentThreadId () returned 0x1130 [0180.219] malloc (_Size=0x64) returned 0x1d0520 [0180.219] free (_Block=0x1d0520) [0180.219] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.220] GetTickCount () returned 0x116db15 [0180.220] GetCurrentThreadId () returned 0x1130 [0180.221] malloc (_Size=0x64) returned 0x1d0520 [0180.221] free (_Block=0x1d0520) [0180.221] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.222] GetTickCount () returned 0x116db15 [0180.222] GetCurrentThreadId () returned 0x1130 [0180.222] malloc (_Size=0x64) returned 0x1d0520 [0180.222] free (_Block=0x1d0520) [0180.222] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.223] GetTickCount () returned 0x116db15 [0180.223] GetCurrentThreadId () returned 0x1130 [0180.223] malloc (_Size=0x64) returned 0x1d0520 [0180.224] free (_Block=0x1d0520) [0180.224] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.225] GetTickCount () returned 0x116db15 [0180.225] GetCurrentThreadId () returned 0x1130 [0180.225] malloc (_Size=0x64) returned 0x1d0520 [0180.225] free (_Block=0x1d0520) [0180.225] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.227] GetTickCount () returned 0x116db15 [0180.227] GetCurrentThreadId () returned 0x1130 [0180.227] malloc (_Size=0x64) returned 0x1d0520 [0180.227] free (_Block=0x1d0520) [0180.227] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.228] GetTickCount () returned 0x116db15 [0180.228] GetCurrentThreadId () returned 0x1130 [0180.229] malloc (_Size=0x64) returned 0x1d0520 [0180.229] free (_Block=0x1d0520) [0180.229] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.230] GetTickCount () returned 0x116db25 [0180.230] GetCurrentThreadId () returned 0x1130 [0180.230] malloc (_Size=0x64) returned 0x1d0520 [0180.230] free (_Block=0x1d0520) [0180.230] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.231] GetTickCount () returned 0x116db25 [0180.231] GetCurrentThreadId () returned 0x1130 [0180.231] malloc (_Size=0x64) returned 0x1d0520 [0180.232] free (_Block=0x1d0520) [0180.232] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.233] GetTickCount () returned 0x116db25 [0180.233] GetCurrentThreadId () returned 0x1130 [0180.233] malloc (_Size=0x64) returned 0x1d0520 [0180.234] free (_Block=0x1d0520) [0180.234] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.235] GetTickCount () returned 0x116db25 [0180.235] GetCurrentThreadId () returned 0x1130 [0180.236] malloc (_Size=0x64) returned 0x1d0520 [0180.236] free (_Block=0x1d0520) [0180.236] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.238] GetTickCount () returned 0x116db25 [0180.238] GetCurrentThreadId () returned 0x1130 [0180.238] malloc (_Size=0x64) returned 0x1d0520 [0180.238] free (_Block=0x1d0520) [0180.238] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.240] GetTickCount () returned 0x116db25 [0180.240] GetCurrentThreadId () returned 0x1130 [0180.240] malloc (_Size=0x64) returned 0x1d0520 [0180.240] free (_Block=0x1d0520) [0180.240] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.242] GetTickCount () returned 0x116db25 [0180.242] GetCurrentThreadId () returned 0x1130 [0180.242] malloc (_Size=0x64) returned 0x1d0520 [0180.242] free (_Block=0x1d0520) [0180.242] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.243] GetTickCount () returned 0x116db25 [0180.243] GetCurrentThreadId () returned 0x1130 [0180.244] malloc (_Size=0x64) returned 0x1d0520 [0180.244] free (_Block=0x1d0520) [0180.244] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.245] GetTickCount () returned 0x116db25 [0180.245] GetCurrentThreadId () returned 0x1130 [0180.245] malloc (_Size=0x64) returned 0x1d0520 [0180.245] free (_Block=0x1d0520) [0180.245] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.293] GetTickCount () returned 0x116db63 [0180.293] GetCurrentThreadId () returned 0x1130 [0180.293] malloc (_Size=0x64) returned 0x1d0520 [0180.293] free (_Block=0x1d0520) [0180.293] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.294] GetTickCount () returned 0x116db63 [0180.294] GetCurrentThreadId () returned 0x1130 [0180.294] malloc (_Size=0x64) returned 0x1d0520 [0180.294] free (_Block=0x1d0520) [0180.295] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.296] GetTickCount () returned 0x116db63 [0180.296] GetCurrentThreadId () returned 0x1130 [0180.296] malloc (_Size=0x64) returned 0x1d0520 [0180.296] free (_Block=0x1d0520) [0180.296] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.297] GetTickCount () returned 0x116db63 [0180.297] GetCurrentThreadId () returned 0x1130 [0180.297] malloc (_Size=0x64) returned 0x1d0520 [0180.297] free (_Block=0x1d0520) [0180.297] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.298] GetTickCount () returned 0x116db63 [0180.298] GetCurrentThreadId () returned 0x1130 [0180.298] malloc (_Size=0x64) returned 0x1d0520 [0180.299] free (_Block=0x1d0520) [0180.299] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.300] GetTickCount () returned 0x116db63 [0180.300] GetCurrentThreadId () returned 0x1130 [0180.300] malloc (_Size=0x64) returned 0x1d0520 [0180.300] free (_Block=0x1d0520) [0180.300] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.301] GetTickCount () returned 0x116db63 [0180.301] GetCurrentThreadId () returned 0x1130 [0180.301] malloc (_Size=0x64) returned 0x1d0520 [0180.301] free (_Block=0x1d0520) [0180.301] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.302] GetTickCount () returned 0x116db63 [0180.302] GetCurrentThreadId () returned 0x1130 [0180.303] malloc (_Size=0x64) returned 0x1d0520 [0180.303] free (_Block=0x1d0520) [0180.303] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.304] GetTickCount () returned 0x116db63 [0180.304] GetCurrentThreadId () returned 0x1130 [0180.304] GetCurrentThreadId () returned 0x1130 [0180.304] GetCurrentThreadId () returned 0x1130 [0180.304] GetCurrentThreadId () returned 0x1130 [0180.304] GetCurrentThreadId () returned 0x1130 [0180.304] GetCurrentThreadId () returned 0x1130 [0180.304] GetCurrentThreadId () returned 0x1130 [0180.304] malloc (_Size=0x64) returned 0x1d0520 [0180.305] free (_Block=0x1d0520) [0180.305] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.305] GetTickCount () returned 0x116db63 [0180.305] GetCurrentThreadId () returned 0x1130 [0180.306] GetCurrentThreadId () returned 0x1130 [0180.306] GetCurrentThreadId () returned 0x1130 [0180.306] GetCurrentThreadId () returned 0x1130 [0180.306] GetCurrentThreadId () returned 0x1130 [0180.306] GetCurrentThreadId () returned 0x1130 [0180.306] GetCurrentThreadId () returned 0x1130 [0180.306] malloc (_Size=0x64) returned 0x1d0520 [0180.306] free (_Block=0x1d0520) [0180.306] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.307] GetTickCount () returned 0x116db63 [0180.307] GetCurrentThreadId () returned 0x1130 [0180.307] GetCurrentThreadId () returned 0x1130 [0180.307] GetCurrentThreadId () returned 0x1130 [0180.307] GetCurrentThreadId () returned 0x1130 [0180.307] GetCurrentThreadId () returned 0x1130 [0180.307] GetCurrentThreadId () returned 0x1130 [0180.307] GetCurrentThreadId () returned 0x1130 [0180.307] malloc (_Size=0x64) returned 0x1d0520 [0180.307] free (_Block=0x1d0520) [0180.307] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.308] GetTickCount () returned 0x116db63 [0180.308] GetCurrentThreadId () returned 0x1130 [0180.308] GetCurrentThreadId () returned 0x1130 [0180.310] GetCurrentThreadId () returned 0x1130 [0180.310] GetCurrentThreadId () returned 0x1130 [0180.310] GetCurrentThreadId () returned 0x1130 [0180.310] GetCurrentThreadId () returned 0x1130 [0180.310] GetCurrentThreadId () returned 0x1130 [0180.310] malloc (_Size=0x64) returned 0x1d0520 [0180.310] free (_Block=0x1d0520) [0180.310] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.311] GetTickCount () returned 0x116db73 [0180.311] GetCurrentThreadId () returned 0x1130 [0180.311] GetCurrentThreadId () returned 0x1130 [0180.311] GetCurrentThreadId () returned 0x1130 [0180.311] GetCurrentThreadId () returned 0x1130 [0180.311] GetCurrentThreadId () returned 0x1130 [0180.311] GetCurrentThreadId () returned 0x1130 [0180.311] GetCurrentThreadId () returned 0x1130 [0180.311] malloc (_Size=0x64) returned 0x1d0520 [0180.312] free (_Block=0x1d0520) [0180.312] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.313] GetTickCount () returned 0x116db73 [0180.313] GetCurrentThreadId () returned 0x1130 [0180.313] GetCurrentThreadId () returned 0x1130 [0180.313] GetCurrentThreadId () returned 0x1130 [0180.313] GetCurrentThreadId () returned 0x1130 [0180.313] GetCurrentThreadId () returned 0x1130 [0180.313] GetCurrentThreadId () returned 0x1130 [0180.313] GetCurrentThreadId () returned 0x1130 [0180.313] malloc (_Size=0x64) returned 0x1d0520 [0180.313] free (_Block=0x1d0520) [0180.313] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.314] GetTickCount () returned 0x116db73 [0180.314] GetCurrentThreadId () returned 0x1130 [0180.314] GetCurrentThreadId () returned 0x1130 [0180.314] GetCurrentThreadId () returned 0x1130 [0180.314] GetCurrentThreadId () returned 0x1130 [0180.315] GetCurrentThreadId () returned 0x1130 [0180.315] GetCurrentThreadId () returned 0x1130 [0180.315] GetCurrentThreadId () returned 0x1130 [0180.315] malloc (_Size=0x64) returned 0x1d0520 [0180.315] free (_Block=0x1d0520) [0180.315] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.316] GetTickCount () returned 0x116db73 [0180.316] GetCurrentThreadId () returned 0x1130 [0180.316] GetCurrentThreadId () returned 0x1130 [0180.316] GetCurrentThreadId () returned 0x1130 [0180.316] GetCurrentThreadId () returned 0x1130 [0180.316] GetCurrentThreadId () returned 0x1130 [0180.316] GetCurrentThreadId () returned 0x1130 [0180.316] GetCurrentThreadId () returned 0x1130 [0180.316] malloc (_Size=0x64) returned 0x1d0520 [0180.316] free (_Block=0x1d0520) [0180.317] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.318] GetTickCount () returned 0x116db73 [0180.318] GetCurrentThreadId () returned 0x1130 [0180.318] GetCurrentThreadId () returned 0x1130 [0180.318] GetCurrentThreadId () returned 0x1130 [0180.318] GetCurrentThreadId () returned 0x1130 [0180.318] GetCurrentThreadId () returned 0x1130 [0180.318] GetCurrentThreadId () returned 0x1130 [0180.318] GetCurrentThreadId () returned 0x1130 [0180.318] malloc (_Size=0x64) returned 0x1d0520 [0180.318] free (_Block=0x1d0520) [0180.318] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.320] GetTickCount () returned 0x116db73 [0180.320] GetCurrentThreadId () returned 0x1130 [0180.320] GetCurrentThreadId () returned 0x1130 [0180.320] GetCurrentThreadId () returned 0x1130 [0180.320] GetCurrentThreadId () returned 0x1130 [0180.320] GetCurrentThreadId () returned 0x1130 [0180.320] GetCurrentThreadId () returned 0x1130 [0180.320] GetCurrentThreadId () returned 0x1130 [0180.320] malloc (_Size=0x64) returned 0x1d0520 [0180.321] free (_Block=0x1d0520) [0180.321] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.322] GetTickCount () returned 0x116db73 [0180.322] GetCurrentThreadId () returned 0x1130 [0180.322] GetCurrentThreadId () returned 0x1130 [0180.322] GetCurrentThreadId () returned 0x1130 [0180.322] GetCurrentThreadId () returned 0x1130 [0180.322] GetCurrentThreadId () returned 0x1130 [0180.322] GetCurrentThreadId () returned 0x1130 [0180.322] GetCurrentThreadId () returned 0x1130 [0180.323] malloc (_Size=0x64) returned 0x1d0520 [0180.323] free (_Block=0x1d0520) [0180.323] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.324] GetTickCount () returned 0x116db83 [0180.324] GetCurrentThreadId () returned 0x1130 [0180.324] GetCurrentThreadId () returned 0x1130 [0180.324] GetCurrentThreadId () returned 0x1130 [0180.324] GetCurrentThreadId () returned 0x1130 [0180.324] GetCurrentThreadId () returned 0x1130 [0180.324] GetCurrentThreadId () returned 0x1130 [0180.325] GetCurrentThreadId () returned 0x1130 [0180.325] malloc (_Size=0x64) returned 0x1d0520 [0180.325] free (_Block=0x1d0520) [0180.325] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.326] GetTickCount () returned 0x116db83 [0180.326] GetCurrentThreadId () returned 0x1130 [0180.326] GetCurrentThreadId () returned 0x1130 [0180.326] GetCurrentThreadId () returned 0x1130 [0180.326] GetCurrentThreadId () returned 0x1130 [0180.326] GetCurrentThreadId () returned 0x1130 [0180.326] GetCurrentThreadId () returned 0x1130 [0180.326] GetCurrentThreadId () returned 0x1130 [0180.327] malloc (_Size=0x64) returned 0x1d0520 [0180.327] free (_Block=0x1d0520) [0180.327] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.328] GetTickCount () returned 0x116db83 [0180.328] GetCurrentThreadId () returned 0x1130 [0180.328] GetCurrentThreadId () returned 0x1130 [0180.328] GetCurrentThreadId () returned 0x1130 [0180.328] GetCurrentThreadId () returned 0x1130 [0180.328] GetCurrentThreadId () returned 0x1130 [0180.328] GetCurrentThreadId () returned 0x1130 [0180.328] GetCurrentThreadId () returned 0x1130 [0180.328] malloc (_Size=0x64) returned 0x1d0520 [0180.328] free (_Block=0x1d0520) [0180.328] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.329] GetTickCount () returned 0x116db83 [0180.329] GetCurrentThreadId () returned 0x1130 [0180.329] GetCurrentThreadId () returned 0x1130 [0180.329] GetCurrentThreadId () returned 0x1130 [0180.329] GetCurrentThreadId () returned 0x1130 [0180.329] GetCurrentThreadId () returned 0x1130 [0180.329] GetCurrentThreadId () returned 0x1130 [0180.329] GetCurrentThreadId () returned 0x1130 [0180.329] malloc (_Size=0x64) returned 0x1d0520 [0180.330] free (_Block=0x1d0520) [0180.330] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.331] GetTickCount () returned 0x116db83 [0180.331] GetCurrentThreadId () returned 0x1130 [0180.331] GetCurrentThreadId () returned 0x1130 [0180.331] GetCurrentThreadId () returned 0x1130 [0180.331] GetCurrentThreadId () returned 0x1130 [0180.331] GetCurrentThreadId () returned 0x1130 [0180.331] GetCurrentThreadId () returned 0x1130 [0180.331] GetCurrentThreadId () returned 0x1130 [0180.331] malloc (_Size=0x64) returned 0x1d0520 [0180.331] free (_Block=0x1d0520) [0180.331] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.332] GetTickCount () returned 0x116db83 [0180.332] GetCurrentThreadId () returned 0x1130 [0180.332] GetCurrentThreadId () returned 0x1130 [0180.332] GetCurrentThreadId () returned 0x1130 [0180.332] GetCurrentThreadId () returned 0x1130 [0180.332] GetCurrentThreadId () returned 0x1130 [0180.332] GetCurrentThreadId () returned 0x1130 [0180.332] GetCurrentThreadId () returned 0x1130 [0180.332] malloc (_Size=0x64) returned 0x1d0520 [0180.332] free (_Block=0x1d0520) [0180.332] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.333] GetTickCount () returned 0x116db83 [0180.333] GetCurrentThreadId () returned 0x1130 [0180.333] GetCurrentThreadId () returned 0x1130 [0180.333] GetCurrentThreadId () returned 0x1130 [0180.333] GetCurrentThreadId () returned 0x1130 [0180.333] GetCurrentThreadId () returned 0x1130 [0180.333] GetCurrentThreadId () returned 0x1130 [0180.333] GetCurrentThreadId () returned 0x1130 [0180.333] malloc (_Size=0x64) returned 0x1d0520 [0180.333] free (_Block=0x1d0520) [0180.333] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.334] GetTickCount () returned 0x116db83 [0180.334] GetCurrentThreadId () returned 0x1130 [0180.334] GetCurrentThreadId () returned 0x1130 [0180.334] GetCurrentThreadId () returned 0x1130 [0180.334] GetCurrentThreadId () returned 0x1130 [0180.334] GetCurrentThreadId () returned 0x1130 [0180.334] GetCurrentThreadId () returned 0x1130 [0180.334] GetCurrentThreadId () returned 0x1130 [0180.334] malloc (_Size=0x64) returned 0x1d0520 [0180.334] free (_Block=0x1d0520) [0180.334] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.335] GetTickCount () returned 0x116db83 [0180.335] GetCurrentThreadId () returned 0x1130 [0180.335] GetCurrentThreadId () returned 0x1130 [0180.335] GetCurrentThreadId () returned 0x1130 [0180.335] GetCurrentThreadId () returned 0x1130 [0180.335] GetCurrentThreadId () returned 0x1130 [0180.335] GetCurrentThreadId () returned 0x1130 [0180.335] GetCurrentThreadId () returned 0x1130 [0180.336] malloc (_Size=0x64) returned 0x1d0520 [0180.336] free (_Block=0x1d0520) [0180.336] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.337] GetTickCount () returned 0x116db83 [0180.337] GetCurrentThreadId () returned 0x1130 [0180.337] GetCurrentThreadId () returned 0x1130 [0180.337] GetCurrentThreadId () returned 0x1130 [0180.337] GetCurrentThreadId () returned 0x1130 [0180.337] GetCurrentThreadId () returned 0x1130 [0180.337] GetCurrentThreadId () returned 0x1130 [0180.337] GetCurrentThreadId () returned 0x1130 [0180.337] malloc (_Size=0x64) returned 0x1d0520 [0180.337] free (_Block=0x1d0520) [0180.338] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.338] GetTickCount () returned 0x116db83 [0180.339] GetCurrentThreadId () returned 0x1130 [0180.339] GetCurrentThreadId () returned 0x1130 [0180.339] GetCurrentThreadId () returned 0x1130 [0180.339] GetCurrentThreadId () returned 0x1130 [0180.339] GetCurrentThreadId () returned 0x1130 [0180.339] GetCurrentThreadId () returned 0x1130 [0180.339] GetCurrentThreadId () returned 0x1130 [0180.339] malloc (_Size=0x64) returned 0x1d0520 [0180.339] free (_Block=0x1d0520) [0180.339] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.378] GetTickCount () returned 0x116dbb2 [0180.378] GetCurrentThreadId () returned 0x1130 [0180.378] GetCurrentThreadId () returned 0x1130 [0180.378] GetCurrentThreadId () returned 0x1130 [0180.378] GetCurrentThreadId () returned 0x1130 [0180.378] GetCurrentThreadId () returned 0x1130 [0180.378] GetCurrentThreadId () returned 0x1130 [0180.378] GetCurrentThreadId () returned 0x1130 [0180.379] malloc (_Size=0x64) returned 0x1d0520 [0180.379] free (_Block=0x1d0520) [0180.379] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.380] GetTickCount () returned 0x116dbb2 [0180.380] GetCurrentThreadId () returned 0x1130 [0180.380] GetCurrentThreadId () returned 0x1130 [0180.380] GetCurrentThreadId () returned 0x1130 [0180.380] GetCurrentThreadId () returned 0x1130 [0180.380] GetCurrentThreadId () returned 0x1130 [0180.380] GetCurrentThreadId () returned 0x1130 [0180.380] GetCurrentThreadId () returned 0x1130 [0180.380] malloc (_Size=0x64) returned 0x1d0520 [0180.380] free (_Block=0x1d0520) [0180.380] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.381] GetTickCount () returned 0x116dbb2 [0180.381] GetCurrentThreadId () returned 0x1130 [0180.381] GetCurrentThreadId () returned 0x1130 [0180.381] GetCurrentThreadId () returned 0x1130 [0180.381] GetCurrentThreadId () returned 0x1130 [0180.381] GetCurrentThreadId () returned 0x1130 [0180.381] GetCurrentThreadId () returned 0x1130 [0180.381] GetCurrentThreadId () returned 0x1130 [0180.381] malloc (_Size=0x64) returned 0x1d0520 [0180.381] free (_Block=0x1d0520) [0180.381] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.382] GetTickCount () returned 0x116dbb2 [0180.382] GetCurrentThreadId () returned 0x1130 [0180.382] GetCurrentThreadId () returned 0x1130 [0180.382] GetCurrentThreadId () returned 0x1130 [0180.382] GetCurrentThreadId () returned 0x1130 [0180.382] GetCurrentThreadId () returned 0x1130 [0180.382] GetCurrentThreadId () returned 0x1130 [0180.382] GetCurrentThreadId () returned 0x1130 [0180.382] malloc (_Size=0x64) returned 0x1d0520 [0180.383] free (_Block=0x1d0520) [0180.383] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.383] GetTickCount () returned 0x116dbb2 [0180.383] GetCurrentThreadId () returned 0x1130 [0180.383] GetCurrentThreadId () returned 0x1130 [0180.383] GetCurrentThreadId () returned 0x1130 [0180.384] GetCurrentThreadId () returned 0x1130 [0180.384] GetCurrentThreadId () returned 0x1130 [0180.384] GetCurrentThreadId () returned 0x1130 [0180.384] GetCurrentThreadId () returned 0x1130 [0180.384] malloc (_Size=0x64) returned 0x1d0520 [0180.384] free (_Block=0x1d0520) [0180.384] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.385] GetTickCount () returned 0x116dbb2 [0180.385] GetCurrentThreadId () returned 0x1130 [0180.385] GetCurrentThreadId () returned 0x1130 [0180.385] GetCurrentThreadId () returned 0x1130 [0180.385] GetCurrentThreadId () returned 0x1130 [0180.385] GetCurrentThreadId () returned 0x1130 [0180.385] GetCurrentThreadId () returned 0x1130 [0180.385] GetCurrentThreadId () returned 0x1130 [0180.385] malloc (_Size=0x64) returned 0x1d0520 [0180.385] free (_Block=0x1d0520) [0180.385] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.386] GetTickCount () returned 0x116dbc1 [0180.386] GetCurrentThreadId () returned 0x1130 [0180.386] GetCurrentThreadId () returned 0x1130 [0180.386] GetCurrentThreadId () returned 0x1130 [0180.386] GetCurrentThreadId () returned 0x1130 [0180.386] GetCurrentThreadId () returned 0x1130 [0180.386] GetCurrentThreadId () returned 0x1130 [0180.386] GetCurrentThreadId () returned 0x1130 [0180.386] malloc (_Size=0x64) returned 0x1d0520 [0180.386] free (_Block=0x1d0520) [0180.386] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.388] GetTickCount () returned 0x116dbc1 [0180.388] GetCurrentThreadId () returned 0x1130 [0180.388] GetCurrentThreadId () returned 0x1130 [0180.388] GetCurrentThreadId () returned 0x1130 [0180.388] GetCurrentThreadId () returned 0x1130 [0180.388] GetCurrentThreadId () returned 0x1130 [0180.388] GetCurrentThreadId () returned 0x1130 [0180.388] GetCurrentThreadId () returned 0x1130 [0180.388] malloc (_Size=0x64) returned 0x1d0520 [0180.388] free (_Block=0x1d0520) [0180.388] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.389] GetTickCount () returned 0x116dbc1 [0180.389] GetCurrentThreadId () returned 0x1130 [0180.389] GetCurrentThreadId () returned 0x1130 [0180.389] GetCurrentThreadId () returned 0x1130 [0180.389] GetCurrentThreadId () returned 0x1130 [0180.389] GetCurrentThreadId () returned 0x1130 [0180.389] GetCurrentThreadId () returned 0x1130 [0180.389] GetCurrentThreadId () returned 0x1130 [0180.389] malloc (_Size=0x64) returned 0x1d0520 [0180.389] free (_Block=0x1d0520) [0180.389] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.390] GetTickCount () returned 0x116dbc1 [0180.390] GetCurrentThreadId () returned 0x1130 [0180.390] GetCurrentThreadId () returned 0x1130 [0180.390] GetCurrentThreadId () returned 0x1130 [0180.390] GetCurrentThreadId () returned 0x1130 [0180.391] GetCurrentThreadId () returned 0x1130 [0180.391] GetCurrentThreadId () returned 0x1130 [0180.391] GetCurrentThreadId () returned 0x1130 [0180.391] malloc (_Size=0x64) returned 0x1d0520 [0180.391] free (_Block=0x1d0520) [0180.391] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.392] GetTickCount () returned 0x116dbc1 [0180.392] GetCurrentThreadId () returned 0x1130 [0180.392] GetCurrentThreadId () returned 0x1130 [0180.392] GetCurrentThreadId () returned 0x1130 [0180.392] GetCurrentThreadId () returned 0x1130 [0180.392] GetCurrentThreadId () returned 0x1130 [0180.392] GetCurrentThreadId () returned 0x1130 [0180.392] GetCurrentThreadId () returned 0x1130 [0180.392] malloc (_Size=0x64) returned 0x1d0520 [0180.392] free (_Block=0x1d0520) [0180.392] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.393] GetTickCount () returned 0x116dbc1 [0180.393] GetCurrentThreadId () returned 0x1130 [0180.393] GetCurrentThreadId () returned 0x1130 [0180.393] GetCurrentThreadId () returned 0x1130 [0180.393] GetCurrentThreadId () returned 0x1130 [0180.393] GetCurrentThreadId () returned 0x1130 [0180.393] GetCurrentThreadId () returned 0x1130 [0180.393] GetCurrentThreadId () returned 0x1130 [0180.394] malloc (_Size=0x64) returned 0x1d0520 [0180.394] free (_Block=0x1d0520) [0180.394] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.395] GetTickCount () returned 0x116dbc1 [0180.395] GetCurrentThreadId () returned 0x1130 [0180.395] GetCurrentThreadId () returned 0x1130 [0180.395] GetCurrentThreadId () returned 0x1130 [0180.395] GetCurrentThreadId () returned 0x1130 [0180.395] GetCurrentThreadId () returned 0x1130 [0180.395] GetCurrentThreadId () returned 0x1130 [0180.395] GetCurrentThreadId () returned 0x1130 [0180.395] malloc (_Size=0x64) returned 0x1d0520 [0180.395] free (_Block=0x1d0520) [0180.395] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.396] GetTickCount () returned 0x116dbc1 [0180.396] GetCurrentThreadId () returned 0x1130 [0180.396] GetCurrentThreadId () returned 0x1130 [0180.396] GetCurrentThreadId () returned 0x1130 [0180.396] GetCurrentThreadId () returned 0x1130 [0180.396] GetCurrentThreadId () returned 0x1130 [0180.396] GetCurrentThreadId () returned 0x1130 [0180.396] GetCurrentThreadId () returned 0x1130 [0180.396] malloc (_Size=0x64) returned 0x1d0520 [0180.397] free (_Block=0x1d0520) [0180.397] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.398] GetTickCount () returned 0x116dbc1 [0180.398] GetCurrentThreadId () returned 0x1130 [0180.398] GetCurrentThreadId () returned 0x1130 [0180.398] GetCurrentThreadId () returned 0x1130 [0180.398] GetCurrentThreadId () returned 0x1130 [0180.398] GetCurrentThreadId () returned 0x1130 [0180.398] GetCurrentThreadId () returned 0x1130 [0180.398] GetCurrentThreadId () returned 0x1130 [0180.398] malloc (_Size=0x64) returned 0x1d0520 [0180.398] free (_Block=0x1d0520) [0180.398] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.399] GetTickCount () returned 0x116dbc1 [0180.399] GetCurrentThreadId () returned 0x1130 [0180.399] GetCurrentThreadId () returned 0x1130 [0180.399] GetCurrentThreadId () returned 0x1130 [0180.399] GetCurrentThreadId () returned 0x1130 [0180.399] GetCurrentThreadId () returned 0x1130 [0180.399] GetCurrentThreadId () returned 0x1130 [0180.399] GetCurrentThreadId () returned 0x1130 [0180.399] malloc (_Size=0x64) returned 0x1d0520 [0180.399] free (_Block=0x1d0520) [0180.399] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.401] GetTickCount () returned 0x116dbc1 [0180.401] GetCurrentThreadId () returned 0x1130 [0180.401] GetCurrentThreadId () returned 0x1130 [0180.401] GetCurrentThreadId () returned 0x1130 [0180.401] GetCurrentThreadId () returned 0x1130 [0180.401] GetCurrentThreadId () returned 0x1130 [0180.401] GetCurrentThreadId () returned 0x1130 [0180.401] GetCurrentThreadId () returned 0x1130 [0180.401] malloc (_Size=0x64) returned 0x1d0520 [0180.401] free (_Block=0x1d0520) [0180.401] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.403] GetTickCount () returned 0x116dbd1 [0180.403] GetCurrentThreadId () returned 0x1130 [0180.403] GetCurrentThreadId () returned 0x1130 [0180.403] GetCurrentThreadId () returned 0x1130 [0180.403] GetCurrentThreadId () returned 0x1130 [0180.403] GetCurrentThreadId () returned 0x1130 [0180.403] GetCurrentThreadId () returned 0x1130 [0180.403] GetCurrentThreadId () returned 0x1130 [0180.403] malloc (_Size=0x64) returned 0x1d0520 [0180.403] free (_Block=0x1d0520) [0180.403] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.404] GetTickCount () returned 0x116dbd1 [0180.404] GetCurrentThreadId () returned 0x1130 [0180.404] GetCurrentThreadId () returned 0x1130 [0180.404] GetCurrentThreadId () returned 0x1130 [0180.404] GetCurrentThreadId () returned 0x1130 [0180.404] GetCurrentThreadId () returned 0x1130 [0180.404] GetCurrentThreadId () returned 0x1130 [0180.404] GetCurrentThreadId () returned 0x1130 [0180.404] malloc (_Size=0x64) returned 0x1d0520 [0180.404] free (_Block=0x1d0520) [0180.404] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.406] GetTickCount () returned 0x116dbd1 [0180.406] GetCurrentThreadId () returned 0x1130 [0180.406] GetCurrentThreadId () returned 0x1130 [0180.406] GetCurrentThreadId () returned 0x1130 [0180.406] GetCurrentThreadId () returned 0x1130 [0180.406] malloc (_Size=0x64) returned 0x1d0520 [0180.406] free (_Block=0x1d0520) [0180.406] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.407] GetTickCount () returned 0x116dbd1 [0180.407] GetCurrentThreadId () returned 0x1130 [0180.407] malloc (_Size=0x64) returned 0x1d0520 [0180.407] free (_Block=0x1d0520) [0180.407] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.408] GetTickCount () returned 0x116dbd1 [0180.408] GetCurrentThreadId () returned 0x1130 [0180.408] malloc (_Size=0x64) returned 0x1d0520 [0180.408] free (_Block=0x1d0520) [0180.409] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.410] GetTickCount () returned 0x116dbd1 [0180.410] GetCurrentThreadId () returned 0x1130 [0180.410] malloc (_Size=0x64) returned 0x1d0520 [0180.410] free (_Block=0x1d0520) [0180.410] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.411] GetTickCount () returned 0x116dbd1 [0180.411] GetCurrentThreadId () returned 0x1130 [0180.411] malloc (_Size=0x64) returned 0x1d0520 [0180.411] free (_Block=0x1d0520) [0180.411] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.412] GetTickCount () returned 0x116dbd1 [0180.412] GetCurrentThreadId () returned 0x1130 [0180.412] malloc (_Size=0x64) returned 0x1d0520 [0180.412] free (_Block=0x1d0520) [0180.412] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.413] GetTickCount () returned 0x116dbd1 [0180.413] GetCurrentThreadId () returned 0x1130 [0180.413] malloc (_Size=0x64) returned 0x1d0520 [0180.413] free (_Block=0x1d0520) [0180.413] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.414] GetTickCount () returned 0x116dbd1 [0180.414] GetCurrentThreadId () returned 0x1130 [0180.415] malloc (_Size=0x64) returned 0x1d0520 [0180.415] free (_Block=0x1d0520) [0180.415] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.416] GetTickCount () returned 0x116dbd1 [0180.416] GetCurrentThreadId () returned 0x1130 [0180.416] malloc (_Size=0x64) returned 0x1d0520 [0180.416] free (_Block=0x1d0520) [0180.416] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.417] GetTickCount () returned 0x116dbd1 [0180.417] GetCurrentThreadId () returned 0x1130 [0180.417] malloc (_Size=0x64) returned 0x1d0520 [0180.417] free (_Block=0x1d0520) [0180.480] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.482] GetTickCount () returned 0x116dc1f [0180.482] GetCurrentThreadId () returned 0x1130 [0180.482] malloc (_Size=0x64) returned 0x1d0520 [0180.482] free (_Block=0x1d0520) [0180.482] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.483] GetTickCount () returned 0x116dc1f [0180.483] GetCurrentThreadId () returned 0x1130 [0180.483] malloc (_Size=0x64) returned 0x1d0520 [0180.483] free (_Block=0x1d0520) [0180.483] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.484] GetTickCount () returned 0x116dc1f [0180.484] GetCurrentThreadId () returned 0x1130 [0180.484] malloc (_Size=0x64) returned 0x1d0520 [0180.484] free (_Block=0x1d0520) [0180.484] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.485] GetTickCount () returned 0x116dc1f [0180.485] GetCurrentThreadId () returned 0x1130 [0180.486] malloc (_Size=0x64) returned 0x1d0520 [0180.486] free (_Block=0x1d0520) [0180.486] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.487] GetTickCount () returned 0x116dc1f [0180.487] GetCurrentThreadId () returned 0x1130 [0180.487] malloc (_Size=0x64) returned 0x1d0520 [0180.487] free (_Block=0x1d0520) [0180.487] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.488] GetTickCount () returned 0x116dc1f [0180.488] GetCurrentThreadId () returned 0x1130 [0180.488] malloc (_Size=0x64) returned 0x1d0520 [0180.488] free (_Block=0x1d0520) [0180.488] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.489] GetTickCount () returned 0x116dc1f [0180.489] GetCurrentThreadId () returned 0x1130 [0180.489] malloc (_Size=0x64) returned 0x1d0520 [0180.489] free (_Block=0x1d0520) [0180.489] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.490] GetTickCount () returned 0x116dc1f [0180.490] GetCurrentThreadId () returned 0x1130 [0180.491] malloc (_Size=0x64) returned 0x1d0520 [0180.491] free (_Block=0x1d0520) [0180.491] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.492] GetTickCount () returned 0x116dc2f [0180.492] GetCurrentThreadId () returned 0x1130 [0180.492] malloc (_Size=0x64) returned 0x1d0520 [0180.492] free (_Block=0x1d0520) [0180.492] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.493] GetTickCount () returned 0x116dc2f [0180.493] GetCurrentThreadId () returned 0x1130 [0180.493] malloc (_Size=0x64) returned 0x1d0520 [0180.493] free (_Block=0x1d0520) [0180.493] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.494] GetTickCount () returned 0x116dc2f [0180.494] GetCurrentThreadId () returned 0x1130 [0180.495] malloc (_Size=0x64) returned 0x1d0520 [0180.495] free (_Block=0x1d0520) [0180.495] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.496] GetTickCount () returned 0x116dc2f [0180.496] GetCurrentThreadId () returned 0x1130 [0180.497] malloc (_Size=0x64) returned 0x1d0520 [0180.497] free (_Block=0x1d0520) [0180.497] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.498] GetTickCount () returned 0x116dc2f [0180.498] GetCurrentThreadId () returned 0x1130 [0180.498] malloc (_Size=0x64) returned 0x1d0520 [0180.498] free (_Block=0x1d0520) [0180.498] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.499] GetTickCount () returned 0x116dc2f [0180.499] GetCurrentThreadId () returned 0x1130 [0180.499] malloc (_Size=0x64) returned 0x1d0520 [0180.499] free (_Block=0x1d0520) [0180.499] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.500] GetTickCount () returned 0x116dc2f [0180.500] GetCurrentThreadId () returned 0x1130 [0180.501] malloc (_Size=0x64) returned 0x1d0520 [0180.501] free (_Block=0x1d0520) [0180.501] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.502] GetTickCount () returned 0x116dc2f [0180.502] GetCurrentThreadId () returned 0x1130 [0180.502] malloc (_Size=0x64) returned 0x1d0520 [0180.502] free (_Block=0x1d0520) [0180.502] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.503] GetTickCount () returned 0x116dc2f [0180.503] GetCurrentThreadId () returned 0x1130 [0180.503] malloc (_Size=0x64) returned 0x1d0520 [0180.503] free (_Block=0x1d0520) [0180.503] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.504] GetTickCount () returned 0x116dc2f [0180.504] GetCurrentThreadId () returned 0x1130 [0180.504] malloc (_Size=0x64) returned 0x1d0520 [0180.504] free (_Block=0x1d0520) [0180.504] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.505] GetTickCount () returned 0x116dc2f [0180.505] GetCurrentThreadId () returned 0x1130 [0180.506] malloc (_Size=0x64) returned 0x1d0520 [0180.506] free (_Block=0x1d0520) [0180.506] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.507] GetTickCount () returned 0x116dc3e [0180.507] GetCurrentThreadId () returned 0x1130 [0180.507] malloc (_Size=0x64) returned 0x1d0520 [0180.507] free (_Block=0x1d0520) [0180.507] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.508] GetTickCount () returned 0x116dc3e [0180.508] GetCurrentThreadId () returned 0x1130 [0180.508] malloc (_Size=0x64) returned 0x1d0520 [0180.508] free (_Block=0x1d0520) [0180.508] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.509] GetTickCount () returned 0x116dc3e [0180.510] GetCurrentThreadId () returned 0x1130 [0180.510] malloc (_Size=0x64) returned 0x1d0520 [0180.510] free (_Block=0x1d0520) [0180.510] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.511] GetTickCount () returned 0x116dc3e [0180.511] GetCurrentThreadId () returned 0x1130 [0180.511] malloc (_Size=0x64) returned 0x1d0520 [0180.511] free (_Block=0x1d0520) [0180.511] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.512] GetTickCount () returned 0x116dc3e [0180.512] GetCurrentThreadId () returned 0x1130 [0180.512] malloc (_Size=0x64) returned 0x1d0520 [0180.512] free (_Block=0x1d0520) [0180.512] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.513] GetTickCount () returned 0x116dc3e [0180.513] GetCurrentThreadId () returned 0x1130 [0180.513] malloc (_Size=0x64) returned 0x1d0520 [0180.514] free (_Block=0x1d0520) [0180.514] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.515] GetTickCount () returned 0x116dc3e [0180.515] GetCurrentThreadId () returned 0x1130 [0180.515] malloc (_Size=0x64) returned 0x1d0520 [0180.515] free (_Block=0x1d0520) [0180.515] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.516] GetTickCount () returned 0x116dc3e [0180.516] GetCurrentThreadId () returned 0x1130 [0180.516] malloc (_Size=0x64) returned 0x1d0520 [0180.516] free (_Block=0x1d0520) [0180.516] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.517] GetTickCount () returned 0x116dc3e [0180.517] GetCurrentThreadId () returned 0x1130 [0180.517] malloc (_Size=0x64) returned 0x1d0520 [0180.518] free (_Block=0x1d0520) [0180.518] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.519] GetTickCount () returned 0x116dc3e [0180.519] GetCurrentThreadId () returned 0x1130 [0180.519] malloc (_Size=0x64) returned 0x1d0520 [0180.519] free (_Block=0x1d0520) [0180.519] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.520] GetTickCount () returned 0x116dc3e [0180.520] GetCurrentThreadId () returned 0x1130 [0180.520] malloc (_Size=0x64) returned 0x1d0520 [0180.520] free (_Block=0x1d0520) [0180.520] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.521] GetTickCount () returned 0x116dc3e [0180.521] GetCurrentThreadId () returned 0x1130 [0180.521] malloc (_Size=0x64) returned 0x1d0520 [0180.521] free (_Block=0x1d0520) [0180.521] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.648] GetTickCount () returned 0x116dccb [0180.648] GetCurrentThreadId () returned 0x1130 [0180.648] malloc (_Size=0x64) returned 0x1d0520 [0180.649] free (_Block=0x1d0520) [0180.649] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.650] GetTickCount () returned 0x116dccb [0180.650] GetCurrentThreadId () returned 0x1130 [0180.650] malloc (_Size=0x64) returned 0x1d0520 [0180.650] free (_Block=0x1d0520) [0180.650] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.651] GetTickCount () returned 0x116dccb [0180.651] GetCurrentThreadId () returned 0x1130 [0180.651] malloc (_Size=0x64) returned 0x1d0520 [0180.651] free (_Block=0x1d0520) [0180.651] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.652] GetTickCount () returned 0x116dccb [0180.652] GetCurrentThreadId () returned 0x1130 [0180.653] malloc (_Size=0x64) returned 0x1d0520 [0180.653] free (_Block=0x1d0520) [0180.653] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.654] GetTickCount () returned 0x116dccb [0180.654] GetCurrentThreadId () returned 0x1130 [0180.654] malloc (_Size=0x64) returned 0x1d0520 [0180.654] free (_Block=0x1d0520) [0180.654] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.655] GetTickCount () returned 0x116dccb [0180.655] GetCurrentThreadId () returned 0x1130 [0180.655] malloc (_Size=0x64) returned 0x1d0520 [0180.655] free (_Block=0x1d0520) [0180.655] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.656] GetTickCount () returned 0x116dccb [0180.656] GetCurrentThreadId () returned 0x1130 [0180.657] malloc (_Size=0x64) returned 0x1d0520 [0180.657] free (_Block=0x1d0520) [0180.657] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.658] GetTickCount () returned 0x116dccb [0180.658] GetCurrentThreadId () returned 0x1130 [0180.658] malloc (_Size=0x64) returned 0x1d0520 [0180.658] free (_Block=0x1d0520) [0180.658] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.660] GetTickCount () returned 0x116dccb [0180.660] GetCurrentThreadId () returned 0x1130 [0180.660] malloc (_Size=0x64) returned 0x1d0520 [0180.660] free (_Block=0x1d0520) [0180.661] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.661] GetTickCount () returned 0x116dccb [0180.662] GetCurrentThreadId () returned 0x1130 [0180.662] malloc (_Size=0x64) returned 0x1d0520 [0180.662] free (_Block=0x1d0520) [0180.662] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.663] GetTickCount () returned 0x116dccb [0180.663] GetCurrentThreadId () returned 0x1130 [0180.663] GetCurrentThreadId () returned 0x1130 [0180.663] GetCurrentThreadId () returned 0x1130 [0180.663] GetCurrentThreadId () returned 0x1130 [0180.663] GetCurrentThreadId () returned 0x1130 [0180.663] GetCurrentThreadId () returned 0x1130 [0180.663] GetCurrentThreadId () returned 0x1130 [0180.663] malloc (_Size=0x64) returned 0x1d0520 [0180.664] free (_Block=0x1d0520) [0180.664] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.665] GetTickCount () returned 0x116dcda [0180.665] GetCurrentThreadId () returned 0x1130 [0180.665] GetCurrentThreadId () returned 0x1130 [0180.665] GetCurrentThreadId () returned 0x1130 [0180.665] GetCurrentThreadId () returned 0x1130 [0180.665] GetCurrentThreadId () returned 0x1130 [0180.665] GetCurrentThreadId () returned 0x1130 [0180.665] GetCurrentThreadId () returned 0x1130 [0180.665] malloc (_Size=0x64) returned 0x1d0520 [0180.665] free (_Block=0x1d0520) [0180.665] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.666] GetTickCount () returned 0x116dcda [0180.666] GetCurrentThreadId () returned 0x1130 [0180.666] GetCurrentThreadId () returned 0x1130 [0180.666] GetCurrentThreadId () returned 0x1130 [0180.666] GetCurrentThreadId () returned 0x1130 [0180.666] GetCurrentThreadId () returned 0x1130 [0180.666] GetCurrentThreadId () returned 0x1130 [0180.666] GetCurrentThreadId () returned 0x1130 [0180.666] malloc (_Size=0x64) returned 0x1d0520 [0180.666] free (_Block=0x1d0520) [0180.666] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.667] GetTickCount () returned 0x116dcda [0180.667] GetCurrentThreadId () returned 0x1130 [0180.667] GetCurrentThreadId () returned 0x1130 [0180.667] GetCurrentThreadId () returned 0x1130 [0180.667] GetCurrentThreadId () returned 0x1130 [0180.668] GetCurrentThreadId () returned 0x1130 [0180.668] GetCurrentThreadId () returned 0x1130 [0180.668] GetCurrentThreadId () returned 0x1130 [0180.668] malloc (_Size=0x64) returned 0x1d0520 [0180.668] free (_Block=0x1d0520) [0180.668] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.669] GetTickCount () returned 0x116dcda [0180.669] GetCurrentThreadId () returned 0x1130 [0180.669] GetCurrentThreadId () returned 0x1130 [0180.669] GetCurrentThreadId () returned 0x1130 [0180.669] GetCurrentThreadId () returned 0x1130 [0180.669] GetCurrentThreadId () returned 0x1130 [0180.669] GetCurrentThreadId () returned 0x1130 [0180.669] GetCurrentThreadId () returned 0x1130 [0180.669] malloc (_Size=0x64) returned 0x1d0520 [0180.669] free (_Block=0x1d0520) [0180.669] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.670] GetTickCount () returned 0x116dcda [0180.670] GetCurrentThreadId () returned 0x1130 [0180.670] GetCurrentThreadId () returned 0x1130 [0180.670] GetCurrentThreadId () returned 0x1130 [0180.670] GetCurrentThreadId () returned 0x1130 [0180.671] GetCurrentThreadId () returned 0x1130 [0180.671] GetCurrentThreadId () returned 0x1130 [0180.671] GetCurrentThreadId () returned 0x1130 [0180.671] malloc (_Size=0x64) returned 0x1d0520 [0180.671] free (_Block=0x1d0520) [0180.671] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.672] GetTickCount () returned 0x116dcda [0180.672] GetCurrentThreadId () returned 0x1130 [0180.672] GetCurrentThreadId () returned 0x1130 [0180.672] GetCurrentThreadId () returned 0x1130 [0180.672] GetCurrentThreadId () returned 0x1130 [0180.672] GetCurrentThreadId () returned 0x1130 [0180.672] GetCurrentThreadId () returned 0x1130 [0180.672] GetCurrentThreadId () returned 0x1130 [0180.672] malloc (_Size=0x64) returned 0x1d0520 [0180.672] free (_Block=0x1d0520) [0180.672] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.673] GetTickCount () returned 0x116dcda [0180.673] GetCurrentThreadId () returned 0x1130 [0180.673] GetCurrentThreadId () returned 0x1130 [0180.673] GetCurrentThreadId () returned 0x1130 [0180.673] GetCurrentThreadId () returned 0x1130 [0180.673] GetCurrentThreadId () returned 0x1130 [0180.673] GetCurrentThreadId () returned 0x1130 [0180.673] GetCurrentThreadId () returned 0x1130 [0180.673] malloc (_Size=0x64) returned 0x1d0520 [0180.673] free (_Block=0x1d0520) [0180.674] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.675] GetTickCount () returned 0x116dcda [0180.675] GetCurrentThreadId () returned 0x1130 [0180.675] GetCurrentThreadId () returned 0x1130 [0180.675] GetCurrentThreadId () returned 0x1130 [0180.675] GetCurrentThreadId () returned 0x1130 [0180.675] GetCurrentThreadId () returned 0x1130 [0180.675] GetCurrentThreadId () returned 0x1130 [0180.675] GetCurrentThreadId () returned 0x1130 [0180.675] malloc (_Size=0x64) returned 0x1d0520 [0180.675] free (_Block=0x1d0520) [0180.675] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.676] GetTickCount () returned 0x116dcda [0180.676] GetCurrentThreadId () returned 0x1130 [0180.676] GetCurrentThreadId () returned 0x1130 [0180.676] GetCurrentThreadId () returned 0x1130 [0180.676] GetCurrentThreadId () returned 0x1130 [0180.676] GetCurrentThreadId () returned 0x1130 [0180.676] GetCurrentThreadId () returned 0x1130 [0180.676] GetCurrentThreadId () returned 0x1130 [0180.676] malloc (_Size=0x64) returned 0x1d0520 [0180.676] free (_Block=0x1d0520) [0180.676] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.677] GetTickCount () returned 0x116dcda [0180.677] GetCurrentThreadId () returned 0x1130 [0180.677] GetCurrentThreadId () returned 0x1130 [0180.677] GetCurrentThreadId () returned 0x1130 [0180.677] GetCurrentThreadId () returned 0x1130 [0180.677] GetCurrentThreadId () returned 0x1130 [0180.678] GetCurrentThreadId () returned 0x1130 [0180.678] GetCurrentThreadId () returned 0x1130 [0180.678] malloc (_Size=0x64) returned 0x1d0520 [0180.678] free (_Block=0x1d0520) [0180.678] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.679] GetTickCount () returned 0x116dcea [0180.679] GetCurrentThreadId () returned 0x1130 [0180.679] GetCurrentThreadId () returned 0x1130 [0180.679] GetCurrentThreadId () returned 0x1130 [0180.679] GetCurrentThreadId () returned 0x1130 [0180.679] GetCurrentThreadId () returned 0x1130 [0180.679] GetCurrentThreadId () returned 0x1130 [0180.679] GetCurrentThreadId () returned 0x1130 [0180.679] malloc (_Size=0x64) returned 0x1d0520 [0180.679] free (_Block=0x1d0520) [0180.679] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.680] GetTickCount () returned 0x116dcea [0180.680] GetCurrentThreadId () returned 0x1130 [0180.680] GetCurrentThreadId () returned 0x1130 [0180.680] GetCurrentThreadId () returned 0x1130 [0180.680] GetCurrentThreadId () returned 0x1130 [0180.680] GetCurrentThreadId () returned 0x1130 [0180.680] GetCurrentThreadId () returned 0x1130 [0180.680] GetCurrentThreadId () returned 0x1130 [0180.680] malloc (_Size=0x64) returned 0x1d0520 [0180.681] free (_Block=0x1d0520) [0180.681] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.682] GetTickCount () returned 0x116dcea [0180.682] GetCurrentThreadId () returned 0x1130 [0180.682] GetCurrentThreadId () returned 0x1130 [0180.682] GetCurrentThreadId () returned 0x1130 [0180.682] GetCurrentThreadId () returned 0x1130 [0180.682] GetCurrentThreadId () returned 0x1130 [0180.682] GetCurrentThreadId () returned 0x1130 [0180.682] GetCurrentThreadId () returned 0x1130 [0180.682] malloc (_Size=0x64) returned 0x1d0520 [0180.682] free (_Block=0x1d0520) [0180.682] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.683] GetTickCount () returned 0x116dcea [0180.683] GetCurrentThreadId () returned 0x1130 [0180.683] GetCurrentThreadId () returned 0x1130 [0180.683] GetCurrentThreadId () returned 0x1130 [0180.683] GetCurrentThreadId () returned 0x1130 [0180.683] GetCurrentThreadId () returned 0x1130 [0180.683] GetCurrentThreadId () returned 0x1130 [0180.683] GetCurrentThreadId () returned 0x1130 [0180.683] malloc (_Size=0x64) returned 0x1d0520 [0180.683] free (_Block=0x1d0520) [0180.684] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.685] GetTickCount () returned 0x116dcea [0180.685] GetCurrentThreadId () returned 0x1130 [0180.685] GetCurrentThreadId () returned 0x1130 [0180.685] GetCurrentThreadId () returned 0x1130 [0180.685] GetCurrentThreadId () returned 0x1130 [0180.685] GetCurrentThreadId () returned 0x1130 [0180.685] GetCurrentThreadId () returned 0x1130 [0180.685] GetCurrentThreadId () returned 0x1130 [0180.685] malloc (_Size=0x64) returned 0x1d0520 [0180.685] free (_Block=0x1d0520) [0180.685] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.686] GetTickCount () returned 0x116dcea [0180.686] GetCurrentThreadId () returned 0x1130 [0180.686] GetCurrentThreadId () returned 0x1130 [0180.686] GetCurrentThreadId () returned 0x1130 [0180.686] GetCurrentThreadId () returned 0x1130 [0180.686] GetCurrentThreadId () returned 0x1130 [0180.686] GetCurrentThreadId () returned 0x1130 [0180.686] GetCurrentThreadId () returned 0x1130 [0180.687] malloc (_Size=0x64) returned 0x1d0520 [0180.687] free (_Block=0x1d0520) [0180.687] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.688] GetTickCount () returned 0x116dcea [0180.688] GetCurrentThreadId () returned 0x1130 [0180.689] GetCurrentThreadId () returned 0x1130 [0180.689] GetCurrentThreadId () returned 0x1130 [0180.689] GetCurrentThreadId () returned 0x1130 [0180.689] GetCurrentThreadId () returned 0x1130 [0180.689] GetCurrentThreadId () returned 0x1130 [0180.689] GetCurrentThreadId () returned 0x1130 [0180.689] malloc (_Size=0x64) returned 0x1d0520 [0180.689] free (_Block=0x1d0520) [0180.689] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.690] GetTickCount () returned 0x116dcea [0180.690] GetCurrentThreadId () returned 0x1130 [0180.690] GetCurrentThreadId () returned 0x1130 [0180.690] GetCurrentThreadId () returned 0x1130 [0180.690] GetCurrentThreadId () returned 0x1130 [0180.690] GetCurrentThreadId () returned 0x1130 [0180.690] GetCurrentThreadId () returned 0x1130 [0180.690] GetCurrentThreadId () returned 0x1130 [0180.690] malloc (_Size=0x64) returned 0x1d0520 [0180.690] free (_Block=0x1d0520) [0180.690] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.691] GetTickCount () returned 0x116dcea [0180.691] GetCurrentThreadId () returned 0x1130 [0180.691] GetCurrentThreadId () returned 0x1130 [0180.692] GetCurrentThreadId () returned 0x1130 [0180.692] GetCurrentThreadId () returned 0x1130 [0180.692] GetCurrentThreadId () returned 0x1130 [0180.692] GetCurrentThreadId () returned 0x1130 [0180.692] GetCurrentThreadId () returned 0x1130 [0180.692] malloc (_Size=0x64) returned 0x1d0520 [0180.692] free (_Block=0x1d0520) [0180.692] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.693] GetTickCount () returned 0x116dcea [0180.693] GetCurrentThreadId () returned 0x1130 [0180.693] GetCurrentThreadId () returned 0x1130 [0180.693] GetCurrentThreadId () returned 0x1130 [0180.693] GetCurrentThreadId () returned 0x1130 [0180.693] GetCurrentThreadId () returned 0x1130 [0180.693] GetCurrentThreadId () returned 0x1130 [0180.693] GetCurrentThreadId () returned 0x1130 [0180.693] malloc (_Size=0x64) returned 0x1d0520 [0180.693] free (_Block=0x1d0520) [0180.693] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.743] GetTickCount () returned 0x116dd29 [0180.743] GetCurrentThreadId () returned 0x1130 [0180.743] GetCurrentThreadId () returned 0x1130 [0180.743] GetCurrentThreadId () returned 0x1130 [0180.743] GetCurrentThreadId () returned 0x1130 [0180.743] GetCurrentThreadId () returned 0x1130 [0180.743] GetCurrentThreadId () returned 0x1130 [0180.743] GetCurrentThreadId () returned 0x1130 [0180.743] malloc (_Size=0x64) returned 0x1d0520 [0180.743] free (_Block=0x1d0520) [0180.743] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.744] GetTickCount () returned 0x116dd29 [0180.744] GetCurrentThreadId () returned 0x1130 [0180.744] GetCurrentThreadId () returned 0x1130 [0180.744] GetCurrentThreadId () returned 0x1130 [0180.744] GetCurrentThreadId () returned 0x1130 [0180.744] GetCurrentThreadId () returned 0x1130 [0180.744] GetCurrentThreadId () returned 0x1130 [0180.744] GetCurrentThreadId () returned 0x1130 [0180.745] malloc (_Size=0x64) returned 0x1d0520 [0180.745] free (_Block=0x1d0520) [0180.745] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.746] GetTickCount () returned 0x116dd29 [0180.746] GetCurrentThreadId () returned 0x1130 [0180.746] GetCurrentThreadId () returned 0x1130 [0180.746] GetCurrentThreadId () returned 0x1130 [0180.746] GetCurrentThreadId () returned 0x1130 [0180.746] GetCurrentThreadId () returned 0x1130 [0180.746] GetCurrentThreadId () returned 0x1130 [0180.746] GetCurrentThreadId () returned 0x1130 [0180.746] malloc (_Size=0x64) returned 0x1d0520 [0180.746] free (_Block=0x1d0520) [0180.746] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.747] GetTickCount () returned 0x116dd29 [0180.747] GetCurrentThreadId () returned 0x1130 [0180.747] GetCurrentThreadId () returned 0x1130 [0180.747] GetCurrentThreadId () returned 0x1130 [0180.747] GetCurrentThreadId () returned 0x1130 [0180.747] GetCurrentThreadId () returned 0x1130 [0180.747] GetCurrentThreadId () returned 0x1130 [0180.747] GetCurrentThreadId () returned 0x1130 [0180.747] malloc (_Size=0x64) returned 0x1d0520 [0180.747] free (_Block=0x1d0520) [0180.747] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.748] GetTickCount () returned 0x116dd29 [0180.748] GetCurrentThreadId () returned 0x1130 [0180.748] GetCurrentThreadId () returned 0x1130 [0180.748] GetCurrentThreadId () returned 0x1130 [0180.748] GetCurrentThreadId () returned 0x1130 [0180.749] GetCurrentThreadId () returned 0x1130 [0180.749] GetCurrentThreadId () returned 0x1130 [0180.749] GetCurrentThreadId () returned 0x1130 [0180.749] malloc (_Size=0x64) returned 0x1d0520 [0180.749] free (_Block=0x1d0520) [0180.749] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.750] GetTickCount () returned 0x116dd29 [0180.750] GetCurrentThreadId () returned 0x1130 [0180.750] GetCurrentThreadId () returned 0x1130 [0180.750] GetCurrentThreadId () returned 0x1130 [0180.750] GetCurrentThreadId () returned 0x1130 [0180.750] GetCurrentThreadId () returned 0x1130 [0180.750] GetCurrentThreadId () returned 0x1130 [0180.750] GetCurrentThreadId () returned 0x1130 [0180.750] malloc (_Size=0x64) returned 0x1d0520 [0180.750] free (_Block=0x1d0520) [0180.750] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.751] GetTickCount () returned 0x116dd29 [0180.751] GetCurrentThreadId () returned 0x1130 [0180.751] GetCurrentThreadId () returned 0x1130 [0180.751] GetCurrentThreadId () returned 0x1130 [0180.751] GetCurrentThreadId () returned 0x1130 [0180.751] GetCurrentThreadId () returned 0x1130 [0180.751] GetCurrentThreadId () returned 0x1130 [0180.751] GetCurrentThreadId () returned 0x1130 [0180.791] malloc (_Size=0x64) returned 0x1d0520 [0180.792] free (_Block=0x1d0520) [0180.792] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.793] GetTickCount () returned 0x116dd57 [0180.793] GetCurrentThreadId () returned 0x1130 [0180.793] GetCurrentThreadId () returned 0x1130 [0180.793] GetCurrentThreadId () returned 0x1130 [0180.793] GetCurrentThreadId () returned 0x1130 [0180.793] GetCurrentThreadId () returned 0x1130 [0180.793] GetCurrentThreadId () returned 0x1130 [0180.793] GetCurrentThreadId () returned 0x1130 [0180.794] malloc (_Size=0x64) returned 0x1d0520 [0180.794] free (_Block=0x1d0520) [0180.794] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.795] GetTickCount () returned 0x116dd57 [0180.795] GetCurrentThreadId () returned 0x1130 [0180.795] GetCurrentThreadId () returned 0x1130 [0180.795] GetCurrentThreadId () returned 0x1130 [0180.795] GetCurrentThreadId () returned 0x1130 [0180.795] GetCurrentThreadId () returned 0x1130 [0180.796] GetCurrentThreadId () returned 0x1130 [0180.796] GetCurrentThreadId () returned 0x1130 [0180.796] malloc (_Size=0x64) returned 0x1d0520 [0180.796] free (_Block=0x1d0520) [0180.796] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.797] GetTickCount () returned 0x116dd57 [0180.797] GetCurrentThreadId () returned 0x1130 [0180.797] GetCurrentThreadId () returned 0x1130 [0180.797] GetCurrentThreadId () returned 0x1130 [0180.797] GetCurrentThreadId () returned 0x1130 [0180.797] GetCurrentThreadId () returned 0x1130 [0180.797] GetCurrentThreadId () returned 0x1130 [0180.797] GetCurrentThreadId () returned 0x1130 [0180.797] malloc (_Size=0x64) returned 0x1d0520 [0180.798] free (_Block=0x1d0520) [0180.798] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.799] GetTickCount () returned 0x116dd57 [0180.799] GetCurrentThreadId () returned 0x1130 [0180.799] GetCurrentThreadId () returned 0x1130 [0180.799] GetCurrentThreadId () returned 0x1130 [0180.799] GetCurrentThreadId () returned 0x1130 [0180.799] GetCurrentThreadId () returned 0x1130 [0180.799] GetCurrentThreadId () returned 0x1130 [0180.799] GetCurrentThreadId () returned 0x1130 [0180.799] malloc (_Size=0x64) returned 0x1d0520 [0180.799] free (_Block=0x1d0520) [0180.799] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.800] GetTickCount () returned 0x116dd57 [0180.800] GetCurrentThreadId () returned 0x1130 [0180.800] GetCurrentThreadId () returned 0x1130 [0180.800] GetCurrentThreadId () returned 0x1130 [0180.800] GetCurrentThreadId () returned 0x1130 [0180.800] GetCurrentThreadId () returned 0x1130 [0180.800] GetCurrentThreadId () returned 0x1130 [0180.800] GetCurrentThreadId () returned 0x1130 [0180.800] malloc (_Size=0x64) returned 0x1d0520 [0180.801] free (_Block=0x1d0520) [0180.801] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.802] GetTickCount () returned 0x116dd57 [0180.802] GetCurrentThreadId () returned 0x1130 [0180.802] GetCurrentThreadId () returned 0x1130 [0180.802] GetCurrentThreadId () returned 0x1130 [0180.802] GetCurrentThreadId () returned 0x1130 [0180.802] GetCurrentThreadId () returned 0x1130 [0180.802] GetCurrentThreadId () returned 0x1130 [0180.802] GetCurrentThreadId () returned 0x1130 [0180.802] malloc (_Size=0x64) returned 0x1d0520 [0180.802] free (_Block=0x1d0520) [0180.802] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.803] GetTickCount () returned 0x116dd57 [0180.803] GetCurrentThreadId () returned 0x1130 [0180.803] GetCurrentThreadId () returned 0x1130 [0180.803] GetCurrentThreadId () returned 0x1130 [0180.803] GetCurrentThreadId () returned 0x1130 [0180.803] GetCurrentThreadId () returned 0x1130 [0180.803] GetCurrentThreadId () returned 0x1130 [0180.803] GetCurrentThreadId () returned 0x1130 [0180.803] malloc (_Size=0x64) returned 0x1d0520 [0180.803] free (_Block=0x1d0520) [0180.803] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.804] GetTickCount () returned 0x116dd67 [0180.804] GetCurrentThreadId () returned 0x1130 [0180.804] GetCurrentThreadId () returned 0x1130 [0180.804] GetCurrentThreadId () returned 0x1130 [0180.804] GetCurrentThreadId () returned 0x1130 [0180.805] GetCurrentThreadId () returned 0x1130 [0180.805] GetCurrentThreadId () returned 0x1130 [0180.805] GetCurrentThreadId () returned 0x1130 [0180.805] malloc (_Size=0x64) returned 0x1d0520 [0180.805] free (_Block=0x1d0520) [0180.805] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.806] GetTickCount () returned 0x116dd67 [0180.806] GetCurrentThreadId () returned 0x1130 [0180.806] GetCurrentThreadId () returned 0x1130 [0180.806] GetCurrentThreadId () returned 0x1130 [0180.806] GetCurrentThreadId () returned 0x1130 [0180.806] GetCurrentThreadId () returned 0x1130 [0180.806] GetCurrentThreadId () returned 0x1130 [0180.806] GetCurrentThreadId () returned 0x1130 [0180.806] malloc (_Size=0x64) returned 0x1d0520 [0180.806] free (_Block=0x1d0520) [0180.806] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.807] GetTickCount () returned 0x116dd67 [0180.807] GetCurrentThreadId () returned 0x1130 [0180.807] GetCurrentThreadId () returned 0x1130 [0180.807] GetCurrentThreadId () returned 0x1130 [0180.807] GetCurrentThreadId () returned 0x1130 [0180.807] GetCurrentThreadId () returned 0x1130 [0180.807] GetCurrentThreadId () returned 0x1130 [0180.807] GetCurrentThreadId () returned 0x1130 [0180.807] malloc (_Size=0x64) returned 0x1d0520 [0180.807] free (_Block=0x1d0520) [0180.808] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.808] GetTickCount () returned 0x116dd67 [0180.808] GetCurrentThreadId () returned 0x1130 [0180.808] GetCurrentThreadId () returned 0x1130 [0180.809] GetCurrentThreadId () returned 0x1130 [0180.809] GetCurrentThreadId () returned 0x1130 [0180.809] GetCurrentThreadId () returned 0x1130 [0180.809] GetCurrentThreadId () returned 0x1130 [0180.809] GetCurrentThreadId () returned 0x1130 [0180.809] malloc (_Size=0x64) returned 0x1d0520 [0180.809] free (_Block=0x1d0520) [0180.809] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.810] GetTickCount () returned 0x116dd67 [0180.810] GetCurrentThreadId () returned 0x1130 [0180.810] GetCurrentThreadId () returned 0x1130 [0180.810] GetCurrentThreadId () returned 0x1130 [0180.810] GetCurrentThreadId () returned 0x1130 [0180.810] GetCurrentThreadId () returned 0x1130 [0180.810] GetCurrentThreadId () returned 0x1130 [0180.810] GetCurrentThreadId () returned 0x1130 [0180.810] malloc (_Size=0x64) returned 0x1d0520 [0180.810] free (_Block=0x1d0520) [0180.810] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.811] GetTickCount () returned 0x116dd67 [0180.811] GetCurrentThreadId () returned 0x1130 [0180.811] GetCurrentThreadId () returned 0x1130 [0180.811] GetCurrentThreadId () returned 0x1130 [0180.811] GetCurrentThreadId () returned 0x1130 [0180.811] GetCurrentThreadId () returned 0x1130 [0180.811] GetCurrentThreadId () returned 0x1130 [0180.811] GetCurrentThreadId () returned 0x1130 [0180.812] malloc (_Size=0x64) returned 0x1d0520 [0180.812] free (_Block=0x1d0520) [0180.812] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.813] GetTickCount () returned 0x116dd67 [0180.813] GetCurrentThreadId () returned 0x1130 [0180.813] GetCurrentThreadId () returned 0x1130 [0180.813] GetCurrentThreadId () returned 0x1130 [0180.813] GetCurrentThreadId () returned 0x1130 [0180.813] malloc (_Size=0x64) returned 0x1d0520 [0180.813] free (_Block=0x1d0520) [0180.813] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.814] GetTickCount () returned 0x116dd67 [0180.814] GetCurrentThreadId () returned 0x1130 [0180.814] malloc (_Size=0x64) returned 0x1d0520 [0180.814] free (_Block=0x1d0520) [0180.814] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.815] GetTickCount () returned 0x116dd67 [0180.815] GetCurrentThreadId () returned 0x1130 [0180.815] malloc (_Size=0x64) returned 0x1d0520 [0180.815] free (_Block=0x1d0520) [0180.815] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.816] GetTickCount () returned 0x116dd67 [0180.816] GetCurrentThreadId () returned 0x1130 [0180.817] malloc (_Size=0x64) returned 0x1d0520 [0180.817] free (_Block=0x1d0520) [0180.817] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.818] GetTickCount () returned 0x116dd67 [0180.818] GetCurrentThreadId () returned 0x1130 [0180.818] malloc (_Size=0x64) returned 0x1d0520 [0180.818] free (_Block=0x1d0520) [0180.818] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.819] GetTickCount () returned 0x116dd67 [0180.870] GetCurrentThreadId () returned 0x1130 [0180.870] GetCurrentThreadId () returned 0x1130 [0180.870] GetCurrentThreadId () returned 0x1130 [0180.870] GetCurrentThreadId () returned 0x1130 [0180.871] GetCurrentThreadId () returned 0x1130 [0180.871] GetCurrentThreadId () returned 0x1130 [0180.871] GetCurrentThreadId () returned 0x1130 [0180.871] malloc (_Size=0x64) returned 0x1d0520 [0180.871] free (_Block=0x1d0520) [0180.871] Thread32Next (hSnapshot=0x410, lpte=0x19f734) returned 1 [0180.872] GetTickCount () returned 0x116dda6 [0180.872] GetTickCount () returned 0x116dda6 [0180.872] Module32First (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.873] GetCurrentThreadId () returned 0x1130 [0180.873] GetCurrentThreadId () returned 0x1130 [0180.873] GetCurrentThreadId () returned 0x1130 [0180.873] GetCurrentThreadId () returned 0x1130 [0180.873] GetCurrentThreadId () returned 0x1130 [0180.873] GetCurrentThreadId () returned 0x1130 [0180.873] GetCurrentThreadId () returned 0x1130 [0180.873] malloc (_Size=0x64) returned 0x1d0520 [0180.874] free (_Block=0x1d0520) [0180.874] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.874] GetTickCount () returned 0x116dda6 [0180.874] GetCurrentThreadId () returned 0x1130 [0180.874] GetCurrentThreadId () returned 0x1130 [0180.874] GetCurrentThreadId () returned 0x1130 [0180.874] GetCurrentThreadId () returned 0x1130 [0180.874] GetCurrentThreadId () returned 0x1130 [0180.874] GetCurrentThreadId () returned 0x1130 [0180.875] GetCurrentThreadId () returned 0x1130 [0180.875] malloc (_Size=0x64) returned 0x1d0520 [0180.875] free (_Block=0x1d0520) [0180.875] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.875] GetTickCount () returned 0x116dda6 [0180.875] GetCurrentThreadId () returned 0x1130 [0180.875] GetCurrentThreadId () returned 0x1130 [0180.875] GetCurrentThreadId () returned 0x1130 [0180.875] GetCurrentThreadId () returned 0x1130 [0180.876] GetCurrentThreadId () returned 0x1130 [0180.876] GetCurrentThreadId () returned 0x1130 [0180.876] GetCurrentThreadId () returned 0x1130 [0180.876] malloc (_Size=0x64) returned 0x1d0520 [0180.876] free (_Block=0x1d0520) [0180.876] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.876] GetTickCount () returned 0x116dda6 [0180.876] GetCurrentThreadId () returned 0x1130 [0180.877] GetCurrentThreadId () returned 0x1130 [0180.877] GetCurrentThreadId () returned 0x1130 [0180.877] GetCurrentThreadId () returned 0x1130 [0180.877] GetCurrentThreadId () returned 0x1130 [0180.877] GetCurrentThreadId () returned 0x1130 [0180.877] GetCurrentThreadId () returned 0x1130 [0180.877] malloc (_Size=0x64) returned 0x1d0520 [0180.877] free (_Block=0x1d0520) [0180.877] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.878] GetTickCount () returned 0x116dda6 [0180.878] GetCurrentThreadId () returned 0x1130 [0180.878] GetCurrentThreadId () returned 0x1130 [0180.878] GetCurrentThreadId () returned 0x1130 [0180.878] GetCurrentThreadId () returned 0x1130 [0180.878] GetCurrentThreadId () returned 0x1130 [0180.878] GetCurrentThreadId () returned 0x1130 [0180.878] GetCurrentThreadId () returned 0x1130 [0180.878] malloc (_Size=0x64) returned 0x1d0520 [0180.878] free (_Block=0x1d0520) [0180.878] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.879] GetTickCount () returned 0x116dda6 [0180.879] GetCurrentThreadId () returned 0x1130 [0180.879] GetCurrentThreadId () returned 0x1130 [0180.879] GetCurrentThreadId () returned 0x1130 [0180.879] GetCurrentThreadId () returned 0x1130 [0180.879] GetCurrentThreadId () returned 0x1130 [0180.879] GetCurrentThreadId () returned 0x1130 [0180.879] GetCurrentThreadId () returned 0x1130 [0180.879] malloc (_Size=0x64) returned 0x1d0520 [0180.879] free (_Block=0x1d0520) [0180.879] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.880] GetTickCount () returned 0x116dda6 [0180.880] GetCurrentThreadId () returned 0x1130 [0180.880] GetCurrentThreadId () returned 0x1130 [0180.880] GetCurrentThreadId () returned 0x1130 [0180.880] GetCurrentThreadId () returned 0x1130 [0180.880] GetCurrentThreadId () returned 0x1130 [0180.880] GetCurrentThreadId () returned 0x1130 [0180.880] GetCurrentThreadId () returned 0x1130 [0180.880] malloc (_Size=0x64) returned 0x1d0520 [0180.880] free (_Block=0x1d0520) [0180.880] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.881] GetTickCount () returned 0x116dda6 [0180.881] GetCurrentThreadId () returned 0x1130 [0180.881] GetCurrentThreadId () returned 0x1130 [0180.881] GetCurrentThreadId () returned 0x1130 [0180.881] GetCurrentThreadId () returned 0x1130 [0180.881] GetCurrentThreadId () returned 0x1130 [0180.881] GetCurrentThreadId () returned 0x1130 [0180.881] GetCurrentThreadId () returned 0x1130 [0180.881] malloc (_Size=0x64) returned 0x1d0520 [0180.881] free (_Block=0x1d0520) [0180.881] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.882] GetTickCount () returned 0x116ddb5 [0180.882] GetCurrentThreadId () returned 0x1130 [0180.882] GetCurrentThreadId () returned 0x1130 [0180.882] GetCurrentThreadId () returned 0x1130 [0180.882] GetCurrentThreadId () returned 0x1130 [0180.882] GetCurrentThreadId () returned 0x1130 [0180.882] GetCurrentThreadId () returned 0x1130 [0180.882] GetCurrentThreadId () returned 0x1130 [0180.882] malloc (_Size=0x64) returned 0x1d0520 [0180.883] free (_Block=0x1d0520) [0180.883] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.883] GetTickCount () returned 0x116ddb5 [0180.883] GetCurrentThreadId () returned 0x1130 [0180.883] GetCurrentThreadId () returned 0x1130 [0180.883] GetCurrentThreadId () returned 0x1130 [0180.883] GetCurrentThreadId () returned 0x1130 [0180.883] GetCurrentThreadId () returned 0x1130 [0180.883] GetCurrentThreadId () returned 0x1130 [0180.883] GetCurrentThreadId () returned 0x1130 [0180.884] malloc (_Size=0x64) returned 0x1d0520 [0180.884] free (_Block=0x1d0520) [0180.884] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.884] GetTickCount () returned 0x116ddb5 [0180.884] GetCurrentThreadId () returned 0x1130 [0180.884] GetCurrentThreadId () returned 0x1130 [0180.884] GetCurrentThreadId () returned 0x1130 [0180.884] GetCurrentThreadId () returned 0x1130 [0180.884] GetCurrentThreadId () returned 0x1130 [0180.885] GetCurrentThreadId () returned 0x1130 [0180.885] GetCurrentThreadId () returned 0x1130 [0180.885] malloc (_Size=0x64) returned 0x1d0520 [0180.885] free (_Block=0x1d0520) [0180.885] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.885] GetTickCount () returned 0x116ddb5 [0180.885] GetCurrentThreadId () returned 0x1130 [0180.885] GetCurrentThreadId () returned 0x1130 [0180.885] GetCurrentThreadId () returned 0x1130 [0180.885] GetCurrentThreadId () returned 0x1130 [0180.886] GetCurrentThreadId () returned 0x1130 [0180.886] GetCurrentThreadId () returned 0x1130 [0180.886] GetCurrentThreadId () returned 0x1130 [0180.886] malloc (_Size=0x64) returned 0x1d0520 [0180.886] free (_Block=0x1d0520) [0180.886] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.886] GetTickCount () returned 0x116ddb5 [0180.886] GetCurrentThreadId () returned 0x1130 [0180.886] GetCurrentThreadId () returned 0x1130 [0180.886] GetCurrentThreadId () returned 0x1130 [0180.886] GetCurrentThreadId () returned 0x1130 [0180.887] GetCurrentThreadId () returned 0x1130 [0180.887] GetCurrentThreadId () returned 0x1130 [0180.887] GetCurrentThreadId () returned 0x1130 [0180.887] malloc (_Size=0x64) returned 0x1d0520 [0180.887] free (_Block=0x1d0520) [0180.887] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.887] GetTickCount () returned 0x116ddb5 [0180.887] GetCurrentThreadId () returned 0x1130 [0180.887] GetCurrentThreadId () returned 0x1130 [0180.888] GetCurrentThreadId () returned 0x1130 [0180.888] GetCurrentThreadId () returned 0x1130 [0180.888] GetCurrentThreadId () returned 0x1130 [0180.888] GetCurrentThreadId () returned 0x1130 [0180.888] GetCurrentThreadId () returned 0x1130 [0180.888] malloc (_Size=0x64) returned 0x1d0520 [0180.888] free (_Block=0x1d0520) [0180.888] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.888] GetTickCount () returned 0x116ddb5 [0180.889] GetCurrentThreadId () returned 0x1130 [0180.889] GetCurrentThreadId () returned 0x1130 [0180.889] GetCurrentThreadId () returned 0x1130 [0180.889] GetCurrentThreadId () returned 0x1130 [0180.889] GetCurrentThreadId () returned 0x1130 [0180.889] GetCurrentThreadId () returned 0x1130 [0180.889] GetCurrentThreadId () returned 0x1130 [0180.889] malloc (_Size=0x64) returned 0x1d0520 [0180.889] free (_Block=0x1d0520) [0180.889] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.890] GetTickCount () returned 0x116ddb5 [0180.890] GetCurrentThreadId () returned 0x1130 [0180.890] GetCurrentThreadId () returned 0x1130 [0180.890] GetCurrentThreadId () returned 0x1130 [0180.890] GetCurrentThreadId () returned 0x1130 [0180.890] GetCurrentThreadId () returned 0x1130 [0180.890] GetCurrentThreadId () returned 0x1130 [0180.890] GetCurrentThreadId () returned 0x1130 [0180.890] malloc (_Size=0x64) returned 0x1d0520 [0180.890] free (_Block=0x1d0520) [0180.890] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.891] GetTickCount () returned 0x116ddb5 [0180.891] GetCurrentThreadId () returned 0x1130 [0180.891] GetCurrentThreadId () returned 0x1130 [0180.891] GetCurrentThreadId () returned 0x1130 [0180.891] GetCurrentThreadId () returned 0x1130 [0180.891] GetCurrentThreadId () returned 0x1130 [0180.891] GetCurrentThreadId () returned 0x1130 [0180.891] GetCurrentThreadId () returned 0x1130 [0180.891] malloc (_Size=0x64) returned 0x1d0520 [0180.891] free (_Block=0x1d0520) [0180.891] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.892] GetTickCount () returned 0x116ddb5 [0180.892] GetCurrentThreadId () returned 0x1130 [0180.892] GetCurrentThreadId () returned 0x1130 [0180.892] GetCurrentThreadId () returned 0x1130 [0180.892] GetCurrentThreadId () returned 0x1130 [0180.892] GetCurrentThreadId () returned 0x1130 [0180.892] GetCurrentThreadId () returned 0x1130 [0180.892] GetCurrentThreadId () returned 0x1130 [0180.892] malloc (_Size=0x64) returned 0x1d0520 [0180.892] free (_Block=0x1d0520) [0180.892] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.893] GetTickCount () returned 0x116ddb5 [0180.893] GetCurrentThreadId () returned 0x1130 [0180.893] GetCurrentThreadId () returned 0x1130 [0180.893] GetCurrentThreadId () returned 0x1130 [0180.893] GetCurrentThreadId () returned 0x1130 [0180.893] GetCurrentThreadId () returned 0x1130 [0180.893] GetCurrentThreadId () returned 0x1130 [0180.893] GetCurrentThreadId () returned 0x1130 [0180.893] malloc (_Size=0x64) returned 0x1d0520 [0180.893] free (_Block=0x1d0520) [0180.893] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.894] GetTickCount () returned 0x116ddb5 [0180.894] GetCurrentThreadId () returned 0x1130 [0180.894] GetCurrentThreadId () returned 0x1130 [0180.894] GetCurrentThreadId () returned 0x1130 [0180.894] GetCurrentThreadId () returned 0x1130 [0180.894] GetCurrentThreadId () returned 0x1130 [0180.894] GetCurrentThreadId () returned 0x1130 [0180.894] GetCurrentThreadId () returned 0x1130 [0180.894] malloc (_Size=0x64) returned 0x1d0520 [0180.894] free (_Block=0x1d0520) [0180.894] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.895] GetTickCount () returned 0x116ddb5 [0180.895] GetCurrentThreadId () returned 0x1130 [0180.895] GetCurrentThreadId () returned 0x1130 [0180.895] GetCurrentThreadId () returned 0x1130 [0180.895] GetCurrentThreadId () returned 0x1130 [0180.895] GetCurrentThreadId () returned 0x1130 [0180.895] GetCurrentThreadId () returned 0x1130 [0180.895] GetCurrentThreadId () returned 0x1130 [0180.895] malloc (_Size=0x64) returned 0x1d0520 [0180.895] free (_Block=0x1d0520) [0180.895] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.896] GetTickCount () returned 0x116ddb5 [0180.896] GetCurrentThreadId () returned 0x1130 [0180.896] GetCurrentThreadId () returned 0x1130 [0180.896] GetCurrentThreadId () returned 0x1130 [0180.896] GetCurrentThreadId () returned 0x1130 [0180.896] GetCurrentThreadId () returned 0x1130 [0180.896] GetCurrentThreadId () returned 0x1130 [0180.896] GetCurrentThreadId () returned 0x1130 [0180.896] malloc (_Size=0x64) returned 0x1d0520 [0180.896] free (_Block=0x1d0520) [0180.896] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.897] GetTickCount () returned 0x116ddb5 [0180.897] GetCurrentThreadId () returned 0x1130 [0180.897] GetCurrentThreadId () returned 0x1130 [0180.897] GetCurrentThreadId () returned 0x1130 [0180.897] GetCurrentThreadId () returned 0x1130 [0180.897] GetCurrentThreadId () returned 0x1130 [0180.897] GetCurrentThreadId () returned 0x1130 [0180.897] GetCurrentThreadId () returned 0x1130 [0180.898] malloc (_Size=0x64) returned 0x1d0520 [0180.898] free (_Block=0x1d0520) [0180.898] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.898] GetTickCount () returned 0x116ddc5 [0180.898] GetCurrentThreadId () returned 0x1130 [0180.898] GetCurrentThreadId () returned 0x1130 [0180.899] GetCurrentThreadId () returned 0x1130 [0180.899] GetCurrentThreadId () returned 0x1130 [0180.899] GetCurrentThreadId () returned 0x1130 [0180.899] GetCurrentThreadId () returned 0x1130 [0180.899] GetCurrentThreadId () returned 0x1130 [0180.899] malloc (_Size=0x64) returned 0x1d0520 [0180.899] free (_Block=0x1d0520) [0180.899] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.900] GetTickCount () returned 0x116ddc5 [0180.900] GetCurrentThreadId () returned 0x1130 [0180.900] GetCurrentThreadId () returned 0x1130 [0180.900] GetCurrentThreadId () returned 0x1130 [0180.900] GetCurrentThreadId () returned 0x1130 [0180.900] GetCurrentThreadId () returned 0x1130 [0180.900] GetCurrentThreadId () returned 0x1130 [0180.900] GetCurrentThreadId () returned 0x1130 [0180.900] malloc (_Size=0x64) returned 0x1d0520 [0180.900] free (_Block=0x1d0520) [0180.900] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.901] GetTickCount () returned 0x116ddc5 [0180.901] GetCurrentThreadId () returned 0x1130 [0180.901] GetCurrentThreadId () returned 0x1130 [0180.901] GetCurrentThreadId () returned 0x1130 [0180.901] GetCurrentThreadId () returned 0x1130 [0180.901] GetCurrentThreadId () returned 0x1130 [0180.901] GetCurrentThreadId () returned 0x1130 [0180.901] GetCurrentThreadId () returned 0x1130 [0180.901] malloc (_Size=0x64) returned 0x1d0520 [0180.901] free (_Block=0x1d0520) [0180.901] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.902] GetTickCount () returned 0x116ddc5 [0180.902] GetCurrentThreadId () returned 0x1130 [0180.902] GetCurrentThreadId () returned 0x1130 [0180.902] GetCurrentThreadId () returned 0x1130 [0180.902] GetCurrentThreadId () returned 0x1130 [0180.902] GetCurrentThreadId () returned 0x1130 [0180.902] GetCurrentThreadId () returned 0x1130 [0180.902] GetCurrentThreadId () returned 0x1130 [0180.902] malloc (_Size=0x64) returned 0x1d0520 [0180.902] free (_Block=0x1d0520) [0180.902] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.903] GetTickCount () returned 0x116ddc5 [0180.903] GetCurrentThreadId () returned 0x1130 [0180.903] GetCurrentThreadId () returned 0x1130 [0180.903] GetCurrentThreadId () returned 0x1130 [0180.903] GetCurrentThreadId () returned 0x1130 [0180.903] GetCurrentThreadId () returned 0x1130 [0180.903] GetCurrentThreadId () returned 0x1130 [0180.903] GetCurrentThreadId () returned 0x1130 [0180.903] malloc (_Size=0x64) returned 0x1d0520 [0180.903] free (_Block=0x1d0520) [0180.903] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.904] GetTickCount () returned 0x116ddc5 [0180.904] GetCurrentThreadId () returned 0x1130 [0180.904] GetCurrentThreadId () returned 0x1130 [0180.904] GetCurrentThreadId () returned 0x1130 [0180.904] GetCurrentThreadId () returned 0x1130 [0180.904] GetCurrentThreadId () returned 0x1130 [0180.904] GetCurrentThreadId () returned 0x1130 [0180.904] GetCurrentThreadId () returned 0x1130 [0180.904] malloc (_Size=0x64) returned 0x1d0520 [0180.905] free (_Block=0x1d0520) [0180.905] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.905] GetTickCount () returned 0x116ddc5 [0180.905] GetCurrentThreadId () returned 0x1130 [0180.905] GetCurrentThreadId () returned 0x1130 [0180.905] GetCurrentThreadId () returned 0x1130 [0180.905] GetCurrentThreadId () returned 0x1130 [0180.906] GetCurrentThreadId () returned 0x1130 [0180.906] GetCurrentThreadId () returned 0x1130 [0180.906] GetCurrentThreadId () returned 0x1130 [0180.906] malloc (_Size=0x64) returned 0x1d0520 [0180.906] free (_Block=0x1d0520) [0180.906] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.907] GetTickCount () returned 0x116ddc5 [0180.907] GetCurrentThreadId () returned 0x1130 [0180.907] GetCurrentThreadId () returned 0x1130 [0180.907] GetCurrentThreadId () returned 0x1130 [0180.907] GetCurrentThreadId () returned 0x1130 [0180.907] GetCurrentThreadId () returned 0x1130 [0180.907] GetCurrentThreadId () returned 0x1130 [0180.907] GetCurrentThreadId () returned 0x1130 [0180.907] malloc (_Size=0x64) returned 0x1d0520 [0180.907] free (_Block=0x1d0520) [0180.907] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.909] GetTickCount () returned 0x116ddc5 [0180.909] GetCurrentThreadId () returned 0x1130 [0180.909] GetCurrentThreadId () returned 0x1130 [0180.909] GetCurrentThreadId () returned 0x1130 [0180.909] GetCurrentThreadId () returned 0x1130 [0180.909] GetCurrentThreadId () returned 0x1130 [0180.909] GetCurrentThreadId () returned 0x1130 [0180.909] GetCurrentThreadId () returned 0x1130 [0180.909] malloc (_Size=0x64) returned 0x1d0520 [0180.909] free (_Block=0x1d0520) [0180.909] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.910] GetTickCount () returned 0x116ddc5 [0180.910] GetCurrentThreadId () returned 0x1130 [0180.910] GetCurrentThreadId () returned 0x1130 [0180.910] GetCurrentThreadId () returned 0x1130 [0180.910] GetCurrentThreadId () returned 0x1130 [0180.910] GetCurrentThreadId () returned 0x1130 [0180.911] GetCurrentThreadId () returned 0x1130 [0180.911] GetCurrentThreadId () returned 0x1130 [0180.911] malloc (_Size=0x64) returned 0x1d0520 [0180.911] free (_Block=0x1d0520) [0180.911] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.913] GetTickCount () returned 0x116de03 [0180.962] GetCurrentThreadId () returned 0x1130 [0180.962] GetCurrentThreadId () returned 0x1130 [0180.962] GetCurrentThreadId () returned 0x1130 [0180.962] GetCurrentThreadId () returned 0x1130 [0180.962] GetCurrentThreadId () returned 0x1130 [0180.962] GetCurrentThreadId () returned 0x1130 [0180.962] GetCurrentThreadId () returned 0x1130 [0180.962] malloc (_Size=0x64) returned 0x1d0520 [0180.962] free (_Block=0x1d0520) [0180.962] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.963] GetTickCount () returned 0x116de03 [0180.963] GetCurrentThreadId () returned 0x1130 [0180.963] GetCurrentThreadId () returned 0x1130 [0180.963] GetCurrentThreadId () returned 0x1130 [0180.963] GetCurrentThreadId () returned 0x1130 [0180.963] GetCurrentThreadId () returned 0x1130 [0180.964] GetCurrentThreadId () returned 0x1130 [0180.964] GetCurrentThreadId () returned 0x1130 [0180.964] malloc (_Size=0x64) returned 0x1d0520 [0180.964] free (_Block=0x1d0520) [0180.964] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.965] GetTickCount () returned 0x116de03 [0180.965] GetCurrentThreadId () returned 0x1130 [0180.965] GetCurrentThreadId () returned 0x1130 [0180.965] GetCurrentThreadId () returned 0x1130 [0180.965] GetCurrentThreadId () returned 0x1130 [0180.965] GetCurrentThreadId () returned 0x1130 [0180.965] GetCurrentThreadId () returned 0x1130 [0180.965] GetCurrentThreadId () returned 0x1130 [0180.965] malloc (_Size=0x64) returned 0x1d0520 [0180.965] free (_Block=0x1d0520) [0180.965] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.966] GetTickCount () returned 0x116de03 [0180.966] GetCurrentThreadId () returned 0x1130 [0180.966] GetCurrentThreadId () returned 0x1130 [0180.967] GetCurrentThreadId () returned 0x1130 [0180.967] GetCurrentThreadId () returned 0x1130 [0180.967] GetCurrentThreadId () returned 0x1130 [0180.967] GetCurrentThreadId () returned 0x1130 [0180.967] GetCurrentThreadId () returned 0x1130 [0180.967] malloc (_Size=0x64) returned 0x1d0520 [0180.967] free (_Block=0x1d0520) [0180.967] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.968] GetTickCount () returned 0x116de03 [0180.968] GetCurrentThreadId () returned 0x1130 [0180.968] GetCurrentThreadId () returned 0x1130 [0180.968] GetCurrentThreadId () returned 0x1130 [0180.968] GetCurrentThreadId () returned 0x1130 [0180.968] GetCurrentThreadId () returned 0x1130 [0180.968] GetCurrentThreadId () returned 0x1130 [0180.968] GetCurrentThreadId () returned 0x1130 [0180.968] malloc (_Size=0x64) returned 0x1d0520 [0180.968] free (_Block=0x1d0520) [0180.968] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.969] GetTickCount () returned 0x116de03 [0180.969] GetCurrentThreadId () returned 0x1130 [0180.969] GetCurrentThreadId () returned 0x1130 [0180.970] GetCurrentThreadId () returned 0x1130 [0180.970] GetCurrentThreadId () returned 0x1130 [0180.970] GetCurrentThreadId () returned 0x1130 [0180.970] GetCurrentThreadId () returned 0x1130 [0180.970] GetCurrentThreadId () returned 0x1130 [0180.970] malloc (_Size=0x64) returned 0x1d0520 [0180.970] free (_Block=0x1d0520) [0180.970] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.971] GetTickCount () returned 0x116de03 [0180.971] GetCurrentThreadId () returned 0x1130 [0180.971] GetCurrentThreadId () returned 0x1130 [0180.971] GetCurrentThreadId () returned 0x1130 [0180.971] GetCurrentThreadId () returned 0x1130 [0180.971] GetCurrentThreadId () returned 0x1130 [0180.971] GetCurrentThreadId () returned 0x1130 [0180.971] GetCurrentThreadId () returned 0x1130 [0180.971] malloc (_Size=0x64) returned 0x1d0520 [0180.971] free (_Block=0x1d0520) [0180.971] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.973] GetTickCount () returned 0x116de03 [0180.973] GetCurrentThreadId () returned 0x1130 [0180.973] GetCurrentThreadId () returned 0x1130 [0180.973] GetCurrentThreadId () returned 0x1130 [0180.973] GetCurrentThreadId () returned 0x1130 [0180.973] GetCurrentThreadId () returned 0x1130 [0180.973] GetCurrentThreadId () returned 0x1130 [0180.973] GetCurrentThreadId () returned 0x1130 [0180.973] malloc (_Size=0x64) returned 0x1d0520 [0180.973] free (_Block=0x1d0520) [0180.973] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.974] GetTickCount () returned 0x116de03 [0180.974] GetCurrentThreadId () returned 0x1130 [0180.974] GetCurrentThreadId () returned 0x1130 [0180.974] GetCurrentThreadId () returned 0x1130 [0180.974] GetCurrentThreadId () returned 0x1130 [0180.974] malloc (_Size=0x64) returned 0x1d0520 [0180.974] free (_Block=0x1d0520) [0180.975] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.976] GetTickCount () returned 0x116de13 [0180.976] GetCurrentThreadId () returned 0x1130 [0180.976] malloc (_Size=0x64) returned 0x1d0520 [0180.976] free (_Block=0x1d0520) [0180.976] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.977] GetTickCount () returned 0x116de13 [0180.977] GetCurrentThreadId () returned 0x1130 [0180.977] malloc (_Size=0x64) returned 0x1d0520 [0180.978] free (_Block=0x1d0520) [0180.978] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.979] GetTickCount () returned 0x116de13 [0180.979] GetCurrentThreadId () returned 0x1130 [0180.979] malloc (_Size=0x64) returned 0x1d0520 [0180.979] free (_Block=0x1d0520) [0180.979] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.980] GetTickCount () returned 0x116de13 [0180.980] GetCurrentThreadId () returned 0x1130 [0180.980] malloc (_Size=0x64) returned 0x1d0520 [0180.980] free (_Block=0x1d0520) [0180.980] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.981] GetTickCount () returned 0x116de13 [0180.981] GetCurrentThreadId () returned 0x1130 [0180.982] malloc (_Size=0x64) returned 0x1d0520 [0180.982] free (_Block=0x1d0520) [0180.982] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.983] GetTickCount () returned 0x116de13 [0180.983] GetCurrentThreadId () returned 0x1130 [0180.983] malloc (_Size=0x64) returned 0x1d0520 [0180.983] free (_Block=0x1d0520) [0180.983] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.984] GetTickCount () returned 0x116de13 [0180.984] GetCurrentThreadId () returned 0x1130 [0180.984] malloc (_Size=0x64) returned 0x1d0520 [0180.984] free (_Block=0x1d0520) [0180.984] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 1 [0180.986] GetTickCount () returned 0x116de13 [0180.986] GetCurrentThreadId () returned 0x1130 [0180.986] malloc (_Size=0x64) returned 0x1d0520 [0180.986] free (_Block=0x1d0520) [0180.986] Module32Next (hSnapshot=0x410, lpme=0x19f7e8) returned 0 [0180.986] CloseHandle (hObject=0x410) returned 1 [0180.987] FreeLibrary (hLibModule=0x772d0000) returned 1 [0180.987] QueryPerformanceCounter (in: lpPerformanceCount=0x19f6f8 | out: lpPerformanceCount=0x19f6f8*=27589291677) returned 1 [0180.987] GetCurrentThreadId () returned 0x1130 [0180.987] GetCurrentThreadId () returned 0x1130 [0180.987] GetCurrentThreadId () returned 0x1130 [0180.987] GetCurrentThreadId () returned 0x1130 [0180.987] GetCurrentThreadId () returned 0x1130 [0180.987] GetCurrentThreadId () returned 0x1130 [0180.987] GetCurrentThreadId () returned 0x1130 [0180.987] malloc (_Size=0x64) returned 0x1d0520 [0180.987] free (_Block=0x1d0520) [0180.987] GlobalMemoryStatus (in: lpBuffer=0x19f714 | out: lpBuffer=0x19f714) [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] malloc (_Size=0x64) returned 0x1d0520 [0180.988] free (_Block=0x1d0520) [0180.988] GetCurrentProcessId () returned 0x1134 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] malloc (_Size=0x64) returned 0x1d0520 [0180.988] free (_Block=0x1d0520) [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] GetCurrentThreadId () returned 0x1130 [0180.988] malloc (_Size=0x64) returned 0x1d0520 [0180.989] free (_Block=0x1d0520) [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] malloc (_Size=0x64) returned 0x1d0520 [0180.989] free (_Block=0x1d0520) [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] malloc (_Size=0x64) returned 0x1d0520 [0180.989] free (_Block=0x1d0520) [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] GetCurrentThreadId () returned 0x1130 [0180.989] malloc (_Size=0x64) returned 0x1d0520 [0180.989] free (_Block=0x1d0520) [0180.989] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] malloc (_Size=0x64) returned 0x1d0520 [0180.990] free (_Block=0x1d0520) [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] malloc (_Size=0x64) returned 0x1d0520 [0180.990] free (_Block=0x1d0520) [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] malloc (_Size=0x64) returned 0x1d0520 [0180.990] free (_Block=0x1d0520) [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.990] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] malloc (_Size=0x64) returned 0x1d0520 [0180.991] free (_Block=0x1d0520) [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] malloc (_Size=0x64) returned 0x1d0520 [0180.991] free (_Block=0x1d0520) [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.991] GetCurrentThreadId () returned 0x1130 [0180.992] malloc (_Size=0x64) returned 0x1d0520 [0180.992] free (_Block=0x1d0520) [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] malloc (_Size=0x64) returned 0x1d0520 [0180.992] free (_Block=0x1d0520) [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] malloc (_Size=0x64) returned 0x1d0520 [0180.992] free (_Block=0x1d0520) [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.992] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] malloc (_Size=0x64) returned 0x1d0520 [0180.993] free (_Block=0x1d0520) [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] malloc (_Size=0x64) returned 0x1d0520 [0180.993] free (_Block=0x1d0520) [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] GetCurrentThreadId () returned 0x1130 [0180.993] malloc (_Size=0x64) returned 0x1d0520 [0180.993] free (_Block=0x1d0520) [0180.993] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] malloc (_Size=0x64) returned 0x1d0520 [0180.994] free (_Block=0x1d0520) [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] malloc (_Size=0x64) returned 0x1d0520 [0180.994] free (_Block=0x1d0520) [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] GetCurrentThreadId () returned 0x1130 [0180.994] malloc (_Size=0x64) returned 0x1d0520 [0180.995] free (_Block=0x1d0520) [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] malloc (_Size=0x64) returned 0x1d0520 [0180.995] free (_Block=0x1d0520) [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] malloc (_Size=0x64) returned 0x1d0520 [0180.995] free (_Block=0x1d0520) [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.995] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] malloc (_Size=0x64) returned 0x1d0520 [0180.996] free (_Block=0x1d0520) [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] malloc (_Size=0x64) returned 0x1d0520 [0180.996] free (_Block=0x1d0520) [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] malloc (_Size=0x64) returned 0x1d0520 [0180.996] free (_Block=0x1d0520) [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.996] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] malloc (_Size=0x64) returned 0x1d0520 [0180.997] free (_Block=0x1d0520) [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] malloc (_Size=0x64) returned 0x1d0520 [0180.997] free (_Block=0x1d0520) [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] GetCurrentThreadId () returned 0x1130 [0180.997] malloc (_Size=0x64) returned 0x1d0520 [0180.997] free (_Block=0x1d0520) [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] malloc (_Size=0x64) returned 0x1d0520 [0180.998] free (_Block=0x1d0520) [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] malloc (_Size=0x64) returned 0x1d0520 [0180.998] free (_Block=0x1d0520) [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.998] GetCurrentThreadId () returned 0x1130 [0180.999] malloc (_Size=0x64) returned 0x1d0520 [0180.999] free (_Block=0x1d0520) [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] malloc (_Size=0x64) returned 0x1d0520 [0180.999] free (_Block=0x1d0520) [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] malloc (_Size=0x64) returned 0x1d0520 [0180.999] free (_Block=0x1d0520) [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0180.999] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] malloc (_Size=0x64) returned 0x1d0520 [0181.000] free (_Block=0x1d0520) [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] malloc (_Size=0x64) returned 0x1d0520 [0181.000] free (_Block=0x1d0520) [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] malloc (_Size=0x64) returned 0x1d0520 [0181.000] free (_Block=0x1d0520) [0181.000] GetCurrentThreadId () returned 0x1130 [0181.000] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] malloc (_Size=0x64) returned 0x1d0520 [0181.001] free (_Block=0x1d0520) [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] malloc (_Size=0x64) returned 0x1d0520 [0181.001] free (_Block=0x1d0520) [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] GetCurrentThreadId () returned 0x1130 [0181.001] malloc (_Size=0x64) returned 0x1d0520 [0181.001] free (_Block=0x1d0520) [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] malloc (_Size=0x64) returned 0x1d0520 [0181.002] free (_Block=0x1d0520) [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] malloc (_Size=0x64) returned 0x1d0520 [0181.002] free (_Block=0x1d0520) [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] malloc (_Size=0x64) returned 0x1d0520 [0181.002] free (_Block=0x1d0520) [0181.002] GetCurrentThreadId () returned 0x1130 [0181.002] malloc (_Size=0x64) returned 0x1d0520 [0181.003] free (_Block=0x1d0520) [0181.003] GetCurrentThreadId () returned 0x1130 [0181.003] malloc (_Size=0x64) returned 0x1d0520 [0181.003] free (_Block=0x1d0520) [0181.003] GetCurrentThreadId () returned 0x1130 [0181.003] malloc (_Size=0x64) returned 0x1d0520 [0181.003] free (_Block=0x1d0520) [0181.003] GetCurrentThreadId () returned 0x1130 [0181.003] malloc (_Size=0x64) returned 0x1d0520 [0181.003] free (_Block=0x1d0520) [0181.003] GetCurrentThreadId () returned 0x1130 [0181.003] malloc (_Size=0x64) returned 0x1d0520 [0181.003] free (_Block=0x1d0520) [0181.003] GetCurrentThreadId () returned 0x1130 [0181.003] malloc (_Size=0x64) returned 0x1d0520 [0181.004] free (_Block=0x1d0520) [0181.004] GetCurrentThreadId () returned 0x1130 [0181.004] malloc (_Size=0x64) returned 0x1d0520 [0181.004] free (_Block=0x1d0520) [0181.004] GetCurrentThreadId () returned 0x1130 [0181.004] malloc (_Size=0x64) returned 0x1d0520 [0181.004] free (_Block=0x1d0520) [0181.004] GetCurrentThreadId () returned 0x1130 [0181.004] malloc (_Size=0x64) returned 0x1d0520 [0181.004] free (_Block=0x1d0520) [0181.004] GetCurrentThreadId () returned 0x1130 [0181.004] malloc (_Size=0x64) returned 0x1d0520 [0181.004] free (_Block=0x1d0520) [0181.004] GetCurrentThreadId () returned 0x1130 [0181.005] malloc (_Size=0x64) returned 0x1d0520 [0181.005] free (_Block=0x1d0520) [0181.005] GetCurrentThreadId () returned 0x1130 [0181.005] malloc (_Size=0x64) returned 0x1d0520 [0181.005] free (_Block=0x1d0520) [0181.005] malloc (_Size=0x64) returned 0x1d0520 [0181.005] free (_Block=0x1d0520) [0181.005] malloc (_Size=0x60) returned 0x1d0520 [0181.006] free (_Block=0x1d0520) [0181.099] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0181.099] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x564f [0181.099] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0181.099] VirtualAlloc (lpAddress=0x0, dwSize=0x13fff0, flAllocationType=0x1000, flProtect=0x4) returned 0x3920000 [0181.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0181.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x564f [0181.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0181.101] ReadFile (in: hFile=0x404, lpBuffer=0x3a5a8c8, nNumberOfBytesToRead=0x564f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x3a5a8c8*, lpNumberOfBytesRead=0x19fbc8*=0x564f, lpOverlapped=0x0) returned 1 [0181.172] malloc (_Size=0x8c) returned 0x1d1338 [0181.172] malloc (_Size=0xfc) returned 0x1d7470 [0181.174] malloc (_Size=0x40) returned 0x1d14e8 [0181.174] GetCurrentThreadId () returned 0x1130 [0181.174] GetCurrentThreadId () returned 0x1130 [0181.174] GetCurrentThreadId () returned 0x1130 [0181.174] GetCurrentThreadId () returned 0x1130 [0181.174] GetCurrentThreadId () returned 0x1130 [0181.174] GetCurrentThreadId () returned 0x1130 [0181.174] GetCurrentThreadId () returned 0x1130 [0181.174] GetCurrentThreadId () returned 0x1130 [0181.174] GetCurrentThreadId () returned 0x1130 [0181.174] malloc (_Size=0x60) returned 0x1d13d0 [0181.174] malloc (_Size=0x40) returned 0x1d0520 [0181.174] GetCurrentThreadId () returned 0x1130 [0181.174] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] malloc (_Size=0xc) returned 0x31e0ad0 [0181.175] malloc (_Size=0x14) returned 0x1d1438 [0181.175] malloc (_Size=0x10) returned 0x31e1c70 [0181.175] malloc (_Size=0xc) returned 0x31e1c28 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] GetCurrentThreadId () returned 0x1130 [0181.175] malloc (_Size=0xa5c) returned 0x31d7080 [0181.176] malloc (_Size=0x40) returned 0x1d7578 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] GetCurrentThreadId () returned 0x1130 [0181.176] malloc (_Size=0xc) returned 0x31e1e20 [0181.176] malloc (_Size=0x720) returned 0x31d2860 [0181.176] malloc (_Size=0xe3c) returned 0x31e40b0 [0181.177] free (_Block=0x31d2860) [0181.177] malloc (_Size=0x15ac) returned 0x31e4ef8 [0181.177] free (_Block=0x31e40b0) [0181.177] malloc (_Size=0x23e4) returned 0x1d9aa8 [0181.178] free (_Block=0x31e4ef8) [0181.178] malloc (_Size=0x3274) returned 0x31e40b0 [0181.178] free (_Block=0x1d9aa8) [0181.178] malloc (_Size=0x4820) returned 0x1d9aa8 [0181.178] free (_Block=0x31e40b0) [0181.178] malloc (_Size=0x64e4) returned 0x31e40b0 [0181.179] free (_Block=0x1d9aa8) [0181.179] malloc (_Size=0x8920) returned 0x31ea5a0 [0181.180] free (_Block=0x31e40b0) [0181.181] GetCurrentThreadId () returned 0x1130 [0181.181] GetCurrentThreadId () returned 0x1130 [0181.181] GetCurrentThreadId () returned 0x1130 [0181.181] GetCurrentThreadId () returned 0x1130 [0181.181] GetCurrentThreadId () returned 0x1130 [0181.181] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] free (_Block=0x31d7080) [0181.182] free (_Block=0x1d14e8) [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.182] GetCurrentThreadId () returned 0x1130 [0181.183] GetCurrentThreadId () returned 0x1130 [0181.183] GetCurrentThreadId () returned 0x1130 [0181.183] GetCurrentThreadId () returned 0x1130 [0181.183] GetCurrentThreadId () returned 0x1130 [0181.183] GetCurrentThreadId () returned 0x1130 [0181.183] GetCurrentThreadId () returned 0x1130 [0181.183] GetCurrentThreadId () returned 0x1130 [0181.183] GetCurrentThreadId () returned 0x1130 [0181.183] free (_Block=0x31ea5a0) [0181.184] free (_Block=0x31e1e20) [0181.184] free (_Block=0x1d7578) [0181.184] WriteFile (in: hFile=0x33c, lpBuffer=0x3a4dc68*, nNumberOfBytesToWrite=0x74f9, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x3a4dc68*, lpNumberOfBytesWritten=0x19fbbc*=0x74f9, lpOverlapped=0x0) returned 1 [0181.186] free (_Block=0x1d7470) [0181.186] free (_Block=0x1d1338) [0181.186] CloseHandle (hObject=0x33c) returned 1 [0181.188] CloseHandle (hObject=0x404) returned 1 [0181.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0181.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0181.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0181.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0181.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0181.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0181.189] SetLastError (dwErrCode=0x0) [0181.189] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", lpFilePart=0x19f9f8*="MasterDescriptor.en-us.xml") returned 0x70 [0181.189] GetLastError () returned 0x0 [0181.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0181.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0181.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0181.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0181.189] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16")) returned 0x10 [0181.190] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\masterdescriptor.en-us.xml")) returned 1 [0181.192] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x29, wSecond=0x11, wMilliseconds=0x95)) [0181.192] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0181.192] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0181.192] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0181.192] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0181.193] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0181.193] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0181.193] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0181.194] CloseHandle (hObject=0x404) returned 1 [0181.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.en-us.xml]omgp:[o№BcZmR67(KFrf>}R;\\Eg65\\.L{7\\m`8BEKxQ]", cchWideChar=77, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0181.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.en-us.xml]omgp:[o№BcZmR67(KFrf>}R;\\Eg65\\.L{7\\m`8BEKxQ]", cchWideChar=77, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0181.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.en-us.xml]omgp:[o№BcZmR67(KFrf>}R;\\Eg65\\.L{7\\m`8BEKxQ]", cchWideChar=77, lpMultiByteStr=0x251e148, cbMultiByte=77, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[MasterDescriptor.en-us.xml]omgp:[o?BcZmR67(KFrf>}R;\\Eg65\\.L{7\\m`8BEKxQ]", lpUsedDefaultChar=0x0) returned 77 [0181.202] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0181.203] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE=") returned 172 [0181.203] GetCurrentThreadId () returned 0x1130 [0181.203] GetCurrentThreadId () returned 0x1130 [0181.203] GetCurrentThreadId () returned 0x1130 [0181.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0181.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0181.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0181.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0181.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0181.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0181.203] SetLastError (dwErrCode=0x0) [0181.203] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320") returned 0x9f [0181.203] GetLastError () returned 0x0 [0181.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0181.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0181.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0181.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0181.203] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16")) returned 0x10 [0181.204] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].wannacash ncov v310320")) returned 0x20 [0181.204] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0181.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0181.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0181.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x74f9 [0181.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0181.204] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0181.204] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0181.204] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0181.204] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0181.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0181.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0181.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0181.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0181.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3") returned 197 [0181.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0181.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3") returned 197 [0181.205] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x74f9 [0181.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0181.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0181.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:3SMKob5MtOgVfgCJoPUqPx+hWBoj0+LJTHgDcD4TT7prlpjhjZlFunpHCU4RP+MrR+Mayud56mQuy3QJhfH17OE8kiAxaQ5tF7dG53Xu3r8RT8HmjVRXt1h1kfA2LuXvA3vjBAyyCsj2uXnv2MEaz29vYy15mafNyWPQTfHtxmE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0181.205] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0181.205] CloseHandle (hObject=0x404) returned 1 [0181.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0181.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0181.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0181.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0181.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0181.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0181.207] SetLastError (dwErrCode=0x0) [0181.207] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", lpFilePart=0x19fa34*="MasterDescriptor.en-us.xml") returned 0x70 [0181.207] GetLastError () returned 0x0 [0181.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0181.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0181.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0181.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0181.207] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16")) returned 0x10 [0181.208] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\masterdescriptor.en-us.xml")) returned 0 [0181.208] GetLastError () returned 0x2 [0181.208] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\MasterDescriptor.en-us.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\masterdescriptor.en-us.xml")) returned 0xffffffff [0181.208] SetLastError (dwErrCode=0x2) [0181.208] GetLastError () returned 0x2 [0181.208] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="\x94ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0181.208] LocalFree (hMem=0x94ee38) returned 0x0 [0181.208] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0181.209] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0181.209] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\stream.x64.en-us.man.dat")) returned 0x20 [0181.210] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=27611631322) returned 1 [0181.277] GetCurrentThreadId () returned 0x1130 [0181.277] GetCurrentThreadId () returned 0x1130 [0181.277] GetCurrentThreadId () returned 0x1130 [0181.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\z_X7ZP.BXT\\kv)RFax5{Kzj6:\\\")bzD5", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0181.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\z_X7ZP.BXT\\kv)RFax5{Kzj6:\\\")bzD5", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0181.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\z_X7ZP.BXT\\kv)RFax5{Kzj6:\\\")bzD5", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\z_X7ZP.BXT\\kv)RFax5{Kzj6:\\\")bzD5", lpUsedDefaultChar=0x0) returned 33 [0181.278] GetCurrentThreadId () returned 0x1130 [0181.278] GetCurrentThreadId () returned 0x1130 [0181.278] GetCurrentThreadId () returned 0x1130 [0181.278] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\stream.x64.en-us.man.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0181.278] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x33c [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] malloc (_Size=0x64) returned 0x1d1338 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.279] GetCurrentThreadId () returned 0x1130 [0181.280] GetCurrentThreadId () returned 0x1130 [0181.280] GetCurrentThreadId () returned 0x1130 [0181.280] GetCurrentThreadId () returned 0x1130 [0181.280] free (_Block=0x1d1338) [0181.280] malloc (_Size=0x60) returned 0x1d1338 [0181.280] free (_Block=0x1d1338) [0181.280] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0181.280] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xd77c4 [0181.280] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0181.280] VirtualAlloc (lpAddress=0x0, dwSize=0xe0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fdd0000 [0181.302] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0181.302] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xd77c4 [0181.302] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0181.302] ReadFile (in: hFile=0x404, lpBuffer=0x7fdd0018, nNumberOfBytesToRead=0xd77c4, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fdd0018*, lpNumberOfBytesRead=0x19fbc8*=0xd77c4, lpOverlapped=0x0) returned 1 [0181.485] malloc (_Size=0x8c) returned 0x1d1338 [0181.485] malloc (_Size=0xfc) returned 0x31d73c0 [0181.485] VirtualAlloc (lpAddress=0x0, dwSize=0xe0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fcf0000 [0181.557] malloc (_Size=0x40) returned 0x1d14e8 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] GetCurrentThreadId () returned 0x1130 [0181.557] malloc (_Size=0xa5c) returned 0x1d9aa8 [0181.558] malloc (_Size=0x40) returned 0x1d7470 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] GetCurrentThreadId () returned 0x1130 [0181.558] malloc (_Size=0xc) returned 0x31e1e20 [0181.558] malloc (_Size=0x720) returned 0x31d2860 [0181.558] malloc (_Size=0xe3c) returned 0x1da510 [0181.559] free (_Block=0x31d2860) [0181.559] malloc (_Size=0x15ac) returned 0x1db358 [0181.559] free (_Block=0x1da510) [0181.559] malloc (_Size=0x23e4) returned 0x1dc910 [0181.559] free (_Block=0x1db358) [0181.559] malloc (_Size=0x3274) returned 0x31e40b0 [0181.560] free (_Block=0x1dc910) [0181.560] malloc (_Size=0x4820) returned 0x1da510 [0181.560] free (_Block=0x31e40b0) [0181.561] malloc (_Size=0x64e4) returned 0x31e40b0 [0181.561] free (_Block=0x1da510) [0181.562] malloc (_Size=0x8920) returned 0x31ea5a0 [0181.563] free (_Block=0x31e40b0) [0181.564] malloc (_Size=0xbb90) returned 0x31f2ec8 [0181.565] free (_Block=0x31ea5a0) [0181.566] malloc (_Size=0xfc90) returned 0x31fea60 [0181.567] free (_Block=0x31f2ec8) [0181.569] malloc (_Size=0x1533c) returned 0x31e40b0 [0181.713] free (_Block=0x31fea60) [0181.716] malloc (_Size=0x1c704) returned 0x31f93f8 [0181.720] free (_Block=0x31e40b0) [0181.721] malloc (_Size=0x265c8) returned 0x3215b08 [0181.725] free (_Block=0x31f93f8) [0181.725] malloc (_Size=0x33758) returned 0x323c0d8 [0181.732] free (_Block=0x3215b08) [0181.732] malloc (_Size=0x45104) returned 0x31e40b0 [0181.732] free (_Block=0x323c0d8) [0181.733] malloc (_Size=0x5c874) returned 0x32291c0 [0181.733] free (_Block=0x31e40b0) [0181.734] malloc (_Size=0x7bac8) returned 0x3a60048 [0181.743] free (_Block=0x32291c0) [0181.837] malloc (_Size=0xa5358) returned 0x3c6b020 [0181.849] free (_Block=0x3a60048) [0181.852] malloc (_Size=0xdcbac) returned 0x3d2c020 [0181.869] free (_Block=0x3c6b020) [0181.930] malloc (_Size=0x126be4) returned 0x3e17020 [0181.955] free (_Block=0x3d2c020) [0182.020] VirtualAlloc (lpAddress=0x0, dwSize=0x130000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fbc0000 [0182.048] GetCurrentThreadId () returned 0x1130 [0182.048] GetCurrentThreadId () returned 0x1130 [0182.048] GetCurrentThreadId () returned 0x1130 [0182.048] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] GetCurrentThreadId () returned 0x1130 [0182.049] free (_Block=0x1d9aa8) [0182.056] free (_Block=0x1d14e8) [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.056] GetCurrentThreadId () returned 0x1130 [0182.057] free (_Block=0x3e17020) [0182.107] free (_Block=0x31e1e20) [0182.107] free (_Block=0x1d7470) [0182.107] WriteFile (in: hFile=0x33c, lpBuffer=0x7fbc0018*, nNumberOfBytesToWrite=0x123d01, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fbc0018*, lpNumberOfBytesWritten=0x19fbbc*=0x123d01, lpOverlapped=0x0) returned 1 [0182.145] free (_Block=0x31d73c0) [0182.146] free (_Block=0x1d1338) [0182.146] VirtualFree (lpAddress=0x7fbc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.200] VirtualFree (lpAddress=0x7fcf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.205] VirtualFree (lpAddress=0x7fdd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0182.210] CloseHandle (hObject=0x33c) returned 1 [0182.243] CloseHandle (hObject=0x404) returned 1 [0182.243] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0182.243] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0182.243] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0182.243] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0182.243] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0182.243] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0182.243] SetLastError (dwErrCode=0x0) [0182.243] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", lpFilePart=0x19f9f8*="stream.x64.en-us.man.dat") returned 0x6e [0182.244] GetLastError () returned 0x0 [0182.244] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0182.244] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0182.244] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0182.244] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0182.244] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16")) returned 0x10 [0182.244] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\stream.x64.en-us.man.dat")) returned 1 [0182.300] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x29, wSecond=0x12, wMilliseconds=0x106)) [0182.300] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0182.300] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0182.300] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0182.300] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0182.300] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0182.300] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0182.300] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0182.300] CloseHandle (hObject=0x404) returned 1 [0182.300] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.en-us.man.dat]omgp:[\\z_X7ZP.BXT\\kv)RFax5{Kzj6:\\\")bzD5]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0182.300] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.en-us.man.dat]omgp:[\\z_X7ZP.BXT\\kv)RFax5{Kzj6:\\\")bzD5]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0182.301] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.en-us.man.dat]omgp:[\\z_X7ZP.BXT\\kv)RFax5{Kzj6:\\\")bzD5]", cchWideChar=71, lpMultiByteStr=0x252c6b0, cbMultiByte=71, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[stream.x64.en-us.man.dat]omgp:[\\z_X7ZP.BXT\\kv)RFax5{Kzj6:\\\")bzD5]", lpUsedDefaultChar=0x0) returned 71 [0182.308] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0182.308] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk=") returned 172 [0182.308] GetCurrentThreadId () returned 0x1130 [0182.308] GetCurrentThreadId () returned 0x1130 [0182.308] GetCurrentThreadId () returned 0x1130 [0182.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0182.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0182.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0182.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0182.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0182.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0182.308] SetLastError (dwErrCode=0x0) [0182.308] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320") returned 0x9f [0182.308] GetLastError () returned 0x0 [0182.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0182.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0182.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0182.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0182.308] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16")) returned 0x10 [0182.309] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].wannacash ncov v310320")) returned 0x20 [0182.309] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [2].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0182.309] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0182.309] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0182.309] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x123d01 [0182.309] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0182.309] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0182.309] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0182.309] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0182.309] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0182.309] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0182.310] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0182.310] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0182.310] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0182.310] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3") returned 197 [0182.310] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0182.310] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3") returned 197 [0182.310] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x123d01 [0182.310] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0182.310] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0182.310] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tSH9qC/x5jSr9aPsAJbB80ljBMpgTgDYR4GMY127WKL/oYk0XngXUp/91nZ+TzI7NZCytw8LE5uydeQ3E1UPNYKWfVOpHQo35JIGwalBgKTNt4lZGQi9LmCreq8Oz3UTfoZEL398jcbvXnQMb7huXRMyq1tYwEfIK8vzPl+FXxk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0182.310] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0182.310] CloseHandle (hObject=0x404) returned 1 [0182.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0182.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0182.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0182.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0182.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0182.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0182.337] SetLastError (dwErrCode=0x0) [0182.337] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", lpFilePart=0x19fa34*="stream.x64.en-us.man.dat") returned 0x6e [0182.337] GetLastError () returned 0x0 [0182.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0182.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0182.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0182.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0182.337] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16")) returned 0x10 [0182.338] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\stream.x64.en-us.man.dat")) returned 0 [0182.338] GetLastError () returned 0x2 [0182.338] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\en-us.16\\stream.x64.en-us.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\en-us.16\\stream.x64.en-us.man.dat")) returned 0xffffffff [0182.338] SetLastError (dwErrCode=0x2) [0182.338] GetLastError () returned 0x2 [0182.338] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="\x94ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0182.338] LocalFree (hMem=0x94ee38) returned 0x0 [0182.338] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0182.338] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0182.339] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\masterdescriptor.x-none.xml")) returned 0x20 [0182.388] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=27729452866) returned 1 [0182.388] GetCurrentThreadId () returned 0x1130 [0182.389] GetCurrentThreadId () returned 0x1130 [0182.389] GetCurrentThreadId () returned 0x1130 [0182.389] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/$4xVF№4LOGBRet/|pg3sA^|NGPR5ra", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0182.389] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/$4xVF№4LOGBRet/|pg3sA^|NGPR5ra", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0182.389] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/$4xVF№4LOGBRet/|pg3sA^|NGPR5ra", cchWideChar=31, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="/$4xVFâ\x84\x964LOGBRet/|pg3sA^|NGPR5ra", lpUsedDefaultChar=0x0) returned 33 [0182.389] GetCurrentThreadId () returned 0x1130 [0182.389] GetCurrentThreadId () returned 0x1130 [0182.389] GetCurrentThreadId () returned 0x1130 [0182.389] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\masterdescriptor.x-none.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0182.389] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x33c [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] malloc (_Size=0x64) returned 0x1d1338 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] GetCurrentThreadId () returned 0x1130 [0182.390] free (_Block=0x1d1338) [0182.390] malloc (_Size=0x60) returned 0x1d1338 [0182.390] free (_Block=0x1d1338) [0182.390] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0182.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5211 [0182.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0182.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0182.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5211 [0182.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0182.391] ReadFile (in: hFile=0x404, lpBuffer=0x3a4dc68, nNumberOfBytesToRead=0x5211, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x3a4dc68*, lpNumberOfBytesRead=0x19fbc8*=0x5211, lpOverlapped=0x0) returned 1 [0182.394] malloc (_Size=0x8c) returned 0x1d1338 [0182.394] malloc (_Size=0xfc) returned 0x31d7e10 [0182.394] malloc (_Size=0x40) returned 0x1d14e8 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] malloc (_Size=0xa5c) returned 0x31e40b0 [0182.394] malloc (_Size=0x40) returned 0x1d7470 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.394] GetCurrentThreadId () returned 0x1130 [0182.395] GetCurrentThreadId () returned 0x1130 [0182.395] GetCurrentThreadId () returned 0x1130 [0182.395] GetCurrentThreadId () returned 0x1130 [0182.395] GetCurrentThreadId () returned 0x1130 [0182.395] GetCurrentThreadId () returned 0x1130 [0182.395] GetCurrentThreadId () returned 0x1130 [0182.395] GetCurrentThreadId () returned 0x1130 [0182.395] GetCurrentThreadId () returned 0x1130 [0182.395] GetCurrentThreadId () returned 0x1130 [0182.395] GetCurrentThreadId () returned 0x1130 [0182.395] malloc (_Size=0xc) returned 0x31e1dc0 [0182.395] malloc (_Size=0x720) returned 0x31d2860 [0182.395] malloc (_Size=0xe3c) returned 0x1d9aa8 [0182.396] free (_Block=0x31d2860) [0182.396] malloc (_Size=0x15ac) returned 0x1da8f0 [0182.396] free (_Block=0x1d9aa8) [0182.396] malloc (_Size=0x23e4) returned 0x1dbea8 [0182.396] free (_Block=0x1da8f0) [0182.396] malloc (_Size=0x3274) returned 0x3a60048 [0182.399] free (_Block=0x1dbea8) [0182.399] malloc (_Size=0x4820) returned 0x1d9aa8 [0182.399] free (_Block=0x3a60048) [0182.401] malloc (_Size=0x64e4) returned 0x3a60048 [0182.403] free (_Block=0x1d9aa8) [0182.405] malloc (_Size=0x8920) returned 0x3a66538 [0182.407] free (_Block=0x3a60048) [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.409] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] free (_Block=0x31e40b0) [0182.410] free (_Block=0x1d14e8) [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.410] GetCurrentThreadId () returned 0x1130 [0182.411] GetCurrentThreadId () returned 0x1130 [0182.411] free (_Block=0x3a66538) [0182.415] free (_Block=0x31e1dc0) [0182.415] free (_Block=0x1d7470) [0182.415] WriteFile (in: hFile=0x33c, lpBuffer=0x3a581c8*, nNumberOfBytesToWrite=0x6f4f, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x3a581c8*, lpNumberOfBytesWritten=0x19fbbc*=0x6f4f, lpOverlapped=0x0) returned 1 [0182.468] free (_Block=0x31d7e10) [0182.468] free (_Block=0x1d1338) [0182.468] CloseHandle (hObject=0x33c) returned 1 [0182.564] CloseHandle (hObject=0x404) returned 1 [0182.564] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0182.564] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0182.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0182.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0182.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0182.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0182.565] SetLastError (dwErrCode=0x0) [0182.565] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", lpFilePart=0x19f9f8*="MasterDescriptor.x-none.xml") returned 0x72 [0182.565] GetLastError () returned 0x0 [0182.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0182.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0182.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0182.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0182.565] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16")) returned 0x10 [0182.566] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\masterdescriptor.x-none.xml")) returned 1 [0182.567] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x29, wSecond=0x12, wMilliseconds=0x216)) [0182.567] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0182.568] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0182.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0182.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0182.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0183.165] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0183.165] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0183.166] CloseHandle (hObject=0x404) returned 1 [0183.166] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.x-none.xml]omgp:[/$4xVF№4LOGBRet/|pg3sA^|NGPR5ra]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0183.166] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.x-none.xml]omgp:[/$4xVF№4LOGBRet/|pg3sA^|NGPR5ra]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0183.166] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.x-none.xml]omgp:[/$4xVF№4LOGBRet/|pg3sA^|NGPR5ra]", cchWideChar=72, lpMultiByteStr=0x252c6b0, cbMultiByte=72, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[MasterDescriptor.x-none.xml]omgp:[/$4xVF?4LOGBRet/|pg3sA^|NGPR5ra]", lpUsedDefaultChar=0x0) returned 72 [0183.177] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0183.177] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4=") returned 172 [0183.178] GetCurrentThreadId () returned 0x1130 [0183.178] GetCurrentThreadId () returned 0x1130 [0183.178] GetCurrentThreadId () returned 0x1130 [0183.178] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0183.178] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0183.178] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0183.178] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0183.178] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0183.178] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0183.178] SetLastError (dwErrCode=0x0) [0183.178] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320") returned 0xa0 [0183.178] GetLastError () returned 0x0 [0183.178] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0183.178] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0183.178] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0183.179] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0183.179] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16")) returned 0x10 [0183.179] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].wannacash ncov v310320")) returned 0x20 [0183.179] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [3].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0183.179] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0183.179] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0183.180] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x6f4f [0183.180] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0183.180] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0183.180] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0183.180] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0183.180] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0183.180] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0183.180] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0183.180] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0183.180] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0183.180] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3") returned 197 [0183.180] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0183.180] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3") returned 197 [0183.180] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x6f4f [0183.180] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0183.180] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0183.180] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SAxxh+YjbL5x/qE1c5uQem8mhwRg5HmlmOx00H2oRWcOC7r0GAU+mOfDWRLGEtlO9c9k6v4UMqmDdZ17qyjp8X1Kn9mhs9+qk1Un3vDN7AAYD5ou6l1JV0IjEoq89q5mZDSo9XnhuKoURd7bBP+jMd0JemspgUmtdH6wtPbvSh4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0183.180] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0183.181] CloseHandle (hObject=0x404) returned 1 [0183.196] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0183.196] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0183.196] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0183.196] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0183.196] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0183.196] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0183.196] SetLastError (dwErrCode=0x0) [0183.196] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", lpFilePart=0x19fa34*="MasterDescriptor.x-none.xml") returned 0x72 [0183.196] GetLastError () returned 0x0 [0183.196] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0183.196] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0183.196] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0183.196] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0183.197] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16")) returned 0x10 [0183.197] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\masterdescriptor.x-none.xml")) returned 0 [0183.250] GetLastError () returned 0x2 [0183.250] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\MasterDescriptor.x-none.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\masterdescriptor.x-none.xml")) returned 0xffffffff [0183.251] SetLastError (dwErrCode=0x2) [0183.251] GetLastError () returned 0x2 [0183.251] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="\x94ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0183.251] LocalFree (hMem=0x94ee38) returned 0x0 [0183.251] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0183.251] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0183.252] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\stream.x64.x-none.man.dat")) returned 0x20 [0183.252] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=27815820850) returned 1 [0183.252] GetCurrentThreadId () returned 0x1130 [0183.252] GetCurrentThreadId () returned 0x1130 [0183.252] GetCurrentThreadId () returned 0x1130 [0183.252] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="%{/2j=oVvzPtivs~_.\"8VE=WsC}@%ka%", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0183.252] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="%{/2j=oVvzPtivs~_.\"8VE=WsC}@%ka%", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0183.252] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="%{/2j=oVvzPtivs~_.\"8VE=WsC}@%ka%", cchWideChar=32, lpMultiByteStr=0x250f7b8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="%{/2j=oVvzPtivs~_.\"8VE=WsC}@%ka%", lpUsedDefaultChar=0x0) returned 32 [0183.252] GetCurrentThreadId () returned 0x1130 [0183.252] GetCurrentThreadId () returned 0x1130 [0183.252] GetCurrentThreadId () returned 0x1130 [0183.253] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\stream.x64.x-none.man.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0183.253] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x33c [0183.253] GetCurrentThreadId () returned 0x1130 [0183.253] GetCurrentThreadId () returned 0x1130 [0183.253] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] malloc (_Size=0x64) returned 0x1d1338 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.254] GetCurrentThreadId () returned 0x1130 [0183.255] GetCurrentThreadId () returned 0x1130 [0183.255] free (_Block=0x1d1338) [0183.255] malloc (_Size=0x60) returned 0x1d1338 [0183.255] free (_Block=0x1d1338) [0183.255] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0183.255] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x38480a [0183.255] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0183.255] VirtualAlloc (lpAddress=0x0, dwSize=0x390000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fb20000 [0183.362] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0183.362] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x38480a [0183.362] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0183.362] ReadFile (in: hFile=0x404, lpBuffer=0x7fb20018, nNumberOfBytesToRead=0x38480a, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fb20018*, lpNumberOfBytesRead=0x19fbc8*=0x38480a, lpOverlapped=0x0) returned 1 [0183.554] malloc (_Size=0x8c) returned 0x1d1338 [0183.554] malloc (_Size=0xfc) returned 0x31d7e10 [0183.554] VirtualAlloc (lpAddress=0x0, dwSize=0x390000, flAllocationType=0x101000, flProtect=0x4) returned 0x7f790000 [0183.735] malloc (_Size=0x40) returned 0x1d14e8 [0183.735] GetCurrentThreadId () returned 0x1130 [0183.735] GetCurrentThreadId () returned 0x1130 [0183.735] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] malloc (_Size=0xa5c) returned 0x31e40b0 [0183.736] malloc (_Size=0x40) returned 0x1d7470 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] GetCurrentThreadId () returned 0x1130 [0183.736] malloc (_Size=0xc) returned 0x31e1dc0 [0183.737] malloc (_Size=0x720) returned 0x31d2860 [0183.737] malloc (_Size=0xe3c) returned 0x1d9aa8 [0183.737] free (_Block=0x31d2860) [0183.737] malloc (_Size=0x15ac) returned 0x1da8f0 [0183.737] free (_Block=0x1d9aa8) [0183.737] malloc (_Size=0x23e4) returned 0x1dbea8 [0183.738] free (_Block=0x1da8f0) [0183.738] malloc (_Size=0x3274) returned 0x3a60048 [0183.740] free (_Block=0x1dbea8) [0183.740] malloc (_Size=0x4820) returned 0x1d9aa8 [0183.740] free (_Block=0x3a60048) [0183.741] malloc (_Size=0x64e4) returned 0x3a60048 [0183.743] free (_Block=0x1d9aa8) [0183.978] malloc (_Size=0x8920) returned 0x3a66538 [0183.980] free (_Block=0x3a60048) [0183.982] malloc (_Size=0xbb90) returned 0x3a6ee60 [0183.984] free (_Block=0x3a66538) [0183.987] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0183.988] free (_Block=0x3a6ee60) [0183.991] malloc (_Size=0x1533c) returned 0x3a60048 [0183.992] free (_Block=0x3a7a9f8) [0183.995] malloc (_Size=0x1c704) returned 0x3a75390 [0184.029] free (_Block=0x3a60048) [0184.030] malloc (_Size=0x265c8) returned 0x3a91aa0 [0184.031] free (_Block=0x3a75390) [0184.032] malloc (_Size=0x33758) returned 0x31e4b18 [0184.035] free (_Block=0x3a91aa0) [0184.035] malloc (_Size=0x45104) returned 0x3a60048 [0184.035] free (_Block=0x31e4b18) [0184.035] malloc (_Size=0x5c874) returned 0x31e4b18 [0184.038] free (_Block=0x3a60048) [0184.039] malloc (_Size=0x7bac8) returned 0x3a60048 [0184.040] free (_Block=0x31e4b18) [0184.096] malloc (_Size=0xa5358) returned 0xb55020 [0184.106] free (_Block=0x3a60048) [0184.109] malloc (_Size=0xdcbac) returned 0x3c61020 [0184.122] free (_Block=0xb55020) [0184.128] malloc (_Size=0x126be4) returned 0x3d45020 [0184.193] free (_Block=0x3c61020) [0184.204] malloc (_Size=0x189274) returned 0x3e7b020 [0184.223] free (_Block=0x3d45020) [0184.282] malloc (_Size=0x20c820) returned 0x401a020 [0184.303] free (_Block=0x3e7b020) [0184.365] malloc (_Size=0x2bba3c) returned 0x3c6b020 [0184.399] free (_Block=0x401a020) [0184.466] malloc (_Size=0x3a5058) returned 0x3f3a020 [0184.556] free (_Block=0x3c6b020) [0184.650] malloc (_Size=0x4dc7ac) returned 0x42f0020 [0185.389] free (_Block=0x3f3a020) [0185.555] VirtualAlloc (lpAddress=0x0, dwSize=0x4d0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7f2c0000 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.751] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] free (_Block=0x31e40b0) [0185.752] free (_Block=0x1d14e8) [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.752] GetCurrentThreadId () returned 0x1130 [0185.753] GetCurrentThreadId () returned 0x1130 [0185.753] GetCurrentThreadId () returned 0x1130 [0185.753] GetCurrentThreadId () returned 0x1130 [0185.753] GetCurrentThreadId () returned 0x1130 [0185.753] GetCurrentThreadId () returned 0x1130 [0185.753] GetCurrentThreadId () returned 0x1130 [0185.754] free (_Block=0x42f0020) [0186.094] free (_Block=0x31e1dc0) [0186.094] free (_Block=0x1d7470) [0186.094] WriteFile (in: hFile=0x33c, lpBuffer=0x7f2c0018*, nNumberOfBytesToWrite=0x4c3704, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7f2c0018*, lpNumberOfBytesWritten=0x19fbbc*=0x4c3704, lpOverlapped=0x0) returned 1 [0186.565] free (_Block=0x31d7e10) [0186.565] free (_Block=0x1d1338) [0186.565] VirtualFree (lpAddress=0x7f2c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0186.797] VirtualFree (lpAddress=0x7f790000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.086] VirtualFree (lpAddress=0x7fb20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0187.322] CloseHandle (hObject=0x33c) returned 1 [0188.090] CloseHandle (hObject=0x404) returned 1 [0188.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0188.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0188.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0188.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0188.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0188.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0188.091] SetLastError (dwErrCode=0x0) [0188.091] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", lpFilePart=0x19f9f8*="stream.x64.x-none.man.dat") returned 0x70 [0188.091] GetLastError () returned 0x0 [0188.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0188.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0188.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0188.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0188.091] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16")) returned 0x10 [0188.091] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\stream.x64.x-none.man.dat")) returned 1 [0188.100] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x29, wSecond=0x18, wMilliseconds=0x3c)) [0188.100] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0188.100] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0188.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0188.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0188.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0188.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0188.101] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0188.101] CloseHandle (hObject=0x404) returned 1 [0188.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.x-none.man.dat]omgp:[%{/2j=oVvzPtivs~_.\"8VE=WsC}@%ka%]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0188.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.x-none.man.dat]omgp:[%{/2j=oVvzPtivs~_.\"8VE=WsC}@%ka%]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0188.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.x-none.man.dat]omgp:[%{/2j=oVvzPtivs~_.\"8VE=WsC}@%ka%]", cchWideChar=71, lpMultiByteStr=0x252c6b0, cbMultiByte=71, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[stream.x64.x-none.man.dat]omgp:[%{/2j=oVvzPtivs~_.\"8VE=WsC}@%ka%]]", lpUsedDefaultChar=0x0) returned 71 [0188.107] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0188.108] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds=") returned 172 [0188.108] GetCurrentThreadId () returned 0x1130 [0188.108] GetCurrentThreadId () returned 0x1130 [0188.108] GetCurrentThreadId () returned 0x1130 [0188.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0188.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0188.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0188.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0188.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0188.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0188.108] SetLastError (dwErrCode=0x0) [0188.108] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320") returned 0xa0 [0188.108] GetLastError () returned 0x0 [0188.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0188.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0188.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0188.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0188.108] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16")) returned 0x10 [0188.109] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].wannacash ncov v310320")) returned 0x20 [0188.109] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [4].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0188.109] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0188.109] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0188.109] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x4c3704 [0188.109] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0188.109] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0188.111] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.111] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.111] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0188.111] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.111] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.111] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0188.111] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0188.111] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3") returned 197 [0188.111] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0188.111] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3") returned 197 [0188.111] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x4c3704 [0188.111] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.111] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.111] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:RhrRPQWfH83sOdPszbf85BGzk+vuLDfeQyDpiSX/M0Im5kasKkbx0jAxUSQ+6C2ASeGk+iMzIxY8qgY+J0C7XNVSLk8dQXpzco3D3eNuLmElgs/Ay5iuPdj8bHiLf9iB4oeeTdmFGUClDH6iCmUtjm0EVv8OqAr1HM7UG7kU6Ds= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0188.111] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0188.112] CloseHandle (hObject=0x404) returned 1 [0188.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0188.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0188.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0188.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0188.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0188.513] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0188.514] SetLastError (dwErrCode=0x0) [0188.514] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", lpFilePart=0x19fa34*="stream.x64.x-none.man.dat") returned 0x70 [0188.514] GetLastError () returned 0x0 [0188.514] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0188.514] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0188.514] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0188.514] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0188.514] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16")) returned 0x10 [0188.514] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\stream.x64.x-none.man.dat")) returned 0 [0188.514] GetLastError () returned 0x2 [0188.514] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\0D0D4EEB-DC03-4B3F-88DF-959FE1EDE5F4\\x-none.16\\stream.x64.x-none.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\0d0d4eeb-dc03-4b3f-88df-959fe1ede5f4\\x-none.16\\stream.x64.x-none.man.dat")) returned 0xffffffff [0188.514] SetLastError (dwErrCode=0x2) [0188.514] GetLastError () returned 0x2 [0188.514] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0188.514] LocalFree (hMem=0x92fe20) returned 0x0 [0188.514] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0188.515] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0188.515] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\masterdescriptor.en-us.xml")) returned 0x20 [0188.570] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=28347646721) returned 1 [0188.570] GetCurrentThreadId () returned 0x1130 [0188.570] GetCurrentThreadId () returned 0x1130 [0188.570] GetCurrentThreadId () returned 0x1130 [0188.570] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="{1f(S~?5*UG5wv1\\?@VZUqQ>Z\\2stZ&keO<", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0188.571] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="{1f(S~?5*UG5wv1\\?@VZUqQ>Z\\2stZ&keO<", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0188.571] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="{1f(S~?5*UG5wv1\\?@VZUqQ>Z\\2stZ&keO<", cchWideChar=35, lpMultiByteStr=0x250f7b8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{1f(S~?5*UG5wv1\\?@VZUqQ>Z\\2stZ&keO<", lpUsedDefaultChar=0x0) returned 35 [0188.571] GetCurrentThreadId () returned 0x1130 [0188.571] GetCurrentThreadId () returned 0x1130 [0188.571] GetCurrentThreadId () returned 0x1130 [0188.571] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\masterdescriptor.en-us.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0188.571] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x33c [0188.571] GetCurrentThreadId () returned 0x1130 [0188.571] GetCurrentThreadId () returned 0x1130 [0188.571] GetCurrentThreadId () returned 0x1130 [0188.571] GetCurrentThreadId () returned 0x1130 [0188.571] GetCurrentThreadId () returned 0x1130 [0188.571] GetCurrentThreadId () returned 0x1130 [0188.571] GetCurrentThreadId () returned 0x1130 [0188.571] GetCurrentThreadId () returned 0x1130 [0188.571] GetCurrentThreadId () returned 0x1130 [0188.572] GetCurrentThreadId () returned 0x1130 [0188.572] GetCurrentThreadId () returned 0x1130 [0188.572] GetCurrentThreadId () returned 0x1130 [0188.572] GetCurrentThreadId () returned 0x1130 [0188.572] malloc (_Size=0x64) returned 0x1d1338 [0188.572] GetCurrentThreadId () returned 0x1130 [0188.572] GetCurrentThreadId () returned 0x1130 [0188.572] GetCurrentThreadId () returned 0x1130 [0188.572] GetCurrentThreadId () returned 0x1130 [0188.572] GetCurrentThreadId () returned 0x1130 [0188.572] GetCurrentThreadId () returned 0x1130 [0188.572] free (_Block=0x1d1338) [0188.572] malloc (_Size=0x60) returned 0x1d1338 [0188.572] free (_Block=0x1d1338) [0188.572] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0188.572] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x564f [0188.572] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0188.572] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0188.573] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x564f [0188.573] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0188.573] ReadFile (in: hFile=0x404, lpBuffer=0x3a4dc68, nNumberOfBytesToRead=0x564f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x3a4dc68*, lpNumberOfBytesRead=0x19fbc8*=0x564f, lpOverlapped=0x0) returned 1 [0188.809] malloc (_Size=0x8c) returned 0x1d1338 [0188.809] malloc (_Size=0xfc) returned 0x31d72b8 [0188.809] malloc (_Size=0x40) returned 0x1d14e8 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] malloc (_Size=0xa5c) returned 0x31e40b0 [0188.809] malloc (_Size=0x40) returned 0x1d7470 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.809] GetCurrentThreadId () returned 0x1130 [0188.810] GetCurrentThreadId () returned 0x1130 [0188.810] GetCurrentThreadId () returned 0x1130 [0188.810] GetCurrentThreadId () returned 0x1130 [0188.810] GetCurrentThreadId () returned 0x1130 [0188.810] GetCurrentThreadId () returned 0x1130 [0188.810] GetCurrentThreadId () returned 0x1130 [0188.810] GetCurrentThreadId () returned 0x1130 [0188.810] GetCurrentThreadId () returned 0x1130 [0188.810] GetCurrentThreadId () returned 0x1130 [0188.810] malloc (_Size=0xc) returned 0x31e1ca0 [0188.810] malloc (_Size=0x720) returned 0x31d2860 [0188.810] malloc (_Size=0xe3c) returned 0x1d9aa8 [0188.810] free (_Block=0x31d2860) [0188.810] malloc (_Size=0x15ac) returned 0x1da8f0 [0188.810] free (_Block=0x1d9aa8) [0188.810] malloc (_Size=0x23e4) returned 0x1dbea8 [0188.811] free (_Block=0x1da8f0) [0188.811] malloc (_Size=0x3274) returned 0x3a60048 [0188.811] free (_Block=0x1dbea8) [0188.813] malloc (_Size=0x4820) returned 0x1d9aa8 [0188.814] free (_Block=0x3a60048) [0188.817] malloc (_Size=0x64e4) returned 0x3a60048 [0188.819] free (_Block=0x1d9aa8) [0188.820] malloc (_Size=0x8920) returned 0x3a66538 [0188.822] free (_Block=0x3a60048) [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] free (_Block=0x31e40b0) [0188.824] free (_Block=0x1d14e8) [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.824] GetCurrentThreadId () returned 0x1130 [0188.825] GetCurrentThreadId () returned 0x1130 [0188.825] GetCurrentThreadId () returned 0x1130 [0188.825] GetCurrentThreadId () returned 0x1130 [0188.825] GetCurrentThreadId () returned 0x1130 [0188.825] GetCurrentThreadId () returned 0x1130 [0188.825] GetCurrentThreadId () returned 0x1130 [0188.825] free (_Block=0x3a66538) [0188.828] free (_Block=0x31e1ca0) [0188.828] free (_Block=0x1d7470) [0188.828] WriteFile (in: hFile=0x33c, lpBuffer=0x3a58ac8*, nNumberOfBytesToWrite=0x74f9, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x3a58ac8*, lpNumberOfBytesWritten=0x19fbbc*=0x74f9, lpOverlapped=0x0) returned 1 [0188.830] free (_Block=0x31d72b8) [0188.830] free (_Block=0x1d1338) [0188.830] CloseHandle (hObject=0x33c) returned 1 [0188.832] CloseHandle (hObject=0x404) returned 1 [0188.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0188.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0188.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0188.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0188.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0188.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0188.832] SetLastError (dwErrCode=0x0) [0188.832] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", lpFilePart=0x19f9f8*="MasterDescriptor.en-us.xml") returned 0x70 [0188.832] GetLastError () returned 0x0 [0188.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0188.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0188.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0188.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0188.832] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16")) returned 0x10 [0188.833] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\masterdescriptor.en-us.xml")) returned 1 [0188.835] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x29, wSecond=0x18, wMilliseconds=0x31a)) [0188.835] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0188.835] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0188.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0188.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0188.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0188.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0188.835] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0188.835] CloseHandle (hObject=0x404) returned 1 [0188.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.en-us.xml]omgp:[{1f(S~?5*UG5wv1\\?@VZUqQ>Z\\2stZ&keO<]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0188.836] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.en-us.xml]omgp:[{1f(S~?5*UG5wv1\\?@VZUqQ>Z\\2stZ&keO<]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0188.836] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.en-us.xml]omgp:[{1f(S~?5*UG5wv1\\?@VZUqQ>Z\\2stZ&keO<]", cchWideChar=75, lpMultiByteStr=0x252c6b0, cbMultiByte=75, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[MasterDescriptor.en-us.xml]omgp:[{1f(S~?5*UG5wv1\\?@VZUqQ>Z\\2stZ&keO<]", lpUsedDefaultChar=0x0) returned 75 [0188.844] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0188.844] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg=") returned 172 [0188.844] GetCurrentThreadId () returned 0x1130 [0188.844] GetCurrentThreadId () returned 0x1130 [0188.845] GetCurrentThreadId () returned 0x1130 [0188.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0188.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0188.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0188.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0188.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0188.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0188.845] SetLastError (dwErrCode=0x0) [0188.845] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320") returned 0x9f [0188.845] GetLastError () returned 0x0 [0188.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0188.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0188.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0188.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0188.845] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16")) returned 0x10 [0188.845] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].wannacash ncov v310320")) returned 0x20 [0188.846] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [5].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0188.846] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0188.846] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0188.846] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x74f9 [0188.846] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0188.846] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0188.846] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.846] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.846] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0188.846] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.846] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.846] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0188.846] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0188.846] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3") returned 197 [0188.846] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0188.847] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3") returned 197 [0188.847] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x74f9 [0188.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0188.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vswRi9Bl4FIqu+KX6Q5qzbJ4K9HUwsSjBO46OImsAFeSWS9Vit2DEUr9oV0ODOyRQjaOWdcQvwVHv4Z4Evumqfy3Pl/M3Kr2RXUDPGpBkb7r10hZjtjU+FZ0g7OdYjKUUey5jI7XyNfN2SZi36tnS16vL8SXeJclouD9LGxqmAg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0188.847] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0188.847] CloseHandle (hObject=0x404) returned 1 [0188.890] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0188.890] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0188.890] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0188.890] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0188.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0188.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0188.891] SetLastError (dwErrCode=0x0) [0188.891] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", lpFilePart=0x19fa34*="MasterDescriptor.en-us.xml") returned 0x70 [0188.891] GetLastError () returned 0x0 [0188.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0188.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0188.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=8) returned 1 [0188.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml", cchCount2=4) returned 1 [0188.891] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16")) returned 0x10 [0188.891] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\masterdescriptor.en-us.xml")) returned 0 [0188.891] GetLastError () returned 0x2 [0188.891] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\MasterDescriptor.en-us.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\masterdescriptor.en-us.xml")) returned 0xffffffff [0188.891] SetLastError (dwErrCode=0x2) [0188.891] GetLastError () returned 0x2 [0188.891] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0188.891] LocalFree (hMem=0x92fe20) returned 0x0 [0188.891] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0188.892] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0188.892] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\stream.x64.en-us.man.dat")) returned 0x20 [0188.893] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=28379888931) returned 1 [0188.893] GetCurrentThreadId () returned 0x1130 [0188.893] GetCurrentThreadId () returned 0x1130 [0188.893] GetCurrentThreadId () returned 0x1130 [0188.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=",v(g$qOk\"}w2vz?Jn(+EYv,Q|QA$GEc=D,+", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0188.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=",v(g$qOk\"}w2vz?Jn(+EYv,Q|QA$GEc=D,+", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0188.893] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=",v(g$qOk\"}w2vz?Jn(+EYv,Q|QA$GEc=D,+", cchWideChar=35, lpMultiByteStr=0x250f7b8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",v(g$qOk\"}w2vz?Jn(+EYv,Q|QA$GEc=D,+", lpUsedDefaultChar=0x0) returned 35 [0188.893] GetCurrentThreadId () returned 0x1130 [0188.893] GetCurrentThreadId () returned 0x1130 [0188.893] GetCurrentThreadId () returned 0x1130 [0188.893] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\stream.x64.en-us.man.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0188.893] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x33c [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] malloc (_Size=0x64) returned 0x1d1338 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] GetCurrentThreadId () returned 0x1130 [0188.894] free (_Block=0x1d1338) [0188.894] malloc (_Size=0x60) returned 0x1d1338 [0188.894] free (_Block=0x1d1338) [0188.894] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0188.894] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xd77c4 [0188.894] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0188.895] VirtualAlloc (lpAddress=0x0, dwSize=0xe0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fdd0000 [0188.913] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0188.913] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xd77c4 [0188.913] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0188.913] ReadFile (in: hFile=0x404, lpBuffer=0x7fdd0018, nNumberOfBytesToRead=0xd77c4, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fdd0018*, lpNumberOfBytesRead=0x19fbc8*=0xd77c4, lpOverlapped=0x0) returned 1 [0189.158] malloc (_Size=0x8c) returned 0x1d1338 [0189.158] malloc (_Size=0xfc) returned 0x31d7e10 [0189.158] VirtualAlloc (lpAddress=0x0, dwSize=0xe0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fcf0000 [0189.174] malloc (_Size=0x40) returned 0x1d14e8 [0189.174] GetCurrentThreadId () returned 0x1130 [0189.174] GetCurrentThreadId () returned 0x1130 [0189.174] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] malloc (_Size=0xa5c) returned 0x31e40b0 [0189.175] malloc (_Size=0x40) returned 0x1d7470 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] GetCurrentThreadId () returned 0x1130 [0189.175] malloc (_Size=0xc) returned 0x31e1df0 [0189.175] malloc (_Size=0x720) returned 0x31d2860 [0189.175] malloc (_Size=0xe3c) returned 0x1d9aa8 [0189.176] free (_Block=0x31d2860) [0189.176] malloc (_Size=0x15ac) returned 0x1da8f0 [0189.176] free (_Block=0x1d9aa8) [0189.176] malloc (_Size=0x23e4) returned 0x1dbea8 [0189.176] free (_Block=0x1da8f0) [0189.176] malloc (_Size=0x3274) returned 0x3a60048 [0189.177] free (_Block=0x1dbea8) [0189.177] malloc (_Size=0x4820) returned 0x1d9aa8 [0189.178] free (_Block=0x3a60048) [0189.179] malloc (_Size=0x64e4) returned 0x3a60048 [0189.180] free (_Block=0x1d9aa8) [0189.182] malloc (_Size=0x8920) returned 0x3a66538 [0189.204] free (_Block=0x3a60048) [0189.206] malloc (_Size=0xbb90) returned 0x3a6ee60 [0189.208] free (_Block=0x3a66538) [0189.210] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0189.213] free (_Block=0x3a6ee60) [0189.216] malloc (_Size=0x1533c) returned 0x3a60048 [0189.218] free (_Block=0x3a7a9f8) [0189.222] malloc (_Size=0x1c704) returned 0x3a75390 [0189.225] free (_Block=0x3a60048) [0189.226] malloc (_Size=0x265c8) returned 0x3a91aa0 [0189.228] free (_Block=0x3a75390) [0189.228] malloc (_Size=0x33758) returned 0x31e4b18 [0189.235] free (_Block=0x3a91aa0) [0189.236] malloc (_Size=0x45104) returned 0x3a60048 [0189.236] free (_Block=0x31e4b18) [0189.236] malloc (_Size=0x5c874) returned 0x31e4b18 [0189.239] free (_Block=0x3a60048) [0189.241] malloc (_Size=0x7bac8) returned 0x3a60048 [0189.241] free (_Block=0x31e4b18) [0189.297] malloc (_Size=0xa5358) returned 0xb56020 [0189.306] free (_Block=0x3a60048) [0189.309] malloc (_Size=0xdcbac) returned 0x3c61020 [0189.322] free (_Block=0xb56020) [0189.391] malloc (_Size=0x126be4) returned 0x3d48020 [0189.413] free (_Block=0x3c61020) [0189.482] VirtualAlloc (lpAddress=0x0, dwSize=0x130000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fbc0000 [0189.548] GetCurrentThreadId () returned 0x1130 [0189.548] GetCurrentThreadId () returned 0x1130 [0189.548] GetCurrentThreadId () returned 0x1130 [0189.548] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] free (_Block=0x31e40b0) [0189.549] free (_Block=0x1d14e8) [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.549] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.550] GetCurrentThreadId () returned 0x1130 [0189.553] free (_Block=0x3d48020) [0189.561] free (_Block=0x31e1df0) [0189.561] free (_Block=0x1d7470) [0189.561] WriteFile (in: hFile=0x33c, lpBuffer=0x7fbc0018*, nNumberOfBytesToWrite=0x123d01, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fbc0018*, lpNumberOfBytesWritten=0x19fbbc*=0x123d01, lpOverlapped=0x0) returned 1 [0189.638] free (_Block=0x31d7e10) [0189.638] free (_Block=0x1d1338) [0189.638] VirtualFree (lpAddress=0x7fbc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.648] VirtualFree (lpAddress=0x7fcf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.657] VirtualFree (lpAddress=0x7fdd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0189.662] CloseHandle (hObject=0x33c) returned 1 [0189.821] CloseHandle (hObject=0x404) returned 1 [0189.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0189.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0189.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0189.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0189.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0189.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0189.821] SetLastError (dwErrCode=0x0) [0189.822] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", lpFilePart=0x19f9f8*="stream.x64.en-us.man.dat") returned 0x6e [0189.822] GetLastError () returned 0x0 [0189.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0189.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0189.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0189.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0189.822] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16")) returned 0x10 [0189.823] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\stream.x64.en-us.man.dat")) returned 1 [0189.832] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x29, wSecond=0x19, wMilliseconds=0x31a)) [0189.833] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0189.833] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0189.833] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0189.833] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0189.833] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0189.833] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0189.833] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0189.833] CloseHandle (hObject=0x404) returned 1 [0189.834] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.en-us.man.dat]omgp:[,v(g$qOk\"}w2vz?Jn(+EYv,Q|QA$GEc=D,+]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0189.834] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.en-us.man.dat]omgp:[,v(g$qOk\"}w2vz?Jn(+EYv,Q|QA$GEc=D,+]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0189.834] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.en-us.man.dat]omgp:[,v(g$qOk\"}w2vz?Jn(+EYv,Q|QA$GEc=D,+]", cchWideChar=73, lpMultiByteStr=0x252c6b0, cbMultiByte=73, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[stream.x64.en-us.man.dat]omgp:[,v(g$qOk\"}w2vz?Jn(+EYv,Q|QA$GEc=D,+]<]", lpUsedDefaultChar=0x0) returned 73 [0189.840] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0189.840] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8=") returned 172 [0189.840] GetCurrentThreadId () returned 0x1130 [0189.840] GetCurrentThreadId () returned 0x1130 [0189.840] GetCurrentThreadId () returned 0x1130 [0189.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0189.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0189.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0189.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0189.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0189.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0189.841] SetLastError (dwErrCode=0x0) [0189.841] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320") returned 0x9f [0189.841] GetLastError () returned 0x0 [0189.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0189.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0189.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0189.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0189.841] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16")) returned 0x10 [0189.841] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].wannacash ncov v310320")) returned 0x20 [0189.841] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [6].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0189.842] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0189.842] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0189.842] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x123d01 [0189.842] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0189.842] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0189.842] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0189.842] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0189.842] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0189.842] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0189.842] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0189.842] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0189.842] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0189.842] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3") returned 197 [0189.842] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0189.842] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3") returned 197 [0189.842] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x123d01 [0189.842] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0189.842] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0189.842] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iesIS1zb300NKeAPddZGux6Z/uYQf7EDuw4n9R6TbLB3XmPl4/fawiE90fa5o6w12mZBHlX3cT5RhADNVOCRy7HuH0lt7IXLeF7HiV+URah6R2i1Yu1CZ3F2YEHDj1+YP4013SmFYQGgPo0nkt4KQ3HhxEP6e5mQFanupN+YwH8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0189.842] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0189.843] CloseHandle (hObject=0x404) returned 1 [0189.929] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0189.929] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0189.929] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0189.929] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0189.929] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0189.929] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0189.929] SetLastError (dwErrCode=0x0) [0189.929] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", lpFilePart=0x19fa34*="stream.x64.en-us.man.dat") returned 0x6e [0189.929] GetLastError () returned 0x0 [0189.930] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0189.930] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0189.930] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=8) returned 1 [0189.930] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat", cchCount2=4) returned 1 [0189.930] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16")) returned 0x10 [0189.931] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\stream.x64.en-us.man.dat")) returned 0 [0189.931] GetLastError () returned 0x2 [0189.931] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\en-us.16\\stream.x64.en-us.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\en-us.16\\stream.x64.en-us.man.dat")) returned 0xffffffff [0189.931] SetLastError (dwErrCode=0x2) [0189.931] GetLastError () returned 0x2 [0189.931] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0189.932] LocalFree (hMem=0x92fe20) returned 0x0 [0189.932] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0189.935] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0189.935] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\masterdescriptor.x-none.xml")) returned 0x20 [0189.937] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=28484327932) returned 1 [0189.939] GetCurrentThreadId () returned 0x1130 [0189.939] GetCurrentThreadId () returned 0x1130 [0189.939] GetCurrentThreadId () returned 0x1130 [0189.939] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="J?.(EO5|oi){-u.bOCi\"Y?/EOq)-c&_Y^s5M2jDm+$@;9Yl", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0189.939] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="J?.(EO5|oi){-u.bOCi\"Y?/EOq)-c&_Y^s5M2jDm+$@;9Yl", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0189.939] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="J?.(EO5|oi){-u.bOCi\"Y?/EOq)-c&_Y^s5M2jDm+$@;9Yl", cchWideChar=47, lpMultiByteStr=0x25337d8, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="J?.(EO5|oi){-u.bOCi\"Y?/EOq)-c&_Y^s5M2jDm+$@;9Yl", lpUsedDefaultChar=0x0) returned 47 [0189.939] GetCurrentThreadId () returned 0x1130 [0189.939] GetCurrentThreadId () returned 0x1130 [0189.939] GetCurrentThreadId () returned 0x1130 [0189.940] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\masterdescriptor.x-none.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0189.940] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x33c [0189.941] GetCurrentThreadId () returned 0x1130 [0189.941] GetCurrentThreadId () returned 0x1130 [0189.941] GetCurrentThreadId () returned 0x1130 [0189.941] GetCurrentThreadId () returned 0x1130 [0189.941] GetCurrentThreadId () returned 0x1130 [0189.941] GetCurrentThreadId () returned 0x1130 [0189.941] GetCurrentThreadId () returned 0x1130 [0189.941] GetCurrentThreadId () returned 0x1130 [0189.942] GetCurrentThreadId () returned 0x1130 [0189.942] GetCurrentThreadId () returned 0x1130 [0189.942] GetCurrentThreadId () returned 0x1130 [0189.942] GetCurrentThreadId () returned 0x1130 [0189.942] GetCurrentThreadId () returned 0x1130 [0189.942] malloc (_Size=0x64) returned 0x1d1338 [0189.942] GetCurrentThreadId () returned 0x1130 [0189.942] GetCurrentThreadId () returned 0x1130 [0189.942] GetCurrentThreadId () returned 0x1130 [0189.942] GetCurrentThreadId () returned 0x1130 [0189.942] GetCurrentThreadId () returned 0x1130 [0189.942] GetCurrentThreadId () returned 0x1130 [0189.942] free (_Block=0x1d1338) [0189.942] malloc (_Size=0x60) returned 0x1d1338 [0189.942] free (_Block=0x1d1338) [0189.942] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0189.943] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5211 [0189.943] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0189.943] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0189.943] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5211 [0189.943] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0189.943] ReadFile (in: hFile=0x404, lpBuffer=0x3a4dc68, nNumberOfBytesToRead=0x5211, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x3a4dc68*, lpNumberOfBytesRead=0x19fbc8*=0x5211, lpOverlapped=0x0) returned 1 [0189.961] malloc (_Size=0x8c) returned 0x1d1338 [0189.961] malloc (_Size=0xfc) returned 0x31d7f18 [0189.961] malloc (_Size=0x40) returned 0x1d14e8 [0189.961] GetCurrentThreadId () returned 0x1130 [0189.961] GetCurrentThreadId () returned 0x1130 [0189.961] GetCurrentThreadId () returned 0x1130 [0189.961] GetCurrentThreadId () returned 0x1130 [0189.961] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] malloc (_Size=0xa5c) returned 0x31e40b0 [0189.962] malloc (_Size=0x40) returned 0x1d7470 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.962] GetCurrentThreadId () returned 0x1130 [0189.963] GetCurrentThreadId () returned 0x1130 [0189.963] GetCurrentThreadId () returned 0x1130 [0189.963] GetCurrentThreadId () returned 0x1130 [0189.963] GetCurrentThreadId () returned 0x1130 [0189.963] GetCurrentThreadId () returned 0x1130 [0189.963] GetCurrentThreadId () returned 0x1130 [0189.963] malloc (_Size=0xc) returned 0x31e1df0 [0189.963] malloc (_Size=0x720) returned 0x31d2860 [0189.963] malloc (_Size=0xe3c) returned 0x1d9aa8 [0189.964] free (_Block=0x31d2860) [0189.965] malloc (_Size=0x15ac) returned 0x1da8f0 [0189.965] free (_Block=0x1d9aa8) [0189.965] malloc (_Size=0x23e4) returned 0x1dbea8 [0189.965] free (_Block=0x1da8f0) [0189.965] malloc (_Size=0x3274) returned 0x3a60048 [0189.965] free (_Block=0x1dbea8) [0189.971] malloc (_Size=0x4820) returned 0x1d9aa8 [0189.972] free (_Block=0x3a60048) [0189.977] malloc (_Size=0x64e4) returned 0x3a60048 [0190.005] free (_Block=0x1d9aa8) [0190.007] malloc (_Size=0x8920) returned 0x3a66538 [0190.009] free (_Block=0x3a60048) [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] GetCurrentThreadId () returned 0x1130 [0190.135] free (_Block=0x31e40b0) [0190.135] free (_Block=0x1d14e8) [0190.135] GetCurrentThreadId () returned 0x1130 [0190.136] GetCurrentThreadId () returned 0x1130 [0190.136] GetCurrentThreadId () returned 0x1130 [0190.136] GetCurrentThreadId () returned 0x1130 [0190.136] GetCurrentThreadId () returned 0x1130 [0190.136] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] GetCurrentThreadId () returned 0x1130 [0190.137] free (_Block=0x3a66538) [0190.141] free (_Block=0x31e1df0) [0190.141] free (_Block=0x1d7470) [0190.141] WriteFile (in: hFile=0x33c, lpBuffer=0x3a581c8*, nNumberOfBytesToWrite=0x6f4f, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x3a581c8*, lpNumberOfBytesWritten=0x19fbbc*=0x6f4f, lpOverlapped=0x0) returned 1 [0190.143] free (_Block=0x31d7f18) [0190.143] free (_Block=0x1d1338) [0190.143] CloseHandle (hObject=0x33c) returned 1 [0190.145] CloseHandle (hObject=0x404) returned 1 [0190.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0190.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0190.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0190.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0190.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0190.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0190.145] SetLastError (dwErrCode=0x0) [0190.145] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", lpFilePart=0x19f9f8*="MasterDescriptor.x-none.xml") returned 0x72 [0190.145] GetLastError () returned 0x0 [0190.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0190.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0190.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0190.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0190.145] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16")) returned 0x10 [0190.146] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\masterdescriptor.x-none.xml")) returned 1 [0190.147] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x29, wSecond=0x1a, wMilliseconds=0x6a)) [0190.147] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0190.147] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0190.148] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0190.148] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0190.148] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0190.148] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0190.148] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0190.148] CloseHandle (hObject=0x404) returned 1 [0190.148] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.x-none.xml]omgp:[J?.(EO5|oi){-u.bOCi\"Y?/EOq)-c&_Y^s5M2jDm+$@;9Yl]", cchWideChar=88, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 88 [0190.148] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.x-none.xml]omgp:[J?.(EO5|oi){-u.bOCi\"Y?/EOq)-c&_Y^s5M2jDm+$@;9Yl]", cchWideChar=88, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 88 [0190.148] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDescriptor.x-none.xml]omgp:[J?.(EO5|oi){-u.bOCi\"Y?/EOq)-c&_Y^s5M2jDm+$@;9Yl]", cchWideChar=88, lpMultiByteStr=0x253b0b0, cbMultiByte=88, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[MasterDescriptor.x-none.xml]omgp:[J?.(EO5|oi){-u.bOCi\"Y?/EOq)-c&_Y^s5M2jDm+$@;9Yl]", lpUsedDefaultChar=0x0) returned 88 [0190.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0190.158] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8=") returned 172 [0190.158] GetCurrentThreadId () returned 0x1130 [0190.158] GetCurrentThreadId () returned 0x1130 [0190.158] GetCurrentThreadId () returned 0x1130 [0190.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0190.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0190.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0190.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0190.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0190.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0190.158] SetLastError (dwErrCode=0x0) [0190.158] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320") returned 0xa0 [0190.158] GetLastError () returned 0x0 [0190.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0190.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0190.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0190.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0190.159] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16")) returned 0x10 [0190.159] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].wannacash ncov v310320")) returned 0x20 [0190.159] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [7].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0190.160] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0190.160] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0190.160] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x6f4f [0190.160] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0190.160] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0190.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0190.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0190.160] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0190.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0190.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0190.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0190.161] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0190.161] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3") returned 197 [0190.161] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0190.161] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3") returned 197 [0190.161] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x6f4f [0190.161] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0190.161] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0190.161] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:JRBy4+AB9N2RpoiBge5fWpGqMrxMU583ODDl6yo2b2wAdrlJqX0aER1R7mk6XCHZJwqNS+keeWep+NfWBCbDljRGSZAql/dUbnENG86jhaeWFOIzLdtqO7Uu78sPC7VQZe28XckolC6e8tl4vlZvv91Y3LJgFqOlDuqTyMCSty8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0190.161] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0190.161] CloseHandle (hObject=0x404) returned 1 [0190.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0190.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0190.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0190.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0190.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0190.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0190.163] SetLastError (dwErrCode=0x0) [0190.163] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", lpFilePart=0x19fa34*="MasterDescriptor.x-none.xml") returned 0x72 [0190.163] GetLastError () returned 0x0 [0190.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0190.164] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0190.164] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=8) returned 1 [0190.164] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml", cchCount2=4) returned 1 [0190.164] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16")) returned 0x10 [0190.164] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\masterdescriptor.x-none.xml")) returned 0 [0190.164] GetLastError () returned 0x2 [0190.164] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\MasterDescriptor.x-none.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\masterdescriptor.x-none.xml")) returned 0xffffffff [0190.164] SetLastError (dwErrCode=0x2) [0190.164] GetLastError () returned 0x2 [0190.164] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0190.164] LocalFree (hMem=0x92fe20) returned 0x0 [0190.164] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0190.165] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0190.165] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\stream.x64.x-none.man.dat")) returned 0x20 [0190.165] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=28507156717) returned 1 [0190.166] GetCurrentThreadId () returned 0x1130 [0190.166] GetCurrentThreadId () returned 0x1130 [0190.166] GetCurrentThreadId () returned 0x1130 [0190.166] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".k,Hy.(8m!lBxJy,HIP(L\"Xd9v|^Mr})pr/\"b6uO", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0190.166] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".k,Hy.(8m!lBxJy,HIP(L\"Xd9v|^Mr})pr/\"b6uO", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0190.166] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".k,Hy.(8m!lBxJy,HIP(L\"Xd9v|^Mr})pr/\"b6uO", cchWideChar=40, lpMultiByteStr=0x2524fd0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".k,Hy.(8m!lBxJy,HIP(L\"Xd9v|^Mr})pr/\"b6uO", lpUsedDefaultChar=0x0) returned 40 [0190.166] GetCurrentThreadId () returned 0x1130 [0190.166] GetCurrentThreadId () returned 0x1130 [0190.166] GetCurrentThreadId () returned 0x1130 [0190.166] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\stream.x64.x-none.man.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0190.166] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x33c [0190.220] GetCurrentThreadId () returned 0x1130 [0190.220] GetCurrentThreadId () returned 0x1130 [0190.220] GetCurrentThreadId () returned 0x1130 [0190.220] GetCurrentThreadId () returned 0x1130 [0190.220] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] malloc (_Size=0x64) returned 0x1d1338 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.221] GetCurrentThreadId () returned 0x1130 [0190.222] free (_Block=0x1d1338) [0190.222] malloc (_Size=0x60) returned 0x1d1338 [0190.222] free (_Block=0x1d1338) [0190.222] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0190.222] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x38480a [0190.222] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0190.222] VirtualAlloc (lpAddress=0x0, dwSize=0x390000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fb20000 [0190.478] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0190.478] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x38480a [0190.478] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0190.478] ReadFile (in: hFile=0x404, lpBuffer=0x7fb20018, nNumberOfBytesToRead=0x38480a, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fb20018*, lpNumberOfBytesRead=0x19fbc8*=0x38480a, lpOverlapped=0x0) returned 1 [0191.288] malloc (_Size=0x8c) returned 0x1d1338 [0191.289] malloc (_Size=0xfc) returned 0x31d7f18 [0191.289] VirtualAlloc (lpAddress=0x0, dwSize=0x390000, flAllocationType=0x101000, flProtect=0x4) returned 0x7f790000 [0191.510] malloc (_Size=0x40) returned 0x1d14e8 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.511] GetCurrentThreadId () returned 0x1130 [0191.516] malloc (_Size=0xa5c) returned 0x31e40b0 [0191.516] malloc (_Size=0x40) returned 0x1d7470 [0191.516] GetCurrentThreadId () returned 0x1130 [0191.516] GetCurrentThreadId () returned 0x1130 [0191.516] GetCurrentThreadId () returned 0x1130 [0191.516] GetCurrentThreadId () returned 0x1130 [0191.516] GetCurrentThreadId () returned 0x1130 [0191.516] GetCurrentThreadId () returned 0x1130 [0191.516] GetCurrentThreadId () returned 0x1130 [0191.516] GetCurrentThreadId () returned 0x1130 [0191.516] GetCurrentThreadId () returned 0x1130 [0191.516] GetCurrentThreadId () returned 0x1130 [0191.516] GetCurrentThreadId () returned 0x1130 [0191.517] GetCurrentThreadId () returned 0x1130 [0191.517] malloc (_Size=0xc) returned 0x31e1e50 [0191.517] malloc (_Size=0x720) returned 0x31d2860 [0191.517] malloc (_Size=0xe3c) returned 0x1d9aa8 [0191.517] free (_Block=0x31d2860) [0191.517] malloc (_Size=0x15ac) returned 0x1da8f0 [0191.518] free (_Block=0x1d9aa8) [0191.518] malloc (_Size=0x23e4) returned 0x1dbea8 [0191.518] free (_Block=0x1da8f0) [0191.518] malloc (_Size=0x3274) returned 0x3a60048 [0191.521] free (_Block=0x1dbea8) [0191.521] malloc (_Size=0x4820) returned 0x1d9aa8 [0191.521] free (_Block=0x3a60048) [0191.523] malloc (_Size=0x64e4) returned 0x3a60048 [0191.578] free (_Block=0x1d9aa8) [0191.580] malloc (_Size=0x8920) returned 0x3a66538 [0191.582] free (_Block=0x3a60048) [0191.584] malloc (_Size=0xbb90) returned 0x3a6ee60 [0191.587] free (_Block=0x3a66538) [0191.589] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0191.592] free (_Block=0x3a6ee60) [0191.594] malloc (_Size=0x1533c) returned 0x3a60048 [0191.596] free (_Block=0x3a7a9f8) [0191.599] malloc (_Size=0x1c704) returned 0x3a75390 [0191.603] free (_Block=0x3a60048) [0191.604] malloc (_Size=0x265c8) returned 0x3a91aa0 [0191.606] free (_Block=0x3a75390) [0191.606] malloc (_Size=0x33758) returned 0x31e4b18 [0191.610] free (_Block=0x3a91aa0) [0191.611] malloc (_Size=0x45104) returned 0x3a60048 [0191.611] free (_Block=0x31e4b18) [0191.611] malloc (_Size=0x5c874) returned 0x31e4b18 [0191.614] free (_Block=0x3a60048) [0191.616] malloc (_Size=0x7bac8) returned 0x3a60048 [0191.616] free (_Block=0x31e4b18) [0191.677] malloc (_Size=0xa5358) returned 0x3c6b020 [0191.688] free (_Block=0x3a60048) [0191.692] malloc (_Size=0xdcbac) returned 0x3d2c020 [0191.707] free (_Block=0x3c6b020) [0191.715] malloc (_Size=0x126be4) returned 0x3e1f020 [0191.808] free (_Block=0x3d2c020) [0191.818] malloc (_Size=0x189274) returned 0x3c65020 [0191.900] free (_Block=0x3e1f020) [0191.916] malloc (_Size=0x20c820) returned 0x3df4020 [0192.226] free (_Block=0x3c65020) [0192.307] malloc (_Size=0x2bba3c) returned 0x4014020 [0192.409] free (_Block=0x3df4020) [0192.433] malloc (_Size=0x3a5058) returned 0x3c66020 [0192.606] free (_Block=0x4014020) [0192.840] malloc (_Size=0x4dc7ac) returned 0x401f020 [0193.385] free (_Block=0x3c66020) [0193.505] VirtualAlloc (lpAddress=0x0, dwSize=0x4d0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7f2c0000 [0194.292] GetCurrentThreadId () returned 0x1130 [0194.292] GetCurrentThreadId () returned 0x1130 [0194.292] GetCurrentThreadId () returned 0x1130 [0194.292] GetCurrentThreadId () returned 0x1130 [0194.292] GetCurrentThreadId () returned 0x1130 [0194.292] GetCurrentThreadId () returned 0x1130 [0194.292] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] free (_Block=0x31e40b0) [0194.293] free (_Block=0x1d14e8) [0194.293] GetCurrentThreadId () returned 0x1130 [0194.293] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.294] GetCurrentThreadId () returned 0x1130 [0194.302] free (_Block=0x401f020) [0194.502] free (_Block=0x31e1e50) [0194.503] free (_Block=0x1d7470) [0194.503] WriteFile (in: hFile=0x33c, lpBuffer=0x7f2c0018*, nNumberOfBytesToWrite=0x4c3704, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7f2c0018*, lpNumberOfBytesWritten=0x19fbbc*=0x4c3704, lpOverlapped=0x0) returned 1 [0195.851] free (_Block=0x31d7f18) [0195.851] free (_Block=0x1d1338) [0195.852] VirtualFree (lpAddress=0x7f2c0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.935] VirtualFree (lpAddress=0x7f790000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.959] VirtualFree (lpAddress=0x7fb20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0196.083] CloseHandle (hObject=0x33c) returned 1 [0197.109] CloseHandle (hObject=0x404) returned 1 [0197.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0197.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0197.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0197.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0197.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0197.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0197.110] SetLastError (dwErrCode=0x0) [0197.110] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", lpFilePart=0x19f9f8*="stream.x64.x-none.man.dat") returned 0x70 [0197.111] GetLastError () returned 0x0 [0197.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0197.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0197.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0197.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0197.111] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16")) returned 0x10 [0197.113] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\stream.x64.x-none.man.dat")) returned 1 [0197.122] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x29, wSecond=0x21, wMilliseconds=0x53)) [0197.122] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0197.123] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0197.123] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0197.123] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0197.123] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0197.123] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0197.123] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0197.124] CloseHandle (hObject=0x404) returned 1 [0197.124] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.x-none.man.dat]omgp:[.k,Hy.(8m!lBxJy,HIP(L\"Xd9v|^Mr})pr/\"b6uO]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0197.124] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.x-none.man.dat]omgp:[.k,Hy.(8m!lBxJy,HIP(L\"Xd9v|^Mr})pr/\"b6uO]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0197.124] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[stream.x64.x-none.man.dat]omgp:[.k,Hy.(8m!lBxJy,HIP(L\"Xd9v|^Mr})pr/\"b6uO]", cchWideChar=79, lpMultiByteStr=0x251e0e8, cbMultiByte=79, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[stream.x64.x-none.man.dat]omgp:[.k,Hy.(8m!lBxJy,HIP(L\"Xd9v|^Mr})pr/\"b6uO]", lpUsedDefaultChar=0x0) returned 79 [0197.138] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0197.138] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo=") returned 172 [0197.138] GetCurrentThreadId () returned 0x1130 [0197.140] GetCurrentThreadId () returned 0x1130 [0197.140] GetCurrentThreadId () returned 0x1130 [0197.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0197.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0197.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0197.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0197.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0197.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0197.140] SetLastError (dwErrCode=0x0) [0197.140] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320") returned 0xa0 [0197.140] GetLastError () returned 0x0 [0197.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0197.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0197.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0197.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0197.141] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16")) returned 0x10 [0197.141] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].wannacash ncov v310320")) returned 0x20 [0197.141] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\Файл зашифрован. Пиши. Почта clubnika@elude.in [8].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0197.141] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0197.141] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0197.141] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x4c3704 [0197.141] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0197.141] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0197.142] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0197.142] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0197.142] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0197.142] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0197.142] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0197.142] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0197.142] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0197.142] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3") returned 197 [0197.142] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0197.143] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3") returned 197 [0197.143] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x4c3704 [0197.143] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0197.143] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0197.143] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BiVza2gEohF5EQyZEXSXogb9Qa9xEqI92Q0f+MUBxIQPlDr5TdSD4iEtFeyjdhf6BM8OZDNmY6woKpvf3N7SkONE3ihJt394RmEgQYOgf6JdhE0BHYYfiVLjo9ZhtMnJO6vurC1xV9wCs5+ereJ5AJNqnoY9QR4RhI3CEJryDBo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0197.143] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0197.143] CloseHandle (hObject=0x404) returned 1 [0197.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0197.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0197.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0197.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0197.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0197.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0197.956] SetLastError (dwErrCode=0x0) [0197.956] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", lpFilePart=0x19fa34*="stream.x64.x-none.man.dat") returned 0x70 [0197.957] GetLastError () returned 0x0 [0197.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0197.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0197.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=8) returned 1 [0197.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat", cchCount2=4) returned 1 [0197.957] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16")) returned 0x10 [0197.957] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\stream.x64.x-none.man.dat")) returned 0 [0197.957] GetLastError () returned 0x2 [0197.957] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\19B11135-37BD-4FA1-A78E-C20CA2BDA1C0\\x-none.16\\stream.x64.x-none.man.dat" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\19b11135-37bd-4fa1-a78e-c20ca2bda1c0\\x-none.16\\stream.x64.x-none.man.dat")) returned 0xffffffff [0197.957] SetLastError (dwErrCode=0x2) [0197.957] GetLastError () returned 0x2 [0197.957] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0197.958] LocalFree (hMem=0x92fe20) returned 0x0 [0197.958] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0197.959] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0197.959] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\201EB7DF-C721-4B8B-9C81-A09DE7F931E6\\en-us.16\\MasterDescriptor.en-us.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\201eb7df-c721-4b8b-9c81-a09de7f931e6\\en-us.16\\masterdescriptor.en-us.xml")) returned 0x20 [0197.960] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=29286653131) returned 1 [0197.960] GetCurrentThreadId () returned 0x1130 [0197.960] GetCurrentThreadId () returned 0x1130 [0197.961] GetCurrentThreadId () returned 0x1130 [0197.961] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="f№|@oTTmPbf-№RLc%5>C{=~uTN7\\V%CI", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0235.639] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="r4Q2№w5#\"E\">TmPbf-№RLc%5>C{=~uTN7\\V%CI", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0235.639] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="r4Q2№w5#\"E\">TmPbf-№RLc%5>C{=~uTN7\\V%CI", cchWideChar=38, lpMultiByteStr=0x2524fd0, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="r4Q2â\x84\x96w5#\"E\">TmPbf-â\x84\x96RLc%5>C{=~uTN7\\V%CI", lpUsedDefaultChar=0x0) returned 42 [0235.639] GetCurrentThreadId () returned 0x1130 [0235.639] GetCurrentThreadId () returned 0x1130 [0235.639] GetCurrentThreadId () returned 0x1130 [0235.639] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}\\microsoft_office_officetelemetryagentlogon2016.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0235.640] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] GetCurrentThreadId () returned 0x1130 [0235.640] malloc (_Size=0x64) returned 0x1d1338 [0235.641] GetCurrentThreadId () returned 0x1130 [0235.641] GetCurrentThreadId () returned 0x1130 [0235.641] GetCurrentThreadId () returned 0x1130 [0235.641] GetCurrentThreadId () returned 0x1130 [0235.641] GetCurrentThreadId () returned 0x1130 [0235.641] GetCurrentThreadId () returned 0x1130 [0235.641] free (_Block=0x1d1338) [0235.641] malloc (_Size=0x60) returned 0x1d1338 [0235.641] free (_Block=0x1d1338) [0235.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xca6 [0235.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xca6 [0235.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.641] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xca6, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xca6, lpOverlapped=0x0) returned 1 [0235.643] malloc (_Size=0x8c) returned 0x1d1338 [0235.643] malloc (_Size=0xfc) returned 0x31d79f0 [0235.643] malloc (_Size=0x40) returned 0x1d14e8 [0235.643] GetCurrentThreadId () returned 0x1130 [0235.643] GetCurrentThreadId () returned 0x1130 [0235.643] GetCurrentThreadId () returned 0x1130 [0235.643] GetCurrentThreadId () returned 0x1130 [0235.643] GetCurrentThreadId () returned 0x1130 [0235.707] GetCurrentThreadId () returned 0x1130 [0235.707] GetCurrentThreadId () returned 0x1130 [0235.707] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] malloc (_Size=0xa5c) returned 0x31e40b0 [0235.708] malloc (_Size=0x40) returned 0x1d7470 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] GetCurrentThreadId () returned 0x1130 [0235.708] malloc (_Size=0xc) returned 0x31e1ca0 [0235.708] malloc (_Size=0x720) returned 0x31d2860 [0235.708] malloc (_Size=0xe3c) returned 0x1d9aa8 [0235.709] free (_Block=0x31d2860) [0235.709] malloc (_Size=0x15ac) returned 0x1da8f0 [0235.709] free (_Block=0x1d9aa8) [0235.709] GetCurrentThreadId () returned 0x1130 [0235.709] GetCurrentThreadId () returned 0x1130 [0235.709] GetCurrentThreadId () returned 0x1130 [0235.709] GetCurrentThreadId () returned 0x1130 [0235.709] GetCurrentThreadId () returned 0x1130 [0235.709] GetCurrentThreadId () returned 0x1130 [0235.709] GetCurrentThreadId () returned 0x1130 [0235.709] GetCurrentThreadId () returned 0x1130 [0235.709] GetCurrentThreadId () returned 0x1130 [0235.709] GetCurrentThreadId () returned 0x1130 [0235.709] GetCurrentThreadId () returned 0x1130 [0235.709] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] free (_Block=0x31e40b0) [0235.710] free (_Block=0x1d14e8) [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] GetCurrentThreadId () returned 0x1130 [0235.710] free (_Block=0x1da8f0) [0235.710] free (_Block=0x31e1ca0) [0235.710] free (_Block=0x1d7470) [0235.710] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x1144, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1144, lpOverlapped=0x0) returned 1 [0235.712] free (_Block=0x31d79f0) [0235.712] free (_Block=0x1d1338) [0235.712] CloseHandle (hObject=0x2b4) returned 1 [0235.712] CloseHandle (hObject=0x404) returned 1 [0235.712] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=8) returned 1 [0235.712] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=4) returned 1 [0235.713] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=8) returned 1 [0235.713] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=4) returned 1 [0235.713] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=8) returned 1 [0235.713] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=4) returned 1 [0235.713] SetLastError (dwErrCode=0x0) [0235.713] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", lpFilePart=0x19f9f8*="Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml") returned 0x81 [0235.713] GetLastError () returned 0x0 [0235.713] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=8) returned 1 [0235.713] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=4) returned 1 [0235.713] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=8) returned 1 [0235.713] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=4) returned 1 [0235.713] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}")) returned 0x10 [0235.713] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}\\microsoft_office_officetelemetryagentlogon2016.xml")) returned 1 [0235.714] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xb, wMilliseconds=0x2a5)) [0235.714] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0235.714] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0235.715] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0235.715] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0235.715] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0235.715] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0235.715] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0235.715] CloseHandle (hObject=0x404) returned 1 [0235.715] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml]omgp:[r4Q2№w5#\"E\">TmPbf-№RLc%5>C{=~uTN7\\V%CI]", cchWideChar=102, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 102 [0235.715] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml]omgp:[r4Q2№w5#\"E\">TmPbf-№RLc%5>C{=~uTN7\\V%CI]", cchWideChar=102, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 102 [0235.715] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml]omgp:[r4Q2№w5#\"E\">TmPbf-№RLc%5>C{=~uTN7\\V%CI]", cchWideChar=102, lpMultiByteStr=0x2494798, cbMultiByte=102, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml]omgp:[r4Q2?w5#\"E\">TmPbf-?RLc%5>C{=~uTN7\\V%CI]", lpUsedDefaultChar=0x0) returned 102 [0235.726] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0235.726] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww=") returned 172 [0235.726] GetCurrentThreadId () returned 0x1130 [0235.726] GetCurrentThreadId () returned 0x1130 [0235.726] GetCurrentThreadId () returned 0x1130 [0235.726] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0235.726] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0235.726] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0235.726] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0235.726] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0235.726] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0235.727] SetLastError (dwErrCode=0x0) [0235.727] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320") returned 0x99 [0235.727] GetLastError () returned 0x0 [0235.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0235.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0235.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0235.727] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0235.727] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}")) returned 0x10 [0235.727] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].wannacash ncov v310320")) returned 0x20 [0235.727] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [68].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0235.728] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0235.728] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0235.728] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1144 [0235.728] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0235.728] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0235.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0235.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0235.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0235.728] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0235.728] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0235.728] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0235.728] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0235.728] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3") returned 197 [0235.728] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0235.728] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3") returned 197 [0235.728] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1144 [0235.729] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0235.729] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0235.729] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:B8CUb1RPjXMjNiHVUeaCkbN4aEoTRSmLys5C8YRaNfdx0HX0wpHCAZk7hqu292CfL/weER5DYNhVQh2X8PJ4waovfttQoASjQNkUiSQy5h6CcfRaONQ9dUWwYiNLcCC2IQ4NE7UHg/Z9imEZ4sNBz2EgazTqeD1cpBJFlNE+dww= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0235.729] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0235.729] CloseHandle (hObject=0x404) returned 1 [0235.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=8) returned 1 [0235.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=4) returned 1 [0235.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=8) returned 1 [0235.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=4) returned 1 [0235.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=8) returned 1 [0235.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=4) returned 1 [0235.730] SetLastError (dwErrCode=0x0) [0235.730] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", lpFilePart=0x19fa34*="Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml") returned 0x81 [0235.730] GetLastError () returned 0x0 [0235.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=8) returned 1 [0235.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=4) returned 1 [0235.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=8) returned 1 [0235.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml", cchCount2=4) returned 1 [0235.730] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}")) returned 0x10 [0235.730] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}\\microsoft_office_officetelemetryagentlogon2016.xml")) returned 0 [0235.730] GetLastError () returned 0x2 [0235.730] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\ClickToRun\\{9AC08E99-230B-47e8-9721-4577B7F124EA}\\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml" (normalized: "c:\\users\\all users\\microsoft\\clicktorun\\{9ac08e99-230b-47e8-9721-4577b7f124ea}\\microsoft_office_officetelemetryagentlogon2016.xml")) returned 0xffffffff [0235.730] SetLastError (dwErrCode=0x2) [0235.730] GetLastError () returned 0x2 [0235.730] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0235.730] LocalFree (hMem=0x92fe20) returned 0x0 [0235.730] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0235.731] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0235.731] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png")) returned 0x20 [0235.736] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33064258610) returned 1 [0235.737] GetCurrentThreadId () returned 0x1130 [0235.737] GetCurrentThreadId () returned 0x1130 [0235.737] GetCurrentThreadId () returned 0x1130 [0235.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="=e8@>c!BMFN~Z*I3E({/yLQ3?Q!l+uzoyMH}-cw73/d?d?7", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0235.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="=e8@>c!BMFN~Z*I3E({/yLQ3?Q!l+uzoyMH}-cw73/d?d?7", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0235.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="=e8@>c!BMFN~Z*I3E({/yLQ3?Q!l+uzoyMH}-cw73/d?d?7", cchWideChar=47, lpMultiByteStr=0x25337d8, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=e8@>c!BMFN~Z*I3E({/yLQ3?Q!l+uzoyMH}-cw73/d?d?7", lpUsedDefaultChar=0x0) returned 47 [0235.737] GetCurrentThreadId () returned 0x1130 [0235.737] GetCurrentThreadId () returned 0x1130 [0235.737] GetCurrentThreadId () returned 0x1130 [0235.737] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0235.737] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [69].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [69].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] GetCurrentThreadId () returned 0x1130 [0235.738] malloc (_Size=0x64) returned 0x1d1338 [0235.739] GetCurrentThreadId () returned 0x1130 [0235.739] GetCurrentThreadId () returned 0x1130 [0235.739] GetCurrentThreadId () returned 0x1130 [0235.739] GetCurrentThreadId () returned 0x1130 [0235.739] GetCurrentThreadId () returned 0x1130 [0235.739] GetCurrentThreadId () returned 0x1130 [0235.739] free (_Block=0x1d1338) [0235.739] malloc (_Size=0x60) returned 0x1d1338 [0235.739] free (_Block=0x1d1338) [0235.739] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.739] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1fad1 [0235.739] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.739] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.739] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1fad1 [0235.739] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.739] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x1fad1, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x1fad1, lpOverlapped=0x0) returned 1 [0235.742] malloc (_Size=0x8c) returned 0x1d1338 [0235.742] malloc (_Size=0xfc) returned 0x31d76d8 [0235.742] malloc (_Size=0x40) returned 0x1d14e8 [0235.742] GetCurrentThreadId () returned 0x1130 [0235.742] GetCurrentThreadId () returned 0x1130 [0235.742] GetCurrentThreadId () returned 0x1130 [0235.742] GetCurrentThreadId () returned 0x1130 [0235.742] GetCurrentThreadId () returned 0x1130 [0235.742] GetCurrentThreadId () returned 0x1130 [0235.742] GetCurrentThreadId () returned 0x1130 [0235.742] GetCurrentThreadId () returned 0x1130 [0235.742] GetCurrentThreadId () returned 0x1130 [0235.742] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] malloc (_Size=0xa5c) returned 0x31e40b0 [0235.743] malloc (_Size=0x40) returned 0x1d7470 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] GetCurrentThreadId () returned 0x1130 [0235.743] malloc (_Size=0xc) returned 0x31e1d18 [0235.743] malloc (_Size=0x720) returned 0x31d2860 [0235.743] malloc (_Size=0xe3c) returned 0x1d9aa8 [0235.743] free (_Block=0x31d2860) [0235.743] malloc (_Size=0x15ac) returned 0x1da8f0 [0235.743] free (_Block=0x1d9aa8) [0235.743] malloc (_Size=0x23e4) returned 0x1dbea8 [0235.743] free (_Block=0x1da8f0) [0235.744] malloc (_Size=0x3274) returned 0x3a60048 [0235.744] free (_Block=0x1dbea8) [0235.744] malloc (_Size=0x4820) returned 0x1d9aa8 [0235.744] free (_Block=0x3a60048) [0235.744] malloc (_Size=0x64e4) returned 0x3a60048 [0235.744] free (_Block=0x1d9aa8) [0235.745] malloc (_Size=0x8920) returned 0x3a66538 [0235.745] free (_Block=0x3a60048) [0235.745] malloc (_Size=0xbb90) returned 0x3a6ee60 [0235.746] free (_Block=0x3a66538) [0235.746] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0235.746] free (_Block=0x3a6ee60) [0235.747] malloc (_Size=0x1533c) returned 0x3a60048 [0235.748] free (_Block=0x3a7a9f8) [0235.748] malloc (_Size=0x1c704) returned 0x3a75390 [0235.748] free (_Block=0x3a60048) [0235.749] malloc (_Size=0x265c8) returned 0x3a91aa0 [0235.750] free (_Block=0x3a75390) [0235.750] malloc (_Size=0x33758) returned 0x31e4b18 [0235.752] free (_Block=0x3a91aa0) [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] free (_Block=0x31e40b0) [0235.754] free (_Block=0x1d14e8) [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.754] GetCurrentThreadId () returned 0x1130 [0235.755] GetCurrentThreadId () returned 0x1130 [0235.755] GetCurrentThreadId () returned 0x1130 [0235.755] GetCurrentThreadId () returned 0x1130 [0235.755] GetCurrentThreadId () returned 0x1130 [0235.755] GetCurrentThreadId () returned 0x1130 [0235.755] GetCurrentThreadId () returned 0x1130 [0235.755] GetCurrentThreadId () returned 0x1130 [0235.755] GetCurrentThreadId () returned 0x1130 [0235.755] free (_Block=0x31e4b18) [0235.755] free (_Block=0x31e1d18) [0235.755] free (_Block=0x1d7470) [0235.755] WriteFile (in: hFile=0x2b4, lpBuffer=0x39f5e08*, nNumberOfBytesToWrite=0x2ae7c, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39f5e08*, lpNumberOfBytesWritten=0x19fbbc*=0x2ae7c, lpOverlapped=0x0) returned 1 [0235.759] free (_Block=0x31d76d8) [0235.759] free (_Block=0x1d1338) [0235.759] CloseHandle (hObject=0x2b4) returned 1 [0235.759] CloseHandle (hObject=0x404) returned 1 [0235.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", cchCount2=8) returned 1 [0235.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", cchCount2=4) returned 1 [0235.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", cchCount2=8) returned 1 [0235.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", cchCount2=4) returned 1 [0235.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", cchCount2=8) returned 1 [0235.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", cchCount2=4) returned 1 [0235.759] SetLastError (dwErrCode=0x0) [0235.759] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", lpFilePart=0x19f9f8*="background.png") returned 0x66 [0235.759] GetLastError () returned 0x0 [0235.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", cchCount2=8) returned 1 [0235.760] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", cchCount2=4) returned 1 [0235.760] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", cchCount2=8) returned 1 [0235.760] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", cchCount2=4) returned 1 [0235.760] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}")) returned 0x10 [0235.760] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png")) returned 0 [0235.760] GetLastError () returned 0x5 [0235.760] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png")) returned 0x20 [0235.760] SetLastError (dwErrCode=0x5) [0235.760] GetLastError () returned 0x5 [0235.760] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ೠ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0235.760] LocalFree (hMem=0x950ce0) returned 0x0 [0235.761] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0235.761] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0235.761] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml")) returned 0x20 [0235.761] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33066759687) returned 1 [0235.762] GetCurrentThreadId () returned 0x1130 [0235.762] GetCurrentThreadId () returned 0x1130 [0235.762] GetCurrentThreadId () returned 0x1130 [0235.762] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"kw^?cxFy&(@U87T+eZ_pw&R1", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0235.762] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"kw^?cxFy&(@U87T+eZ_pw&R1", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0235.762] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"kw^?cxFy&(@U87T+eZ_pw&R1", cchWideChar=25, lpMultiByteStr=0x2508420, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"kw^?cxFy&(@U87T+eZ_pw&R1", lpUsedDefaultChar=0x0) returned 25 [0235.762] GetCurrentThreadId () returned 0x1130 [0235.762] GetCurrentThreadId () returned 0x1130 [0235.762] GetCurrentThreadId () returned 0x1130 [0235.762] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0235.762] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [70].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [70].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] malloc (_Size=0x64) returned 0x1d1338 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] GetCurrentThreadId () returned 0x1130 [0235.763] free (_Block=0x1d1338) [0235.763] malloc (_Size=0x60) returned 0x1d1338 [0235.763] free (_Block=0x1d1338) [0235.763] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.764] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xb61 [0235.764] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.764] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.764] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xb61 [0235.764] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.764] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xb61, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xb61, lpOverlapped=0x0) returned 1 [0235.781] malloc (_Size=0x8c) returned 0x1d1338 [0235.781] malloc (_Size=0xfc) returned 0x31d74c8 [0235.781] malloc (_Size=0x40) returned 0x1d14e8 [0235.781] GetCurrentThreadId () returned 0x1130 [0235.781] GetCurrentThreadId () returned 0x1130 [0235.781] GetCurrentThreadId () returned 0x1130 [0235.781] GetCurrentThreadId () returned 0x1130 [0235.781] GetCurrentThreadId () returned 0x1130 [0235.781] GetCurrentThreadId () returned 0x1130 [0235.781] GetCurrentThreadId () returned 0x1130 [0235.781] GetCurrentThreadId () returned 0x1130 [0235.781] GetCurrentThreadId () returned 0x1130 [0235.781] GetCurrentThreadId () returned 0x1130 [0235.781] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] malloc (_Size=0xa5c) returned 0x1d9aa8 [0235.782] malloc (_Size=0x40) returned 0x1d7470 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.782] GetCurrentThreadId () returned 0x1130 [0235.783] malloc (_Size=0xc) returned 0x31e1dc0 [0235.783] malloc (_Size=0x720) returned 0x31d2860 [0235.783] malloc (_Size=0xe3c) returned 0x1da510 [0235.783] free (_Block=0x31d2860) [0235.783] malloc (_Size=0x14a8) returned 0x1db358 [0235.783] free (_Block=0x1da510) [0235.783] GetCurrentThreadId () returned 0x1130 [0235.783] GetCurrentThreadId () returned 0x1130 [0235.783] GetCurrentThreadId () returned 0x1130 [0235.783] GetCurrentThreadId () returned 0x1130 [0235.783] GetCurrentThreadId () returned 0x1130 [0235.783] GetCurrentThreadId () returned 0x1130 [0235.783] GetCurrentThreadId () returned 0x1130 [0235.783] GetCurrentThreadId () returned 0x1130 [0235.783] GetCurrentThreadId () returned 0x1130 [0235.783] GetCurrentThreadId () returned 0x1130 [0235.783] GetCurrentThreadId () returned 0x1130 [0235.784] GetCurrentThreadId () returned 0x1130 [0235.784] GetCurrentThreadId () returned 0x1130 [0235.784] GetCurrentThreadId () returned 0x1130 [0235.784] GetCurrentThreadId () returned 0x1130 [0235.784] GetCurrentThreadId () returned 0x1130 [0235.784] GetCurrentThreadId () returned 0x1130 [0235.784] GetCurrentThreadId () returned 0x1130 [0235.784] free (_Block=0x1d9aa8) [0235.784] free (_Block=0x1d14e8) [0235.784] GetCurrentThreadId () returned 0x1130 [0235.784] GetCurrentThreadId () returned 0x1130 [0235.784] GetCurrentThreadId () returned 0x1130 [0235.784] GetCurrentThreadId () returned 0x1130 [0235.785] GetCurrentThreadId () returned 0x1130 [0235.785] GetCurrentThreadId () returned 0x1130 [0235.785] GetCurrentThreadId () returned 0x1130 [0235.785] GetCurrentThreadId () returned 0x1130 [0235.785] GetCurrentThreadId () returned 0x1130 [0235.785] GetCurrentThreadId () returned 0x1130 [0235.785] GetCurrentThreadId () returned 0x1130 [0235.785] GetCurrentThreadId () returned 0x1130 [0235.785] GetCurrentThreadId () returned 0x1130 [0235.785] GetCurrentThreadId () returned 0x1130 [0235.785] GetCurrentThreadId () returned 0x1130 [0235.787] GetCurrentThreadId () returned 0x1130 [0235.787] GetCurrentThreadId () returned 0x1130 [0235.787] GetCurrentThreadId () returned 0x1130 [0235.787] free (_Block=0x1db358) [0235.789] free (_Block=0x31e1dc0) [0235.789] free (_Block=0x1d7470) [0235.789] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b73d8*, nNumberOfBytesToWrite=0xf96, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b73d8*, lpNumberOfBytesWritten=0x19fbbc*=0xf96, lpOverlapped=0x0) returned 1 [0235.790] free (_Block=0x31d74c8) [0235.790] free (_Block=0x1d1338) [0235.790] CloseHandle (hObject=0x2b4) returned 1 [0235.791] CloseHandle (hObject=0x404) returned 1 [0235.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", cchCount2=8) returned 1 [0235.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", cchCount2=4) returned 1 [0235.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", cchCount2=8) returned 1 [0235.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", cchCount2=4) returned 1 [0235.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", cchCount2=8) returned 1 [0235.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", cchCount2=4) returned 1 [0235.791] SetLastError (dwErrCode=0x0) [0235.791] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", lpFilePart=0x19f9f8*="behavior.xml") returned 0x64 [0235.791] GetLastError () returned 0x0 [0235.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", cchCount2=8) returned 1 [0235.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", cchCount2=4) returned 1 [0235.792] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", cchCount2=8) returned 1 [0235.792] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml", cchCount2=4) returned 1 [0235.792] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}")) returned 0x10 [0235.792] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml")) returned 0 [0235.792] GetLastError () returned 0x5 [0235.792] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\behavior.xml")) returned 0x20 [0235.792] SetLastError (dwErrCode=0x5) [0235.792] GetLastError () returned 0x5 [0235.792] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="๠\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0235.792] LocalFree (hMem=0x950e60) returned 0x0 [0235.793] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0235.793] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0235.793] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png")) returned 0x20 [0235.805] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33071114412) returned 1 [0235.805] GetCurrentThreadId () returned 0x1130 [0235.805] GetCurrentThreadId () returned 0x1130 [0235.805] GetCurrentThreadId () returned 0x1130 [0235.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="w1Eu№jt8KrL\\sbuvb.l;.aJa\"uJhz9d?`s8}OAIa!HDUHR;", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0235.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="w1Eu№jt8KrL\\sbuvb.l;.aJa\"uJhz9d?`s8}OAIa!HDUHR;", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0235.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="w1Eu№jt8KrL\\sbuvb.l;.aJa\"uJhz9d?`s8}OAIa!HDUHR;", cchWideChar=47, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="w1Euâ\x84\x96jt8KrL\\sbuvb.l;.aJa\"uJhz9d?`s8}OAIa!HDUHR;", lpUsedDefaultChar=0x0) returned 49 [0235.805] GetCurrentThreadId () returned 0x1130 [0235.805] GetCurrentThreadId () returned 0x1130 [0235.805] GetCurrentThreadId () returned 0x1130 [0235.805] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0235.806] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [71].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [71].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.811] GetCurrentThreadId () returned 0x1130 [0235.812] malloc (_Size=0x64) returned 0x1d1338 [0235.812] GetCurrentThreadId () returned 0x1130 [0235.812] GetCurrentThreadId () returned 0x1130 [0235.812] GetCurrentThreadId () returned 0x1130 [0235.812] GetCurrentThreadId () returned 0x1130 [0235.812] GetCurrentThreadId () returned 0x1130 [0235.812] GetCurrentThreadId () returned 0x1130 [0235.812] free (_Block=0x1d1338) [0235.812] malloc (_Size=0x60) returned 0x1d1338 [0235.812] free (_Block=0x1d1338) [0235.812] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.812] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xadc8 [0235.812] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.812] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.812] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xadc8 [0235.812] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0235.812] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0xadc8, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0xadc8, lpOverlapped=0x0) returned 1 [0235.818] malloc (_Size=0x8c) returned 0x1d1338 [0235.818] malloc (_Size=0xfc) returned 0x31d72b8 [0235.818] malloc (_Size=0x40) returned 0x1d14e8 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] GetCurrentThreadId () returned 0x1130 [0235.818] malloc (_Size=0xa5c) returned 0x1d9aa8 [0235.819] malloc (_Size=0x40) returned 0x1d7470 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.819] GetCurrentThreadId () returned 0x1130 [0235.820] malloc (_Size=0xc) returned 0x31e1dc0 [0235.820] malloc (_Size=0x720) returned 0x31d2860 [0235.820] malloc (_Size=0xe3c) returned 0x1da510 [0235.820] free (_Block=0x31d2860) [0235.820] malloc (_Size=0x15ac) returned 0x1db358 [0235.820] free (_Block=0x1da510) [0235.820] malloc (_Size=0x23e4) returned 0x1dc910 [0235.820] free (_Block=0x1db358) [0235.820] malloc (_Size=0x3274) returned 0x31e40b0 [0235.821] free (_Block=0x1dc910) [0235.821] malloc (_Size=0x4820) returned 0x1da510 [0235.821] free (_Block=0x31e40b0) [0235.821] malloc (_Size=0x64e4) returned 0x31e40b0 [0235.821] free (_Block=0x1da510) [0235.822] malloc (_Size=0x8920) returned 0x31ea5a0 [0235.822] free (_Block=0x31e40b0) [0235.823] malloc (_Size=0xbb90) returned 0x31f2ec8 [0235.824] free (_Block=0x31ea5a0) [0235.825] malloc (_Size=0xfc90) returned 0x31fea60 [0235.825] free (_Block=0x31f2ec8) [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] GetCurrentThreadId () returned 0x1130 [0235.826] free (_Block=0x1d9aa8) [0235.827] free (_Block=0x1d14e8) [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.827] GetCurrentThreadId () returned 0x1130 [0235.828] free (_Block=0x31fea60) [0235.828] free (_Block=0x31e1dc0) [0235.828] free (_Block=0x1d7470) [0235.828] WriteFile (in: hFile=0x2b4, lpBuffer=0x39cc408*, nNumberOfBytesToWrite=0xeb78, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39cc408*, lpNumberOfBytesWritten=0x19fbbc*=0xeb78, lpOverlapped=0x0) returned 1 [0235.830] free (_Block=0x31d72b8) [0235.830] free (_Block=0x1d1338) [0235.830] CloseHandle (hObject=0x2b4) returned 1 [0235.831] CloseHandle (hObject=0x404) returned 1 [0235.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", cchCount2=8) returned 1 [0235.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", cchCount2=4) returned 1 [0235.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", cchCount2=8) returned 1 [0235.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", cchCount2=4) returned 1 [0235.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", cchCount2=8) returned 1 [0235.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", cchCount2=4) returned 1 [0235.831] SetLastError (dwErrCode=0x0) [0235.831] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", lpFilePart=0x19f9f8*="device.png") returned 0x62 [0235.831] GetLastError () returned 0x0 [0235.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", cchCount2=8) returned 1 [0235.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", cchCount2=4) returned 1 [0235.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", cchCount2=8) returned 1 [0235.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png", cchCount2=4) returned 1 [0235.832] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}")) returned 0x10 [0235.832] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png")) returned 0 [0235.832] GetLastError () returned 0x5 [0235.832] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\device.png")) returned 0x20 [0235.832] SetLastError (dwErrCode=0x5) [0235.832] GetLastError () returned 0x5 [0235.832] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="௰\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0235.832] LocalFree (hMem=0x950bf0) returned 0x0 [0235.833] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0235.833] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0235.834] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png")) returned 0x20 [0235.838] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33074402182) returned 1 [0235.838] GetCurrentThreadId () returned 0x1130 [0235.838] GetCurrentThreadId () returned 0x1130 [0235.838] GetCurrentThreadId () returned 0x1130 [0235.838] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="N\"oEAcfVxf\"O|e3U+.lHOFOm5j?74zRqP№uzu", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0236.263] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yh9GB\\SN~k8kB9^/Z.iEN\"X\"UBpxA>P№uzu", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0236.263] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Yh9GB\\SN~k8kB9^/Z.iEN\"X\"UBpxA>P№uzu", cchWideChar=35, lpMultiByteStr=0x2525040, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Yh9GB\\SN~k8kB9^/Z.iEN\"X\"UBpxA>Pâ\x84\x96uzudJ-6Mh\"©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 37 [0236.263] GetCurrentThreadId () returned 0x1130 [0236.263] GetCurrentThreadId () returned 0x1130 [0236.263] GetCurrentThreadId () returned 0x1130 [0236.263] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0236.263] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", nBufferLength=0x104, lpBuffer=0x19f9d0, lpFilePart=0x19f9cc | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", lpFilePart=0x19f9cc*="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml") returned 0x60 [0236.263] GetLastError () returned 0x5 [0236.263] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbe0, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰨ\x19恜Kﰸ\x19您Kﰨ\x19ﲸ\x19㬨ɏ⠁Ɇ") returned 0x13 [0236.263] LocalFree (hMem=0x9509e0) returned 0x0 [0236.263] LoadStringW (in: hInstance=0x400000, uID=0xff8f, lpBuffer=0x19db9c, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0236.263] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbd0) [0236.264] RtlUnwind (TargetFrame=0x19fc38, TargetIp=0x4099d0, ExceptionRecord=0x19eff0, ReturnValue=0x0) [0236.264] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19eff0, ReturnValue=0x0) [0236.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=8) returned 1 [0236.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=4) returned 1 [0236.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=8) returned 1 [0236.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=4) returned 1 [0236.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=8) returned 1 [0236.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=4) returned 1 [0236.264] SetLastError (dwErrCode=0x0) [0236.264] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", nBufferLength=0x104, lpBuffer=0x19e46c, lpFilePart=0x19e468 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", lpFilePart=0x19e468*="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml") returned 0x60 [0236.264] GetLastError () returned 0x0 [0236.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=8) returned 1 [0236.265] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=4) returned 1 [0236.265] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=8) returned 1 [0236.265] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml", cchCount2=4) returned 1 [0236.265] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding")) returned 0x14 [0236.301] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_show.xml")) returned 1 [0236.302] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml")) returned 0x20 [0236.302] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33120859503) returned 1 [0236.303] GetCurrentThreadId () returned 0x1130 [0236.303] GetCurrentThreadId () returned 0x1130 [0236.303] GetCurrentThreadId () returned 0x1130 [0236.303] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="u|H-@c{P3I^$o*uUG2/`^(g.8:{n#L1nw8V\"|^Dl", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0236.303] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="u|H-@c{P3I^$o*uUG2/`^(g.8:{n#L1nw8V\"|^Dl", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0236.303] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="u|H-@c{P3I^$o*uUG2/`^(g.8:{n#L1nw8V\"|^Dl", cchWideChar=40, lpMultiByteStr=0x2525040, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="u|H-@c{P3I^$o*uUG2/`^(g.8:{n#L1nw8V\"|^Dl6Mh\"©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 40 [0236.303] GetCurrentThreadId () returned 0x1130 [0236.303] GetCurrentThreadId () returned 0x1130 [0236.303] GetCurrentThreadId () returned 0x1130 [0236.303] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0236.303] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", nBufferLength=0x104, lpBuffer=0x19f9d0, lpFilePart=0x19f9cc | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", lpFilePart=0x19f9cc*="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml") returned 0x64 [0236.303] GetLastError () returned 0x5 [0236.303] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbe0, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95ﰨ\x19恜Kﰸ\x19您Kﰨ\x19ﲸ\x19㬨ɏ⤁Ɇ") returned 0x13 [0236.303] LocalFree (hMem=0x950b30) returned 0x0 [0236.303] LoadStringW (in: hInstance=0x400000, uID=0xff8f, lpBuffer=0x19db9c, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0236.303] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbd0) [0236.304] RtlUnwind (TargetFrame=0x19fc38, TargetIp=0x4099d0, ExceptionRecord=0x19eff0, ReturnValue=0x0) [0236.304] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19eff0, ReturnValue=0x0) [0236.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=8) returned 1 [0236.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=4) returned 1 [0236.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=8) returned 1 [0236.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=4) returned 1 [0236.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=8) returned 1 [0236.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=4) returned 1 [0236.304] SetLastError (dwErrCode=0x0) [0236.304] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", nBufferLength=0x104, lpBuffer=0x19e46c, lpFilePart=0x19e468 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", lpFilePart=0x19e468*="e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml") returned 0x64 [0236.304] GetLastError () returned 0x0 [0236.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=8) returned 1 [0236.305] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=4) returned 1 [0236.305] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=8) returned 1 [0236.305] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml", cchCount2=4) returned 1 [0236.305] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding")) returned 0x14 [0236.305] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding\\e80c855c-d75c-47b1-9ae4-f07f8c6c613d_withdraw.xml")) returned 1 [0236.306] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml")) returned 0x20 [0236.306] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33121190661) returned 1 [0236.306] GetCurrentThreadId () returned 0x1130 [0236.306] GetCurrentThreadId () returned 0x1130 [0236.306] GetCurrentThreadId () returned 0x1130 [0236.306] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="y(#/*z:№nS31SH=1)55okx?!K№%7\\nAi1Xu9^>Jl\\*d3*I`ab", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0236.306] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="y(#/*z:№nS31SH=1)55okx?!K№%7\\nAi1Xu9^>Jl\\*d3*I`ab", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0236.306] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="y(#/*z:№nS31SH=1)55okx?!K№%7\\nAi1Xu9^>Jl\\*d3*I`ab", cchWideChar=49, lpMultiByteStr=0x25169f8, cbMultiByte=53, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="y(#/*z:â\x84\x96nS31SH=1)55okx?!Kâ\x84\x96%7\\nAi1Xu9^>Jl\\*d3*I`ab", lpUsedDefaultChar=0x0) returned 53 [0236.306] GetCurrentThreadId () returned 0x1130 [0236.306] GetCurrentThreadId () returned 0x1130 [0236.306] GetCurrentThreadId () returned 0x1130 [0236.306] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0236.306] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", nBufferLength=0x104, lpBuffer=0x19f9d0, lpFilePart=0x19f9cc | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", lpFilePart=0x19f9cc*="e9d21752-8fc9-4793-b42e-33105b078a51_show.xml") returned 0x60 [0236.306] GetLastError () returned 0x5 [0236.306] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbe0, nSize=0x0, Arguments=0x0 | out: lpBuffer="฀\x95ﰨ\x19恜Kﰸ\x19您Kﰨ\x19ﲸ\x19㭘ɏ⨁Ɇ") returned 0x13 [0236.306] LocalFree (hMem=0x950e00) returned 0x0 [0236.306] LoadStringW (in: hInstance=0x400000, uID=0xff8f, lpBuffer=0x19db9c, cchBufferMax=4096 | out: lpBuffer="Cannot open file \"%s\". %s") returned 0x19 [0236.307] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbd0) [0236.307] RtlUnwind (TargetFrame=0x19fc38, TargetIp=0x4099d0, ExceptionRecord=0x19eff0, ReturnValue=0x0) [0236.307] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19eff0, ReturnValue=0x0) [0236.307] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=8) returned 1 [0236.307] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=4) returned 1 [0236.307] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=8) returned 1 [0236.307] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=4) returned 1 [0236.307] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=8) returned 1 [0236.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=4) returned 1 [0236.308] SetLastError (dwErrCode=0x0) [0236.308] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", nBufferLength=0x104, lpBuffer=0x19e46c, lpFilePart=0x19e468 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", lpFilePart=0x19e468*="e9d21752-8fc9-4793-b42e-33105b078a51_show.xml") returned 0x60 [0236.308] GetLastError () returned 0x0 [0236.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=8) returned 1 [0236.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=4) returned 1 [0236.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=8) returned 1 [0236.308] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml", cchCount2=4) returned 1 [0236.308] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding")) returned 0x14 [0236.308] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding\\e9d21752-8fc9-4793-b42e-33105b078a51_show.xml")) returned 1 [0236.309] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Diagnosis\\SoftLanding\\e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml" (normalized: "c:\\users\\all users\\microsoft\\diagnosis\\softlanding\\e9d21752-8fc9-4793-b42e-33105b078a51_withdraw.xml")) returned 0x20 [0236.439] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33134526132) returned 1 [0236.439] GetCurrentThreadId () returned 0x1130 [0236.439] GetCurrentThreadId () returned 0x1130 [0236.439] GetCurrentThreadId () returned 0x1130 [0236.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="eC%Xh8jutYMfcxiu5iE8BpmKO,g}V:,&^ld)/C&UvTU~=3", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0237.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№x{R\"2>mKO,g}V:,&^ld)/C&UvTU~=3", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0237.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№x{R\"2>mKO,g}V:,&^ld)/C&UvTU~=3", cchWideChar=31, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="â\x84\x96x{R\"2>mKO,g}V:,&^ld)/C&UvTU~=3", lpUsedDefaultChar=0x0) returned 33 [0237.069] GetCurrentThreadId () returned 0x1130 [0237.069] GetCurrentThreadId () returned 0x1130 [0237.069] GetCurrentThreadId () returned 0x1130 [0237.069] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.070] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] malloc (_Size=0x64) returned 0x1d1338 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.072] GetCurrentThreadId () returned 0x1130 [0237.073] GetCurrentThreadId () returned 0x1130 [0237.073] GetCurrentThreadId () returned 0x1130 [0237.073] GetCurrentThreadId () returned 0x1130 [0237.073] free (_Block=0x1d1338) [0237.073] malloc (_Size=0x60) returned 0x1d1338 [0237.073] free (_Block=0x1d1338) [0237.073] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.073] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x59f [0237.073] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.073] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.073] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x59f [0237.073] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.073] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x59f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x59f, lpOverlapped=0x0) returned 1 [0237.086] malloc (_Size=0x8c) returned 0x1d1338 [0237.086] malloc (_Size=0xfc) returned 0x31d71b0 [0237.086] malloc (_Size=0x40) returned 0x1d14e8 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.086] GetCurrentThreadId () returned 0x1130 [0237.087] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.087] malloc (_Size=0x40) returned 0x1d7470 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] malloc (_Size=0xc) returned 0x31e1ec8 [0237.087] malloc (_Size=0x720) returned 0x31d2860 [0237.087] malloc (_Size=0xa2c) returned 0x1da510 [0237.087] free (_Block=0x31d2860) [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.087] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] free (_Block=0x1d9aa8) [0237.088] free (_Block=0x1d14e8) [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.088] GetCurrentThreadId () returned 0x1130 [0237.089] GetCurrentThreadId () returned 0x1130 [0237.089] GetCurrentThreadId () returned 0x1130 [0237.089] GetCurrentThreadId () returned 0x1130 [0237.089] GetCurrentThreadId () returned 0x1130 [0237.089] GetCurrentThreadId () returned 0x1130 [0237.089] GetCurrentThreadId () returned 0x1130 [0237.089] free (_Block=0x1da510) [0237.089] free (_Block=0x31e1ec8) [0237.089] free (_Block=0x1d7470) [0237.089] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c64f8*, nNumberOfBytesToWrite=0x7b7, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c64f8*, lpNumberOfBytesWritten=0x19fbbc*=0x7b7, lpOverlapped=0x0) returned 1 [0237.090] free (_Block=0x31d71b0) [0237.090] free (_Block=0x1d1338) [0237.090] CloseHandle (hObject=0x2b4) returned 1 [0237.091] CloseHandle (hObject=0x404) returned 1 [0237.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=8) returned 1 [0237.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=4) returned 1 [0237.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=8) returned 1 [0237.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=4) returned 1 [0237.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=8) returned 1 [0237.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=4) returned 1 [0237.091] SetLastError (dwErrCode=0x0) [0237.091] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", lpFilePart=0x19f9f8*="customizations.xml") returned 0x63 [0237.091] GetLastError () returned 0x0 [0237.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=8) returned 1 [0237.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=4) returned 1 [0237.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=8) returned 1 [0237.091] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=4) returned 1 [0237.091] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}")) returned 0x10 [0237.092] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml")) returned 1 [0237.093] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x32)) [0237.093] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.093] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.093] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.093] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.093] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.094] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.094] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.094] CloseHandle (hObject=0x404) returned 1 [0237.094] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[№x{R\"2>mKO,g}V:,&^ld)/C&UvTU~=3]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0237.094] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[№x{R\"2>mKO,g}V:,&^ld)/C&UvTU~=3]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0237.094] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[№x{R\"2>mKO,g}V:,&^ld)/C&UvTU~=3]", cchWideChar=63, lpMultiByteStr=0x2541d78, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[customizations.xml]omgp:[?x{R\"2>mKO,g}V:,&^ld)/C&UvTU~=3]", lpUsedDefaultChar=0x0) returned 63 [0237.103] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.103] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc=") returned 172 [0237.104] GetCurrentThreadId () returned 0x1130 [0237.104] GetCurrentThreadId () returned 0x1130 [0237.104] GetCurrentThreadId () returned 0x1130 [0237.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.104] SetLastError (dwErrCode=0x0) [0237.104] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320") returned 0x9c [0237.104] GetLastError () returned 0x0 [0237.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.104] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}")) returned 0x10 [0237.104] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].wannacash ncov v310320")) returned 0x20 [0237.105] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [116].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.105] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.105] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.105] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x7b7 [0237.105] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.105] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.105] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.105] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.105] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.105] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.105] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3") returned 197 [0237.105] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.106] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3") returned 197 [0237.106] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x7b7 [0237.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:o2bzi8tRRvNBCkS6ttnGs6ZKVCjqplAYtlbC2Bh68PTMWVPScx4+r73W/rULNVHra2kVuuZGaMYq8Vh64Kwu41Xknx4piy7XZQOBUOHHk7J2avJ5FAQ/OJnlFqbv68D8IOOqWJSKFXkBmQHw4iwfUWPSoGoZ56JbdxQgtbYiFWc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.106] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.106] CloseHandle (hObject=0x404) returned 1 [0237.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=8) returned 1 [0237.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=4) returned 1 [0237.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=8) returned 1 [0237.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=4) returned 1 [0237.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=8) returned 1 [0237.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=4) returned 1 [0237.106] SetLastError (dwErrCode=0x0) [0237.106] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", lpFilePart=0x19fa34*="customizations.xml") returned 0x63 [0237.106] GetLastError () returned 0x0 [0237.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=8) returned 1 [0237.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=4) returned 1 [0237.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=8) returned 1 [0237.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml", cchCount2=4) returned 1 [0237.107] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}")) returned 0x10 [0237.107] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml")) returned 0 [0237.107] GetLastError () returned 0x2 [0237.107] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\customizations.xml")) returned 0xffffffff [0237.107] SetLastError (dwErrCode=0x2) [0237.107] GetLastError () returned 0x2 [0237.107] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.107] LocalFree (hMem=0x92fe20) returned 0x0 [0237.107] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.108] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.108] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\masterdatastore.xml")) returned 0x20 [0237.108] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33201436401) returned 1 [0237.108] GetCurrentThreadId () returned 0x1130 [0237.108] GetCurrentThreadId () returned 0x1130 [0237.108] GetCurrentThreadId () returned 0x1130 [0237.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="c5q1qbgf?a}(C4JNK>>~PqM+a4!aZb(c@$L79W1", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0237.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="c5q1qbgf?a}(C4JNK>>~PqM+a4!aZb(c@$L79W1", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0237.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="c5q1qbgf?a}(C4JNK>>~PqM+a4!aZb(c@$L79W1", cchWideChar=39, lpMultiByteStr=0x2525040, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c5q1qbgf?a}(C4JNK>>~PqM+a4!aZb(c@$L79W1", lpUsedDefaultChar=0x0) returned 39 [0237.108] GetCurrentThreadId () returned 0x1130 [0237.108] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\masterdatastore.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.109] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] GetCurrentThreadId () returned 0x1130 [0237.109] malloc (_Size=0x64) returned 0x1d1338 [0237.110] GetCurrentThreadId () returned 0x1130 [0237.110] GetCurrentThreadId () returned 0x1130 [0237.110] GetCurrentThreadId () returned 0x1130 [0237.110] GetCurrentThreadId () returned 0x1130 [0237.110] GetCurrentThreadId () returned 0x1130 [0237.110] GetCurrentThreadId () returned 0x1130 [0237.110] free (_Block=0x1d1338) [0237.110] malloc (_Size=0x60) returned 0x1d1338 [0237.110] free (_Block=0x1d1338) [0237.110] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.110] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0237.110] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.110] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.110] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0237.111] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.111] ReadFile (in: hFile=0x404, lpBuffer=0x247e808, nNumberOfBytesToRead=0x10f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x247e808*, lpNumberOfBytesRead=0x19fbc8*=0x10f, lpOverlapped=0x0) returned 1 [0237.112] malloc (_Size=0x8c) returned 0x1d1338 [0237.112] malloc (_Size=0xfc) returned 0x31d7c00 [0237.112] malloc (_Size=0x40) returned 0x1d14e8 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.112] malloc (_Size=0x40) returned 0x1d7470 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.112] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] malloc (_Size=0xc) returned 0x31e1d18 [0237.113] malloc (_Size=0x20c) returned 0x31d2860 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] free (_Block=0x1d9aa8) [0237.113] free (_Block=0x1d14e8) [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.113] GetCurrentThreadId () returned 0x1130 [0237.114] GetCurrentThreadId () returned 0x1130 [0237.114] GetCurrentThreadId () returned 0x1130 [0237.114] GetCurrentThreadId () returned 0x1130 [0237.114] GetCurrentThreadId () returned 0x1130 [0237.114] GetCurrentThreadId () returned 0x1130 [0237.114] GetCurrentThreadId () returned 0x1130 [0237.114] GetCurrentThreadId () returned 0x1130 [0237.114] GetCurrentThreadId () returned 0x1130 [0237.114] GetCurrentThreadId () returned 0x1130 [0237.114] GetCurrentThreadId () returned 0x1130 [0237.114] free (_Block=0x31d2860) [0237.114] free (_Block=0x31e1d18) [0237.114] free (_Block=0x1d7470) [0237.114] WriteFile (in: hFile=0x2b4, lpBuffer=0x2455ed8*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2455ed8*, lpNumberOfBytesWritten=0x19fbbc*=0x186, lpOverlapped=0x0) returned 1 [0237.115] free (_Block=0x31d7c00) [0237.115] free (_Block=0x1d1338) [0237.115] CloseHandle (hObject=0x2b4) returned 1 [0237.116] CloseHandle (hObject=0x404) returned 1 [0237.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.116] SetLastError (dwErrCode=0x0) [0237.116] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", lpFilePart=0x19f9f8*="MasterDatastore.xml") returned 0x64 [0237.116] GetLastError () returned 0x0 [0237.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.116] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}")) returned 0x10 [0237.117] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\masterdatastore.xml")) returned 1 [0237.118] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x51)) [0237.118] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.118] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.118] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.118] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.118] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.119] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.119] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.119] CloseHandle (hObject=0x404) returned 1 [0237.119] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[c5q1qbgf?a}(C4JNK>>~PqM+a4!aZb(c@$L79W1]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0237.119] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[c5q1qbgf?a}(C4JNK>>~PqM+a4!aZb(c@$L79W1]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0237.119] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[c5q1qbgf?a}(C4JNK>>~PqM+a4!aZb(c@$L79W1]", cchWideChar=72, lpMultiByteStr=0x252c6b0, cbMultiByte=72, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[MasterDatastore.xml]omgp:[c5q1qbgf?a}(C4JNK>>~PqM+a4!aZb(c@$L79W1]", lpUsedDefaultChar=0x0) returned 72 [0237.134] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.134] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY=") returned 172 [0237.134] GetCurrentThreadId () returned 0x1130 [0237.134] GetCurrentThreadId () returned 0x1130 [0237.134] GetCurrentThreadId () returned 0x1130 [0237.134] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.134] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.135] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.135] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.135] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.135] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.135] SetLastError (dwErrCode=0x0) [0237.135] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320") returned 0x9c [0237.135] GetLastError () returned 0x0 [0237.135] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.135] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.135] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.135] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.135] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}")) returned 0x10 [0237.135] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].wannacash ncov v310320")) returned 0x20 [0237.136] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [117].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.136] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.136] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.136] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x186 [0237.137] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.137] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.137] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.137] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.137] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.137] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.137] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.137] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.137] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.137] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3") returned 197 [0237.137] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.137] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3") returned 197 [0237.137] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x186 [0237.137] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.137] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.137] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ZYo0/I2FTRHxqZxl3/3JHZ0jU55gFJZAqtpH7/vns/vRH9qkGzMUWLxrJmDhXn2Ihu84+OnTzJLtLey6BWUcv76WYoigDMa82P5rDkXpGsV2x9bIjt45bJSsTbte8XtsT8g5axvaSiIX8ZyzTUs/HM101fybp7acLC18j3DUPgY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.137] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.140] CloseHandle (hObject=0x404) returned 1 [0237.141] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.141] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.141] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.141] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.141] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.141] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.141] SetLastError (dwErrCode=0x0) [0237.141] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", lpFilePart=0x19fa34*="MasterDatastore.xml") returned 0x64 [0237.141] GetLastError () returned 0x0 [0237.141] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.141] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.141] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.141] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.141] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}")) returned 0x10 [0237.142] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\masterdatastore.xml")) returned 0 [0237.142] GetLastError () returned 0x2 [0237.142] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\masterdatastore.xml")) returned 0xffffffff [0237.142] SetLastError (dwErrCode=0x2) [0237.142] GetLastError () returned 0x2 [0237.142] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.142] LocalFree (hMem=0x92fe20) returned 0x0 [0237.142] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.143] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.143] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\prov\\runtime.xml")) returned 0x20 [0237.143] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33204932758) returned 1 [0237.143] GetCurrentThreadId () returned 0x1130 [0237.143] GetCurrentThreadId () returned 0x1130 [0237.143] GetCurrentThreadId () returned 0x1130 [0237.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="M9=Hd,w:kWFcpb7J?F-Y=Vmxh#f4t4", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0237.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="M9=Hd,w:kWFcpb7J?F-Y=Vmxh#f4t4", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0237.143] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="M9=Hd,w:kWFcpb7J?F-Y=Vmxh#f4t4", cchWideChar=30, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="M9=Hd,w:kWFcpb7J?F-Y=Vmxh#f4t4", lpUsedDefaultChar=0x0) returned 30 [0237.143] GetCurrentThreadId () returned 0x1130 [0237.144] GetCurrentThreadId () returned 0x1130 [0237.144] GetCurrentThreadId () returned 0x1130 [0237.144] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\prov\\runtime.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.144] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.144] GetCurrentThreadId () returned 0x1130 [0237.144] GetCurrentThreadId () returned 0x1130 [0237.144] GetCurrentThreadId () returned 0x1130 [0237.144] GetCurrentThreadId () returned 0x1130 [0237.144] GetCurrentThreadId () returned 0x1130 [0237.144] GetCurrentThreadId () returned 0x1130 [0237.144] GetCurrentThreadId () returned 0x1130 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] malloc (_Size=0x64) returned 0x1d1338 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] GetCurrentThreadId () returned 0x1130 [0237.145] free (_Block=0x1d1338) [0237.145] malloc (_Size=0x60) returned 0x1d1338 [0237.145] free (_Block=0x1d1338) [0237.145] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.145] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xfb [0237.146] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.146] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.146] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xfb [0237.146] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.146] ReadFile (in: hFile=0x404, lpBuffer=0x24380d8, nNumberOfBytesToRead=0xfb, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24380d8*, lpNumberOfBytesRead=0x19fbc8*=0xfb, lpOverlapped=0x0) returned 1 [0237.147] malloc (_Size=0x8c) returned 0x1d1338 [0237.147] malloc (_Size=0xfc) returned 0x31d73c0 [0237.147] malloc (_Size=0x40) returned 0x1d14e8 [0237.147] GetCurrentThreadId () returned 0x1130 [0237.147] GetCurrentThreadId () returned 0x1130 [0237.147] GetCurrentThreadId () returned 0x1130 [0237.147] GetCurrentThreadId () returned 0x1130 [0237.147] GetCurrentThreadId () returned 0x1130 [0237.147] GetCurrentThreadId () returned 0x1130 [0237.147] GetCurrentThreadId () returned 0x1130 [0237.147] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.148] malloc (_Size=0x40) returned 0x1d7470 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] malloc (_Size=0xc) returned 0x31e1d18 [0237.148] malloc (_Size=0x1b4) returned 0x1d74b8 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.148] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] free (_Block=0x1d9aa8) [0237.149] free (_Block=0x1d14e8) [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.149] GetCurrentThreadId () returned 0x1130 [0237.150] GetCurrentThreadId () returned 0x1130 [0237.150] GetCurrentThreadId () returned 0x1130 [0237.150] GetCurrentThreadId () returned 0x1130 [0237.150] GetCurrentThreadId () returned 0x1130 [0237.150] GetCurrentThreadId () returned 0x1130 [0237.150] GetCurrentThreadId () returned 0x1130 [0237.150] free (_Block=0x1d74b8) [0237.150] free (_Block=0x31e1d18) [0237.150] free (_Block=0x1d7470) [0237.150] WriteFile (in: hFile=0x2b4, lpBuffer=0x248e2b8*, nNumberOfBytesToWrite=0x172, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x248e2b8*, lpNumberOfBytesWritten=0x19fbbc*=0x172, lpOverlapped=0x0) returned 1 [0237.152] free (_Block=0x31d73c0) [0237.152] free (_Block=0x1d1338) [0237.152] CloseHandle (hObject=0x2b4) returned 1 [0237.152] CloseHandle (hObject=0x404) returned 1 [0237.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.153] SetLastError (dwErrCode=0x0) [0237.153] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", lpFilePart=0x19f9f8*="RunTime.xml") returned 0x61 [0237.153] GetLastError () returned 0x0 [0237.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.153] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\prov")) returned 0x10 [0237.161] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\prov\\runtime.xml")) returned 1 [0237.163] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x80)) [0237.163] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.163] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.163] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.163] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.163] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.163] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.163] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.163] CloseHandle (hObject=0x404) returned 1 [0237.164] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[M9=Hd,w:kWFcpb7J?F-Y=Vmxh#f4t4]", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0237.164] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[M9=Hd,w:kWFcpb7J?F-Y=Vmxh#f4t4]", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0237.164] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[M9=Hd,w:kWFcpb7J?F-Y=Vmxh#f4t4]", cchWideChar=55, lpMultiByteStr=0x2516b18, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[RunTime.xml]omgp:[M9=Hd,w:kWFcpb7J?F-Y=Vmxh#f4t4]", lpUsedDefaultChar=0x0) returned 55 [0237.177] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.177] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA=") returned 172 [0237.177] GetCurrentThreadId () returned 0x1130 [0237.177] GetCurrentThreadId () returned 0x1130 [0237.177] GetCurrentThreadId () returned 0x1130 [0237.177] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.177] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.177] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.177] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.177] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.177] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.177] SetLastError (dwErrCode=0x0) [0237.177] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320") returned 0xa1 [0237.177] GetLastError () returned 0x0 [0237.177] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.177] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.177] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.177] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.177] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\prov")) returned 0x10 [0237.178] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].wannacash ncov v310320")) returned 0x20 [0237.178] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [118].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.178] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.178] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.178] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x172 [0237.178] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.178] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.179] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.179] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.179] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.179] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.179] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3") returned 197 [0237.179] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.179] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3") returned 197 [0237.179] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x172 [0237.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.179] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1rTTymvTpKCQDyWPnD4eAluGDk3i9EFAW4hVaJXK9BHMX7lKT0+WAR464U3ghLMjGjJxV8+TRbDGMH1Do5C64+OGtCYS8uw8+xCKMOkfqKmgpfWSSJw1wSZygo81ao3FxohSBX/TY2s7FSYkfyNNabW8wXIdaQUscoqnWimdtlA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.179] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.192] CloseHandle (hObject=0x404) returned 1 [0237.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.192] SetLastError (dwErrCode=0x0) [0237.192] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", lpFilePart=0x19fa34*="RunTime.xml") returned 0x61 [0237.192] GetLastError () returned 0x0 [0237.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.193] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\prov")) returned 0x10 [0237.193] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\prov\\runtime.xml")) returned 0 [0237.193] GetLastError () returned 0x2 [0237.193] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\\prov\\runtime.xml")) returned 0xffffffff [0237.193] SetLastError (dwErrCode=0x2) [0237.193] GetLastError () returned 0x2 [0237.193] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.193] LocalFree (hMem=0x92fe20) returned 0x0 [0237.193] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.194] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.194] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml")) returned 0x20 [0237.195] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33210134358) returned 1 [0237.195] GetCurrentThreadId () returned 0x1130 [0237.195] GetCurrentThreadId () returned 0x1130 [0237.195] GetCurrentThreadId () returned 0x1130 [0237.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$g`u~GZ{LXm%qEAi@T7,u~eZZ<%(asO9t;g(aeRaH", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0237.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$g`u~GZ{LXm%qEAi@T7,u~eZZ<%(asO9t;g(aeRaH", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0237.195] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$g`u~GZ{LXm%qEAi@T7,u~eZZ<%(asO9t;g(aeRaH", cchWideChar=41, lpMultiByteStr=0x2525040, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$g`u~GZ{LXm%qEAi@T7,u~eZZ<%(asO9t;g(aeRaH", lpUsedDefaultChar=0x0) returned 41 [0237.196] GetCurrentThreadId () returned 0x1130 [0237.196] GetCurrentThreadId () returned 0x1130 [0237.196] GetCurrentThreadId () returned 0x1130 [0237.196] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.196] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.196] GetCurrentThreadId () returned 0x1130 [0237.196] GetCurrentThreadId () returned 0x1130 [0237.196] GetCurrentThreadId () returned 0x1130 [0237.196] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] malloc (_Size=0x64) returned 0x1d1338 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] GetCurrentThreadId () returned 0x1130 [0237.197] free (_Block=0x1d1338) [0237.197] malloc (_Size=0x60) returned 0x1d1338 [0237.197] free (_Block=0x1d1338) [0237.197] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.198] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1144 [0237.198] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.198] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.198] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1144 [0237.198] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.198] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0x1144, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0x1144, lpOverlapped=0x0) returned 1 [0237.200] malloc (_Size=0x8c) returned 0x1d1338 [0237.200] malloc (_Size=0xfc) returned 0x31d70a8 [0237.200] malloc (_Size=0x40) returned 0x1d14e8 [0237.200] GetCurrentThreadId () returned 0x1130 [0237.200] GetCurrentThreadId () returned 0x1130 [0237.200] GetCurrentThreadId () returned 0x1130 [0237.200] GetCurrentThreadId () returned 0x1130 [0237.200] GetCurrentThreadId () returned 0x1130 [0237.200] GetCurrentThreadId () returned 0x1130 [0237.200] GetCurrentThreadId () returned 0x1130 [0237.200] GetCurrentThreadId () returned 0x1130 [0237.200] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.201] malloc (_Size=0x40) returned 0x1d7470 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] GetCurrentThreadId () returned 0x1130 [0237.201] malloc (_Size=0xc) returned 0x31e1dc0 [0237.201] malloc (_Size=0x720) returned 0x31d2860 [0237.201] malloc (_Size=0xe3c) returned 0x1da510 [0237.201] free (_Block=0x31d2860) [0237.201] malloc (_Size=0x15ac) returned 0x1db358 [0237.202] free (_Block=0x1da510) [0237.202] malloc (_Size=0x1f28) returned 0x1dc910 [0237.202] free (_Block=0x1db358) [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] GetCurrentThreadId () returned 0x1130 [0237.202] free (_Block=0x1d9aa8) [0237.202] free (_Block=0x1d14e8) [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] GetCurrentThreadId () returned 0x1130 [0237.203] free (_Block=0x1dc910) [0237.204] free (_Block=0x31e1dc0) [0237.204] free (_Block=0x1d7470) [0237.204] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b79d8*, nNumberOfBytesToWrite=0x1789, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b79d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1789, lpOverlapped=0x0) returned 1 [0237.206] free (_Block=0x31d70a8) [0237.206] free (_Block=0x1d1338) [0237.206] CloseHandle (hObject=0x2b4) returned 1 [0237.206] CloseHandle (hObject=0x404) returned 1 [0237.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=8) returned 1 [0237.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=4) returned 1 [0237.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=8) returned 1 [0237.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=4) returned 1 [0237.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=8) returned 1 [0237.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=4) returned 1 [0237.207] SetLastError (dwErrCode=0x0) [0237.207] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", lpFilePart=0x19f9f8*="customizations.xml") returned 0x63 [0237.207] GetLastError () returned 0x0 [0237.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=8) returned 1 [0237.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=4) returned 1 [0237.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=8) returned 1 [0237.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=4) returned 1 [0237.207] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}")) returned 0x10 [0237.208] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml")) returned 1 [0237.209] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0xaf)) [0237.209] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.209] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.210] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.210] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.210] CloseHandle (hObject=0x404) returned 1 [0237.210] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[$g`u~GZ{LXm%qEAi@T7,u~eZZ<%(asO9t;g(aeRaH]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0237.210] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[$g`u~GZ{LXm%qEAi@T7,u~eZZ<%(asO9t;g(aeRaH]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0237.210] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[$g`u~GZ{LXm%qEAi@T7,u~eZZ<%(asO9t;g(aeRaH]", cchWideChar=73, lpMultiByteStr=0x252c6b0, cbMultiByte=73, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[customizations.xml]omgp:[$g`u~GZ{LXm%qEAi@T7,u~eZZ<%(asO9t;g(aeRaH]", lpUsedDefaultChar=0x0) returned 73 [0237.219] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.219] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA=") returned 172 [0237.219] GetCurrentThreadId () returned 0x1130 [0237.219] GetCurrentThreadId () returned 0x1130 [0237.219] GetCurrentThreadId () returned 0x1130 [0237.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.219] SetLastError (dwErrCode=0x0) [0237.219] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320") returned 0x9c [0237.219] GetLastError () returned 0x0 [0237.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.221] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}")) returned 0x10 [0237.221] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].wannacash ncov v310320")) returned 0x20 [0237.222] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [119].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.222] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.222] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.222] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1789 [0237.222] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.222] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.222] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.222] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.222] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.222] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.223] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3") returned 197 [0237.223] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.223] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3") returned 197 [0237.223] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1789 [0237.223] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.223] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.223] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:sgsSYkLKHeWKLRuuNw9Jd9pf6xOQb04mVtE/waziNmkcKVbBO3L/L7R0ofK6LF2o7p6VdGMiBb1e0nazsso5FF7w+Dn4gLvp8awtQHrMyvEDkF5m2vQxix/y7w8q8zy240YtV4IrNcWElRmc4hN4cYP7Vcohz2+bHYQREq6nFmA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.223] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.223] CloseHandle (hObject=0x404) returned 1 [0237.223] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=8) returned 1 [0237.223] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=4) returned 1 [0237.223] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=8) returned 1 [0237.223] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=4) returned 1 [0237.223] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=8) returned 1 [0237.224] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=4) returned 1 [0237.224] SetLastError (dwErrCode=0x0) [0237.224] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", lpFilePart=0x19fa34*="customizations.xml") returned 0x63 [0237.224] GetLastError () returned 0x0 [0237.224] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=8) returned 1 [0237.224] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=4) returned 1 [0237.224] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=8) returned 1 [0237.224] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml", cchCount2=4) returned 1 [0237.224] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}")) returned 0x10 [0237.224] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml")) returned 0 [0237.224] GetLastError () returned 0x2 [0237.224] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\customizations.xml")) returned 0xffffffff [0237.224] SetLastError (dwErrCode=0x2) [0237.224] GetLastError () returned 0x2 [0237.224] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.224] LocalFree (hMem=0x92fe20) returned 0x0 [0237.224] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.225] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.225] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\masterdatastore.xml")) returned 0x20 [0237.225] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33213147269) returned 1 [0237.225] GetCurrentThreadId () returned 0x1130 [0237.225] GetCurrentThreadId () returned 0x1130 [0237.225] GetCurrentThreadId () returned 0x1130 [0237.226] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bGu>\"%i-gV}FHt1mu2bR2b&H|7~^sS9№Awtv3=`eCx8}3}", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0237.226] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bGu>\"%i-gV}FHt1mu2bR2b&H|7~^sS9№Awtv3=`eCx8}3}", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0237.226] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bGu>\"%i-gV}FHt1mu2bR2b&H|7~^sS9№Awtv3=`eCx8}3}", cchWideChar=46, lpMultiByteStr=0x25337d8, cbMultiByte=48, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bGu>\"%i-gV}FHt1mu2bR2b&H|7~^sS9â\x84\x96Awtv3=`eCx8}3}", lpUsedDefaultChar=0x0) returned 48 [0237.226] GetCurrentThreadId () returned 0x1130 [0237.226] GetCurrentThreadId () returned 0x1130 [0237.226] GetCurrentThreadId () returned 0x1130 [0237.226] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\masterdatastore.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.226] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] malloc (_Size=0x64) returned 0x1d1338 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] GetCurrentThreadId () returned 0x1130 [0237.227] free (_Block=0x1d1338) [0237.228] malloc (_Size=0x60) returned 0x1d1338 [0237.228] free (_Block=0x1d1338) [0237.228] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.228] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0237.228] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.228] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.228] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0237.228] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.228] ReadFile (in: hFile=0x404, lpBuffer=0x247e808, nNumberOfBytesToRead=0x10f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x247e808*, lpNumberOfBytesRead=0x19fbc8*=0x10f, lpOverlapped=0x0) returned 1 [0237.232] malloc (_Size=0x8c) returned 0x1d1338 [0237.232] malloc (_Size=0xfc) returned 0x31d71b0 [0237.232] malloc (_Size=0x40) returned 0x1d14e8 [0237.232] GetCurrentThreadId () returned 0x1130 [0237.232] GetCurrentThreadId () returned 0x1130 [0237.232] GetCurrentThreadId () returned 0x1130 [0237.232] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.233] malloc (_Size=0x40) returned 0x1d7470 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.233] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] malloc (_Size=0xc) returned 0x31e1ca0 [0237.234] malloc (_Size=0x20c) returned 0x31d2860 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.234] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] free (_Block=0x1d9aa8) [0237.235] free (_Block=0x1d14e8) [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.235] GetCurrentThreadId () returned 0x1130 [0237.236] GetCurrentThreadId () returned 0x1130 [0237.236] GetCurrentThreadId () returned 0x1130 [0237.236] GetCurrentThreadId () returned 0x1130 [0237.236] GetCurrentThreadId () returned 0x1130 [0237.236] GetCurrentThreadId () returned 0x1130 [0237.236] free (_Block=0x31d2860) [0237.236] free (_Block=0x31e1ca0) [0237.236] free (_Block=0x1d7470) [0237.236] WriteFile (in: hFile=0x2b4, lpBuffer=0x2456078*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2456078*, lpNumberOfBytesWritten=0x19fbbc*=0x186, lpOverlapped=0x0) returned 1 [0237.237] free (_Block=0x31d71b0) [0237.238] free (_Block=0x1d1338) [0237.238] CloseHandle (hObject=0x2b4) returned 1 [0237.238] CloseHandle (hObject=0x404) returned 1 [0237.238] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.238] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.238] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.238] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.238] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.238] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.238] SetLastError (dwErrCode=0x0) [0237.238] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", lpFilePart=0x19f9f8*="MasterDatastore.xml") returned 0x64 [0237.238] GetLastError () returned 0x0 [0237.238] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.239] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.239] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.239] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.239] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}")) returned 0x10 [0237.239] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\masterdatastore.xml")) returned 1 [0237.240] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0xce)) [0237.240] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.240] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.240] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.241] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.241] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.241] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.241] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.241] CloseHandle (hObject=0x404) returned 1 [0237.241] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[bGu>\"%i-gV}FHt1mu2bR2b&H|7~^sS9№Awtv3=`eCx8}3}]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0237.241] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[bGu>\"%i-gV}FHt1mu2bR2b&H|7~^sS9№Awtv3=`eCx8}3}]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0237.241] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[bGu>\"%i-gV}FHt1mu2bR2b&H|7~^sS9№Awtv3=`eCx8}3}]", cchWideChar=79, lpMultiByteStr=0x251e0e8, cbMultiByte=79, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[MasterDatastore.xml]omgp:[bGu>\"%i-gV}FHt1mu2bR2b&H|7~^sS9?Awtv3=`eCx8}3}]", lpUsedDefaultChar=0x0) returned 79 [0237.250] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.250] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik=") returned 172 [0237.250] GetCurrentThreadId () returned 0x1130 [0237.250] GetCurrentThreadId () returned 0x1130 [0237.250] GetCurrentThreadId () returned 0x1130 [0237.250] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.250] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.250] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.250] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.250] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.251] SetLastError (dwErrCode=0x0) [0237.251] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320") returned 0x9c [0237.251] GetLastError () returned 0x0 [0237.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.254] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.254] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}")) returned 0x10 [0237.254] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].wannacash ncov v310320")) returned 0x20 [0237.254] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [120].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.254] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.254] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.254] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x186 [0237.255] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.255] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.255] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.255] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.255] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.255] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.255] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.255] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.255] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.255] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3") returned 197 [0237.255] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.255] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3") returned 197 [0237.255] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x186 [0237.255] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.255] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.255] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:7tDEQ5eZWobhDpFtkDIDO0QvSx3ifawAktBkiknlBGw0wMfAVAD4IcwQgB6QWbcrNyjxf9UgSnCRKkKkeHasKtRQgCWK4RINmf4DUEdKztjiua+ZeJMFwjyEak7F5YRiBSWh7qwy0Y2lw5sA9Y0VSLwP4AFxqG2zfivW9tezmik= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.255] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.256] CloseHandle (hObject=0x404) returned 1 [0237.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.257] SetLastError (dwErrCode=0x0) [0237.257] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", lpFilePart=0x19fa34*="MasterDatastore.xml") returned 0x64 [0237.257] GetLastError () returned 0x0 [0237.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.257] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}")) returned 0x10 [0237.257] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\masterdatastore.xml")) returned 0 [0237.258] GetLastError () returned 0x2 [0237.258] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\masterdatastore.xml")) returned 0xffffffff [0237.258] SetLastError (dwErrCode=0x2) [0237.258] GetLastError () returned 0x2 [0237.258] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.258] LocalFree (hMem=0x92fe20) returned 0x0 [0237.258] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.258] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.258] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\prov\\runtime.xml")) returned 0x20 [0237.259] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33216475678) returned 1 [0237.259] GetCurrentThreadId () returned 0x1130 [0237.259] GetCurrentThreadId () returned 0x1130 [0237.259] GetCurrentThreadId () returned 0x1130 [0237.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HwMhW*-K`$t\\&Iw№c5G$@8\\tH1HtY", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0237.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HwMhW*-K`$t\\&Iw№c5G$@8\\tH1HtY", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0237.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HwMhW*-K`$t\\&Iw№c5G$@8\\tH1HtY", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HwMhW*-K`$t\\&Iwâ\x84\x96c5G$@8\\tH1HtY", lpUsedDefaultChar=0x0) returned 31 [0237.259] GetCurrentThreadId () returned 0x1130 [0237.259] GetCurrentThreadId () returned 0x1130 [0237.259] GetCurrentThreadId () returned 0x1130 [0237.259] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\prov\\runtime.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.259] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] malloc (_Size=0x64) returned 0x1d1338 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.260] GetCurrentThreadId () returned 0x1130 [0237.261] GetCurrentThreadId () returned 0x1130 [0237.261] GetCurrentThreadId () returned 0x1130 [0237.261] free (_Block=0x1d1338) [0237.261] malloc (_Size=0x60) returned 0x1d1338 [0237.261] free (_Block=0x1d1338) [0237.261] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.261] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x257 [0237.261] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.261] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.261] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x257 [0237.261] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.261] ReadFile (in: hFile=0x404, lpBuffer=0x2413fd8, nNumberOfBytesToRead=0x257, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x2413fd8*, lpNumberOfBytesRead=0x19fbc8*=0x257, lpOverlapped=0x0) returned 1 [0237.263] malloc (_Size=0x8c) returned 0x1d1338 [0237.263] malloc (_Size=0xfc) returned 0x31d76d8 [0237.263] malloc (_Size=0x40) returned 0x1d14e8 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.263] malloc (_Size=0x40) returned 0x1d7470 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.263] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] malloc (_Size=0xc) returned 0x31e1d18 [0237.264] malloc (_Size=0x468) returned 0x31d2860 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.264] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] free (_Block=0x1d9aa8) [0237.265] free (_Block=0x1d14e8) [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] GetCurrentThreadId () returned 0x1130 [0237.265] free (_Block=0x31d2860) [0237.266] free (_Block=0x31e1d18) [0237.266] free (_Block=0x1d7470) [0237.266] WriteFile (in: hFile=0x2b4, lpBuffer=0x39be5f8*, nNumberOfBytesToWrite=0x34d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39be5f8*, lpNumberOfBytesWritten=0x19fbbc*=0x34d, lpOverlapped=0x0) returned 1 [0237.267] free (_Block=0x31d76d8) [0237.267] free (_Block=0x1d1338) [0237.267] CloseHandle (hObject=0x2b4) returned 1 [0237.267] CloseHandle (hObject=0x404) returned 1 [0237.268] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.268] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.268] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.268] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.268] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.268] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.268] SetLastError (dwErrCode=0x0) [0237.268] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", lpFilePart=0x19f9f8*="RunTime.xml") returned 0x61 [0237.268] GetLastError () returned 0x0 [0237.268] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.268] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.268] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.268] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.268] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\prov")) returned 0x10 [0237.268] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\prov\\runtime.xml")) returned 1 [0237.270] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0xed)) [0237.270] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.270] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.270] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.270] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.270] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.270] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.270] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.270] CloseHandle (hObject=0x404) returned 1 [0237.271] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[HwMhW*-K`$t\\&Iw№c5G$@8\\tH1HtY]", cchWideChar=54, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0237.271] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[HwMhW*-K`$t\\&Iw№c5G$@8\\tH1HtY]", cchWideChar=54, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0237.271] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[HwMhW*-K`$t\\&Iw№c5G$@8\\tH1HtY]", cchWideChar=54, lpMultiByteStr=0x2516b18, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[RunTime.xml]omgp:[HwMhW*-K`$t\\&Iw?c5G$@8\\tH1HtY]", lpUsedDefaultChar=0x0) returned 54 [0237.280] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.280] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4=") returned 172 [0237.280] GetCurrentThreadId () returned 0x1130 [0237.280] GetCurrentThreadId () returned 0x1130 [0237.280] GetCurrentThreadId () returned 0x1130 [0237.280] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.280] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.280] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.280] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.280] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.281] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.281] SetLastError (dwErrCode=0x0) [0237.281] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320") returned 0xa1 [0237.281] GetLastError () returned 0x0 [0237.281] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.281] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.281] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.281] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.281] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\prov")) returned 0x10 [0237.281] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].wannacash ncov v310320")) returned 0x20 [0237.281] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [121].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.282] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.282] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.282] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x34d [0237.282] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.282] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.282] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.282] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.282] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.282] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.282] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.282] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.282] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.282] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3") returned 197 [0237.282] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.282] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3") returned 197 [0237.282] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x34d [0237.282] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.283] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.283] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:AhPS8Y+Fn+KBD64rCNVYxLjwJUb+TI4qYXAWyQmzSZRd7HW9gjycjeFEFXge65LyYFiW/3E9OXiOMDm0U1auM5B8Fm0J0Fu2VqHpiYGGhOLQFtzqwJ2aHYnHZ8Aatm5Q9O2egZLsuuXF16NipnEZvYBkd6Z6gwBfrZ4wpsBtHg4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.283] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.283] CloseHandle (hObject=0x404) returned 1 [0237.283] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.283] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.283] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.283] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.283] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.283] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.283] SetLastError (dwErrCode=0x0) [0237.283] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", lpFilePart=0x19fa34*="RunTime.xml") returned 0x61 [0237.283] GetLastError () returned 0x0 [0237.283] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.283] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.284] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.284] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.284] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\prov")) returned 0x10 [0237.284] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\prov\\runtime.xml")) returned 0 [0237.284] GetLastError () returned 0x2 [0237.284] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\\prov\\runtime.xml")) returned 0xffffffff [0237.284] SetLastError (dwErrCode=0x2) [0237.284] GetLastError () returned 0x2 [0237.284] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.284] LocalFree (hMem=0x92fe20) returned 0x0 [0237.284] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.298] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.299] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\\customizations.xml")) returned 0x20 [0237.299] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33220514089) returned 1 [0237.299] GetCurrentThreadId () returned 0x1130 [0237.299] GetCurrentThreadId () returned 0x1130 [0237.299] GetCurrentThreadId () returned 0x1130 [0237.299] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=">$!;nr7U8?ZHpsx|w/IojEwU,JXVv?4Bx)$!;nr7U8?ZHpsx|w/IojEwU,JXVv?4Bx)$!;nr7U8?ZHpsx|w/IojEwU,JXVv?4Bx)$!;nr7U8?ZHpsx|w/IojEwU,JXVv?4Bx)$!;nr7U8?ZHpsx|w/IojEwU,JXVv?4Bx)$!;nr7U8?ZHpsx|w/IojEwU,JXVv?4Bx)$!;nr7U8?ZHpsx|w/IojEwU,JXVv?4Bx)$!;nr7U8?ZHpsx|w/IojEwU,JXVv?4Bx)eE/!AErFw&xxaD4MF/!,qr7d", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0237.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№gZENbz}E2SS>eE/!AErFw&xxaD4MF/!,qr7d", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0237.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№gZENbz}E2SS>eE/!AErFw&xxaD4MF/!,qr7d", cchWideChar=37, lpMultiByteStr=0x2525040, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="â\x84\x96gZENbz}E2SS>eE/!AErFw&xxaD4MF/!,qr7d", lpUsedDefaultChar=0x0) returned 39 [0237.527] GetCurrentThreadId () returned 0x1130 [0237.527] GetCurrentThreadId () returned 0x1130 [0237.527] GetCurrentThreadId () returned 0x1130 [0237.527] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\prov\\runtime.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.527] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] GetCurrentThreadId () returned 0x1130 [0237.528] malloc (_Size=0x64) returned 0x1d1338 [0237.529] GetCurrentThreadId () returned 0x1130 [0237.529] GetCurrentThreadId () returned 0x1130 [0237.529] GetCurrentThreadId () returned 0x1130 [0237.529] GetCurrentThreadId () returned 0x1130 [0237.529] GetCurrentThreadId () returned 0x1130 [0237.529] GetCurrentThreadId () returned 0x1130 [0237.529] free (_Block=0x1d1338) [0237.529] malloc (_Size=0x60) returned 0x1d1338 [0237.529] free (_Block=0x1d1338) [0237.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x102 [0237.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x102 [0237.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.529] ReadFile (in: hFile=0x404, lpBuffer=0x2437eb8, nNumberOfBytesToRead=0x102, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x2437eb8*, lpNumberOfBytesRead=0x19fbc8*=0x102, lpOverlapped=0x0) returned 1 [0237.533] malloc (_Size=0x8c) returned 0x1d1338 [0237.533] malloc (_Size=0xfc) returned 0x31d75d0 [0237.533] malloc (_Size=0x40) returned 0x1d14e8 [0237.533] GetCurrentThreadId () returned 0x1130 [0237.533] GetCurrentThreadId () returned 0x1130 [0237.533] GetCurrentThreadId () returned 0x1130 [0237.533] GetCurrentThreadId () returned 0x1130 [0237.533] GetCurrentThreadId () returned 0x1130 [0237.533] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.534] malloc (_Size=0x40) returned 0x1d7470 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] malloc (_Size=0xc) returned 0x31e1df0 [0237.534] malloc (_Size=0x20c) returned 0x31d2860 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.534] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] free (_Block=0x1d9aa8) [0237.535] free (_Block=0x1d14e8) [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.535] GetCurrentThreadId () returned 0x1130 [0237.536] GetCurrentThreadId () returned 0x1130 [0237.536] GetCurrentThreadId () returned 0x1130 [0237.536] GetCurrentThreadId () returned 0x1130 [0237.536] GetCurrentThreadId () returned 0x1130 [0237.536] GetCurrentThreadId () returned 0x1130 [0237.536] GetCurrentThreadId () returned 0x1130 [0237.536] GetCurrentThreadId () returned 0x1130 [0237.536] GetCurrentThreadId () returned 0x1130 [0237.536] GetCurrentThreadId () returned 0x1130 [0237.536] free (_Block=0x31d2860) [0237.536] free (_Block=0x31e1df0) [0237.536] free (_Block=0x1d7470) [0237.536] WriteFile (in: hFile=0x2b4, lpBuffer=0x2455ed8*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2455ed8*, lpNumberOfBytesWritten=0x19fbbc*=0x186, lpOverlapped=0x0) returned 1 [0237.537] free (_Block=0x31d75d0) [0237.537] free (_Block=0x1d1338) [0237.537] CloseHandle (hObject=0x2b4) returned 1 [0237.538] CloseHandle (hObject=0x404) returned 1 [0237.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.538] SetLastError (dwErrCode=0x0) [0237.538] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", lpFilePart=0x19f9f8*="RunTime.xml") returned 0x61 [0237.538] GetLastError () returned 0x0 [0237.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.538] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\prov")) returned 0x10 [0237.539] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\prov\\runtime.xml")) returned 1 [0237.540] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x1f7)) [0237.540] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.540] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.540] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.540] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.540] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.540] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.540] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.541] CloseHandle (hObject=0x404) returned 1 [0237.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[№gZENbz}E2SS>eE/!AErFw&xxaD4MF/!,qr7d]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0237.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[№gZENbz}E2SS>eE/!AErFw&xxaD4MF/!,qr7d]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0237.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[№gZENbz}E2SS>eE/!AErFw&xxaD4MF/!,qr7d]", cchWideChar=62, lpMultiByteStr=0x2541be8, cbMultiByte=62, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[RunTime.xml]omgp:[?gZENbz}E2SS>eE/!AErFw&xxaD4MF/!,qr7d]F", lpUsedDefaultChar=0x0) returned 62 [0237.550] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.550] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ=") returned 172 [0237.550] GetCurrentThreadId () returned 0x1130 [0237.550] GetCurrentThreadId () returned 0x1130 [0237.550] GetCurrentThreadId () returned 0x1130 [0237.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.551] SetLastError (dwErrCode=0x0) [0237.551] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320") returned 0xa1 [0237.551] GetLastError () returned 0x0 [0237.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.551] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\prov")) returned 0x10 [0237.551] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].wannacash ncov v310320")) returned 0x20 [0237.551] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [127].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.552] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.552] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.552] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x186 [0237.552] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.552] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.552] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.552] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.552] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.552] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.552] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3") returned 197 [0237.552] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.552] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3") returned 197 [0237.552] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x186 [0237.552] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.552] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:fWRiIg9xnNfMnh9tejGiIkHc1nP8mZ+Y8y+vLc6o6zFcbVkkxy9SUCktNqFLqvE+lSPSDnFZOcZioYisEDdxRyZHH/mQFS3ECH7yz6WOjRLQRuPXJzz+VsmJJPoEYQ5Hh7/V4oOQZrDosXOUKepcT/55SAM3os1sX6/N37HAQGQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.553] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.553] CloseHandle (hObject=0x404) returned 1 [0237.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.554] SetLastError (dwErrCode=0x0) [0237.554] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", lpFilePart=0x19fa34*="RunTime.xml") returned 0x61 [0237.554] GetLastError () returned 0x0 [0237.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.554] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\prov")) returned 0x10 [0237.554] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\prov\\runtime.xml")) returned 0 [0237.555] GetLastError () returned 0x2 [0237.555] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\\prov\\runtime.xml")) returned 0xffffffff [0237.555] SetLastError (dwErrCode=0x2) [0237.555] GetLastError () returned 0x2 [0237.555] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.555] LocalFree (hMem=0x92fe20) returned 0x0 [0237.555] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.555] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.555] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml")) returned 0x20 [0237.556] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33246179523) returned 1 [0237.556] GetCurrentThreadId () returned 0x1130 [0237.556] GetCurrentThreadId () returned 0x1130 [0237.556] GetCurrentThreadId () returned 0x1130 [0237.556] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="=6.b.Ypy2,O!|chDXTx!pz.!nU*!48mpk)Kc!oWzSM}2|№^", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0237.556] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="=6.b.Ypy2,O!|chDXTx!pz.!nU*!48mpk)Kc!oWzSM}2|№^", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0237.556] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="=6.b.Ypy2,O!|chDXTx!pz.!nU*!48mpk)Kc!oWzSM}2|№^", cchWideChar=47, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=6.b.Ypy2,O!|chDXTx!pz.!nU*!48mpk)Kc!oWzSM}2|â\x84\x96^", lpUsedDefaultChar=0x0) returned 49 [0237.556] GetCurrentThreadId () returned 0x1130 [0237.556] GetCurrentThreadId () returned 0x1130 [0237.556] GetCurrentThreadId () returned 0x1130 [0237.556] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.556] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.558] GetCurrentThreadId () returned 0x1130 [0237.558] GetCurrentThreadId () returned 0x1130 [0237.558] GetCurrentThreadId () returned 0x1130 [0237.558] GetCurrentThreadId () returned 0x1130 [0237.558] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] malloc (_Size=0x64) returned 0x1d1338 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] GetCurrentThreadId () returned 0x1130 [0237.559] free (_Block=0x1d1338) [0237.559] malloc (_Size=0x60) returned 0x1d1338 [0237.559] free (_Block=0x1d1338) [0237.559] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x380 [0237.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x380 [0237.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.560] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x380, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x380, lpOverlapped=0x0) returned 1 [0237.573] malloc (_Size=0x8c) returned 0x1d1338 [0237.573] malloc (_Size=0xfc) returned 0x31d76d8 [0237.573] malloc (_Size=0x40) returned 0x1d14e8 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.573] malloc (_Size=0x40) returned 0x1d7470 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.573] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] malloc (_Size=0xc) returned 0x31e1df0 [0237.574] malloc (_Size=0x670) returned 0x31d2860 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.574] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] free (_Block=0x1d9aa8) [0237.575] free (_Block=0x1d14e8) [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.575] GetCurrentThreadId () returned 0x1130 [0237.576] free (_Block=0x31d2860) [0237.576] free (_Block=0x31e1df0) [0237.576] free (_Block=0x1d7470) [0237.576] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c1bf8*, nNumberOfBytesToWrite=0x4ec, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c1bf8*, lpNumberOfBytesWritten=0x19fbbc*=0x4ec, lpOverlapped=0x0) returned 1 [0237.577] free (_Block=0x31d76d8) [0237.577] free (_Block=0x1d1338) [0237.577] CloseHandle (hObject=0x2b4) returned 1 [0237.577] CloseHandle (hObject=0x404) returned 1 [0237.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=8) returned 1 [0237.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=4) returned 1 [0237.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=8) returned 1 [0237.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=4) returned 1 [0237.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=8) returned 1 [0237.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=4) returned 1 [0237.578] SetLastError (dwErrCode=0x0) [0237.578] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", lpFilePart=0x19f9f8*="customizations.xml") returned 0x63 [0237.578] GetLastError () returned 0x0 [0237.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=8) returned 1 [0237.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=4) returned 1 [0237.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=8) returned 1 [0237.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=4) returned 1 [0237.578] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}")) returned 0x10 [0237.578] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml")) returned 1 [0237.609] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x235)) [0237.609] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.609] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.610] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.610] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.611] CloseHandle (hObject=0x404) returned 1 [0237.611] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[=6.b.Ypy2,O!|chDXTx!pz.!nU*!48mpk)Kc!oWzSM}2|№^]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0237.611] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[=6.b.Ypy2,O!|chDXTx!pz.!nU*!48mpk)Kc!oWzSM}2|№^]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0237.611] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[=6.b.Ypy2,O!|chDXTx!pz.!nU*!48mpk)Kc!oWzSM}2|№^]", cchWideChar=79, lpMultiByteStr=0x251e0e8, cbMultiByte=79, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[customizations.xml]omgp:[=6.b.Ypy2,O!|chDXTx!pz.!nU*!48mpk)Kc!oWzSM}2|?^]", lpUsedDefaultChar=0x0) returned 79 [0237.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo=") returned 172 [0237.617] GetCurrentThreadId () returned 0x1130 [0237.617] GetCurrentThreadId () returned 0x1130 [0237.617] GetCurrentThreadId () returned 0x1130 [0237.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.617] SetLastError (dwErrCode=0x0) [0237.617] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320") returned 0x9c [0237.617] GetLastError () returned 0x0 [0237.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.618] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.618] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.618] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.618] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}")) returned 0x10 [0237.618] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].wannacash ncov v310320")) returned 0x20 [0237.618] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [128].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.618] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.618] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.618] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x4ec [0237.618] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.618] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.619] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.619] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3") returned 197 [0237.619] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.619] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3") returned 197 [0237.619] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x4ec [0237.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:GJ0D/DG623v9GpDcXG3tysZeqzk07ACWTD9JbsTfKKoT+QaXCDLDJPod05EIXj4qYzjFejwteCMqq0+CVEhL0FCpFtpbstAGQKmObIC0letD+3cvgoqyu2NlMTP5PxXLEzQeD11PFlIWSuCi7wEMFnKjCylolalR1BNbJ4CblYo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.619] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.619] CloseHandle (hObject=0x404) returned 1 [0237.619] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=8) returned 1 [0237.619] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=4) returned 1 [0237.619] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=8) returned 1 [0237.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=4) returned 1 [0237.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=8) returned 1 [0237.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=4) returned 1 [0237.620] SetLastError (dwErrCode=0x0) [0237.620] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", lpFilePart=0x19fa34*="customizations.xml") returned 0x63 [0237.620] GetLastError () returned 0x0 [0237.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=8) returned 1 [0237.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=4) returned 1 [0237.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=8) returned 1 [0237.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml", cchCount2=4) returned 1 [0237.620] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}")) returned 0x10 [0237.620] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml")) returned 0 [0237.620] GetLastError () returned 0x2 [0237.620] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\customizations.xml")) returned 0xffffffff [0237.620] SetLastError (dwErrCode=0x2) [0237.620] GetLastError () returned 0x2 [0237.620] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.620] LocalFree (hMem=0x92fe20) returned 0x0 [0237.620] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.621] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.621] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\masterdatastore.xml")) returned 0x20 [0237.621] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33252739045) returned 1 [0237.621] GetCurrentThreadId () returned 0x1130 [0237.621] GetCurrentThreadId () returned 0x1130 [0237.621] GetCurrentThreadId () returned 0x1130 [0237.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="NNo.8G96xmwQr4\"ed=aFlk\"{?PPd6", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0237.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="NNo.8G96xmwQr4\"ed=aFlk\"{?PPd6", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0237.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="NNo.8G96xmwQr4\"ed=aFlk\"{?PPd6", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NNo.8G96xmwQr4\"ed=aFlk\"{?PPd6", lpUsedDefaultChar=0x0) returned 29 [0237.621] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\masterdatastore.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.622] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] GetCurrentThreadId () returned 0x1130 [0237.622] malloc (_Size=0x64) returned 0x1d1338 [0237.623] GetCurrentThreadId () returned 0x1130 [0237.623] GetCurrentThreadId () returned 0x1130 [0237.623] GetCurrentThreadId () returned 0x1130 [0237.623] GetCurrentThreadId () returned 0x1130 [0237.623] GetCurrentThreadId () returned 0x1130 [0237.623] GetCurrentThreadId () returned 0x1130 [0237.623] free (_Block=0x1d1338) [0237.623] malloc (_Size=0x60) returned 0x1d1338 [0237.623] free (_Block=0x1d1338) [0237.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0237.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0237.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.623] ReadFile (in: hFile=0x404, lpBuffer=0x247e808, nNumberOfBytesToRead=0x10f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x247e808*, lpNumberOfBytesRead=0x19fbc8*=0x10f, lpOverlapped=0x0) returned 1 [0237.624] malloc (_Size=0x8c) returned 0x1d1338 [0237.624] malloc (_Size=0xfc) returned 0x31d75d0 [0237.625] malloc (_Size=0x40) returned 0x1d14e8 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.625] malloc (_Size=0x40) returned 0x1d7470 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] malloc (_Size=0xc) returned 0x31e1e20 [0237.625] malloc (_Size=0x20c) returned 0x31d2860 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.625] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] free (_Block=0x1d9aa8) [0237.626] free (_Block=0x1d14e8) [0237.626] GetCurrentThreadId () returned 0x1130 [0237.626] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] GetCurrentThreadId () returned 0x1130 [0237.627] free (_Block=0x31d2860) [0237.627] free (_Block=0x31e1e20) [0237.627] free (_Block=0x1d7470) [0237.627] WriteFile (in: hFile=0x2b4, lpBuffer=0x2455ed8*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2455ed8*, lpNumberOfBytesWritten=0x19fbbc*=0x186, lpOverlapped=0x0) returned 1 [0237.628] free (_Block=0x31d75d0) [0237.628] free (_Block=0x1d1338) [0237.628] CloseHandle (hObject=0x2b4) returned 1 [0237.629] CloseHandle (hObject=0x404) returned 1 [0237.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.629] SetLastError (dwErrCode=0x0) [0237.629] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", lpFilePart=0x19f9f8*="MasterDatastore.xml") returned 0x64 [0237.629] GetLastError () returned 0x0 [0237.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.629] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}")) returned 0x10 [0237.629] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\masterdatastore.xml")) returned 1 [0237.630] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x255)) [0237.630] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.630] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.631] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.631] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.631] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.631] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.631] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.631] CloseHandle (hObject=0x404) returned 1 [0237.631] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[NNo.8G96xmwQr4\"ed=aFlk\"{?PPd6]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0237.631] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[NNo.8G96xmwQr4\"ed=aFlk\"{?PPd6]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0237.631] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[NNo.8G96xmwQr4\"ed=aFlk\"{?PPd6]", cchWideChar=62, lpMultiByteStr=0x2541d78, cbMultiByte=62, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[MasterDatastore.xml]omgp:[NNo.8G96xmwQr4\"ed=aFlk\"{?PPd6]", lpUsedDefaultChar=0x0) returned 62 [0237.637] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.637] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM=") returned 172 [0237.637] GetCurrentThreadId () returned 0x1130 [0237.637] GetCurrentThreadId () returned 0x1130 [0237.637] GetCurrentThreadId () returned 0x1130 [0237.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.637] SetLastError (dwErrCode=0x0) [0237.637] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320") returned 0x9c [0237.637] GetLastError () returned 0x0 [0237.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.638] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}")) returned 0x10 [0237.638] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].wannacash ncov v310320")) returned 0x20 [0237.638] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [129].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.638] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.638] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.638] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x186 [0237.638] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.638] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.638] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.638] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.638] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.639] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.639] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3") returned 197 [0237.639] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.639] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3") returned 197 [0237.639] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x186 [0237.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iqTIVFfGzzd1aSPgto09LIc/aOvERC2rqc+k66TGalFvwTYoWGvnvSMlxR+kwhFVhdeDp6XbiBD34AQw1sLtHWWgigWehJBY+LvVKKvVhqv3mOrWUjjPeto6lKwJXFFv17sJ7ZfS9S7wwtGidAK0Le2ZJs71jMgKDrKQpEumsWM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.639] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.640] CloseHandle (hObject=0x404) returned 1 [0237.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.640] SetLastError (dwErrCode=0x0) [0237.640] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", lpFilePart=0x19fa34*="MasterDatastore.xml") returned 0x64 [0237.640] GetLastError () returned 0x0 [0237.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.641] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}")) returned 0x10 [0237.641] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\masterdatastore.xml")) returned 0 [0237.641] GetLastError () returned 0x2 [0237.641] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\masterdatastore.xml")) returned 0xffffffff [0237.641] SetLastError (dwErrCode=0x2) [0237.641] GetLastError () returned 0x2 [0237.641] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.641] LocalFree (hMem=0x92fe20) returned 0x0 [0237.641] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.641] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.643] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\prov\\runtime.xml")) returned 0x20 [0237.644] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33254968587) returned 1 [0237.644] GetCurrentThreadId () returned 0x1130 [0237.644] GetCurrentThreadId () returned 0x1130 [0237.644] GetCurrentThreadId () returned 0x1130 [0237.644] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HW`Q4QpSIq56(x:mv&W#>v7-aoi,n9Gr^iaxaw@1c№pjwzZ;", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0237.644] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HW`Q4QpSIq56(x:mv&W#>v7-aoi,n9Gr^iaxaw@1c№pjwzZ;", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0237.644] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HW`Q4QpSIq56(x:mv&W#>v7-aoi,n9Gr^iaxaw@1c№pjwzZ;", cchWideChar=48, lpMultiByteStr=0x25337d8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HW`Q4QpSIq56(x:mv&W#>v7-aoi,n9Gr^iaxaw@1câ\x84\x96pjwzZ;", lpUsedDefaultChar=0x0) returned 50 [0237.644] GetCurrentThreadId () returned 0x1130 [0237.644] GetCurrentThreadId () returned 0x1130 [0237.644] GetCurrentThreadId () returned 0x1130 [0237.644] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\prov\\runtime.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.644] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.644] GetCurrentThreadId () returned 0x1130 [0237.644] GetCurrentThreadId () returned 0x1130 [0237.644] GetCurrentThreadId () returned 0x1130 [0237.644] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] malloc (_Size=0x64) returned 0x1d1338 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] GetCurrentThreadId () returned 0x1130 [0237.645] free (_Block=0x1d1338) [0237.645] malloc (_Size=0x60) returned 0x1d1338 [0237.645] free (_Block=0x1d1338) [0237.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x102 [0237.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.646] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.646] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x102 [0237.646] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.646] ReadFile (in: hFile=0x404, lpBuffer=0x2437c98, nNumberOfBytesToRead=0x102, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x2437c98*, lpNumberOfBytesRead=0x19fbc8*=0x102, lpOverlapped=0x0) returned 1 [0237.647] malloc (_Size=0x8c) returned 0x1d1338 [0237.647] malloc (_Size=0xfc) returned 0x31d71b0 [0237.647] malloc (_Size=0x40) returned 0x1d14e8 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.647] malloc (_Size=0x40) returned 0x1d7470 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.647] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] malloc (_Size=0xc) returned 0x31e1eb0 [0237.648] malloc (_Size=0x20c) returned 0x31d2860 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] free (_Block=0x1d9aa8) [0237.648] free (_Block=0x1d14e8) [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.648] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] GetCurrentThreadId () returned 0x1130 [0237.649] free (_Block=0x31d2860) [0237.649] free (_Block=0x31e1eb0) [0237.649] free (_Block=0x1d7470) [0237.649] WriteFile (in: hFile=0x2b4, lpBuffer=0x2456078*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2456078*, lpNumberOfBytesWritten=0x19fbbc*=0x186, lpOverlapped=0x0) returned 1 [0237.650] free (_Block=0x31d71b0) [0237.650] free (_Block=0x1d1338) [0237.650] CloseHandle (hObject=0x2b4) returned 1 [0237.650] CloseHandle (hObject=0x404) returned 1 [0237.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.651] SetLastError (dwErrCode=0x0) [0237.651] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", lpFilePart=0x19f9f8*="RunTime.xml") returned 0x61 [0237.651] GetLastError () returned 0x0 [0237.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.651] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.651] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\prov")) returned 0x10 [0237.651] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\prov\\runtime.xml")) returned 1 [0237.652] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x264)) [0237.652] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.652] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.652] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.652] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.652] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.652] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.652] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.652] CloseHandle (hObject=0x404) returned 1 [0237.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[HW`Q4QpSIq56(x:mv&W#>v7-aoi,n9Gr^iaxaw@1c№pjwzZ;]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0237.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[HW`Q4QpSIq56(x:mv&W#>v7-aoi,n9Gr^iaxaw@1c№pjwzZ;]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0237.653] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[HW`Q4QpSIq56(x:mv&W#>v7-aoi,n9Gr^iaxaw@1c№pjwzZ;]", cchWideChar=73, lpMultiByteStr=0x252c6b0, cbMultiByte=73, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[RunTime.xml]omgp:[HW`Q4QpSIq56(x:mv&W#>v7-aoi,n9Gr^iaxaw@1c?pjwzZ;]", lpUsedDefaultChar=0x0) returned 73 [0237.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.659] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI=") returned 172 [0237.659] GetCurrentThreadId () returned 0x1130 [0237.659] GetCurrentThreadId () returned 0x1130 [0237.659] GetCurrentThreadId () returned 0x1130 [0237.659] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.659] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.659] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.659] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.659] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.659] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.659] SetLastError (dwErrCode=0x0) [0237.659] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320") returned 0xa1 [0237.659] GetLastError () returned 0x0 [0237.659] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.659] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.659] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.660] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\prov")) returned 0x10 [0237.660] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].wannacash ncov v310320")) returned 0x20 [0237.660] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [130].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.660] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.660] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.660] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x186 [0237.660] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.660] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.660] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.660] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.660] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.660] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.660] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.661] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3") returned 197 [0237.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.661] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3") returned 197 [0237.661] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x186 [0237.661] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.661] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.661] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rrQM+6dsQ9o5TbnlpfXuSga5V39bpkzwPDBO393UBz5a4Jyg3MayMq0nu6bL9xRKgTjj9NOBf/eHusQ2eKe0Nb59hUAbk45WmrHkwDh4jWIt340WkLfhr+A0K9MMx6vOY3mAalnZ4Weg9r6MR4KDygWfWBLmjLV923cD1x5KdQI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.661] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.662] CloseHandle (hObject=0x404) returned 1 [0237.662] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.662] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.662] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.662] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.662] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.662] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.662] SetLastError (dwErrCode=0x0) [0237.662] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", lpFilePart=0x19fa34*="RunTime.xml") returned 0x61 [0237.662] GetLastError () returned 0x0 [0237.662] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.662] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.662] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.662] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.662] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\prov")) returned 0x10 [0237.663] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\prov\\runtime.xml")) returned 0 [0237.663] GetLastError () returned 0x2 [0237.663] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\\prov\\runtime.xml")) returned 0xffffffff [0237.663] SetLastError (dwErrCode=0x2) [0237.663] GetLastError () returned 0x2 [0237.663] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.663] LocalFree (hMem=0x92fe20) returned 0x0 [0237.663] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.663] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.663] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml")) returned 0x20 [0237.664] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33256975694) returned 1 [0237.664] GetCurrentThreadId () returned 0x1130 [0237.664] GetCurrentThreadId () returned 0x1130 [0237.664] GetCurrentThreadId () returned 0x1130 [0237.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/}~5j8hdK><2>/fbT2*~F+@IdF)e@N#r=%Nd\"_#_Zd#", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0237.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/}~5j8hdK><2>/fbT2*~F+@IdF)e@N#r=%Nd\"_#_Zd#", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0237.664] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/}~5j8hdK><2>/fbT2*~F+@IdF)e@N#r=%Nd\"_#_Zd#", cchWideChar=43, lpMultiByteStr=0x2525040, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="/}~5j8hdK><2>/fbT2*~F+@IdF)e@N#r=%Nd\"_#_Zd#", lpUsedDefaultChar=0x0) returned 43 [0237.664] GetCurrentThreadId () returned 0x1130 [0237.664] GetCurrentThreadId () returned 0x1130 [0237.664] GetCurrentThreadId () returned 0x1130 [0237.664] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.664] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.670] GetCurrentThreadId () returned 0x1130 [0237.671] malloc (_Size=0x64) returned 0x1d1338 [0237.671] GetCurrentThreadId () returned 0x1130 [0237.671] GetCurrentThreadId () returned 0x1130 [0237.671] GetCurrentThreadId () returned 0x1130 [0237.671] GetCurrentThreadId () returned 0x1130 [0237.671] GetCurrentThreadId () returned 0x1130 [0237.671] GetCurrentThreadId () returned 0x1130 [0237.671] free (_Block=0x1d1338) [0237.671] malloc (_Size=0x60) returned 0x1d1338 [0237.671] free (_Block=0x1d1338) [0237.671] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.671] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8c7 [0237.671] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.671] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.671] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8c7 [0237.671] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.671] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x8c7, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x8c7, lpOverlapped=0x0) returned 1 [0237.727] malloc (_Size=0x8c) returned 0x1d1338 [0237.727] malloc (_Size=0xfc) returned 0x31d73c0 [0237.727] malloc (_Size=0x40) returned 0x1d14e8 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] GetCurrentThreadId () returned 0x1130 [0237.727] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.728] malloc (_Size=0x40) returned 0x1d7470 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] GetCurrentThreadId () returned 0x1130 [0237.728] malloc (_Size=0xc) returned 0x31e1ca0 [0237.728] malloc (_Size=0x720) returned 0x31d2860 [0237.728] malloc (_Size=0xe3c) returned 0x1da510 [0237.728] free (_Block=0x31d2860) [0237.728] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] free (_Block=0x1d9aa8) [0237.729] free (_Block=0x1d14e8) [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.729] GetCurrentThreadId () returned 0x1130 [0237.730] GetCurrentThreadId () returned 0x1130 [0237.730] GetCurrentThreadId () returned 0x1130 [0237.730] GetCurrentThreadId () returned 0x1130 [0237.730] GetCurrentThreadId () returned 0x1130 [0237.730] GetCurrentThreadId () returned 0x1130 [0237.730] GetCurrentThreadId () returned 0x1130 [0237.730] free (_Block=0x1da510) [0237.730] free (_Block=0x31e1ca0) [0237.730] free (_Block=0x1d7470) [0237.730] WriteFile (in: hFile=0x2b4, lpBuffer=0x24362d8*, nNumberOfBytesToWrite=0xc08, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesWritten=0x19fbbc*=0xc08, lpOverlapped=0x0) returned 1 [0237.731] free (_Block=0x31d73c0) [0237.731] free (_Block=0x1d1338) [0237.731] CloseHandle (hObject=0x2b4) returned 1 [0237.731] CloseHandle (hObject=0x404) returned 1 [0237.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=8) returned 1 [0237.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=4) returned 1 [0237.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=8) returned 1 [0237.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=4) returned 1 [0237.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=8) returned 1 [0237.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=4) returned 1 [0237.732] SetLastError (dwErrCode=0x0) [0237.732] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", lpFilePart=0x19f9f8*="customizations.xml") returned 0x63 [0237.732] GetLastError () returned 0x0 [0237.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=8) returned 1 [0237.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=4) returned 1 [0237.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=8) returned 1 [0237.732] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=4) returned 1 [0237.732] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}")) returned 0x10 [0237.732] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml")) returned 1 [0237.735] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x2c2)) [0237.736] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.736] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.736] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.736] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.736] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.736] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.736] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.736] CloseHandle (hObject=0x404) returned 1 [0237.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[/}~5j8hdK><2>/fbT2*~F+@IdF)e@N#r=%Nd\"_#_Zd#]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0237.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[/}~5j8hdK><2>/fbT2*~F+@IdF)e@N#r=%Nd\"_#_Zd#]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0237.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[/}~5j8hdK><2>/fbT2*~F+@IdF)e@N#r=%Nd\"_#_Zd#]", cchWideChar=75, lpMultiByteStr=0x252c6b0, cbMultiByte=75, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[customizations.xml]omgp:[/}~5j8hdK><2>/fbT2*~F+@IdF)e@N#r=%Nd\"_#_Zd#]", lpUsedDefaultChar=0x0) returned 75 [0237.743] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.743] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo=") returned 172 [0237.743] GetCurrentThreadId () returned 0x1130 [0237.743] GetCurrentThreadId () returned 0x1130 [0237.743] GetCurrentThreadId () returned 0x1130 [0237.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.743] SetLastError (dwErrCode=0x0) [0237.743] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320") returned 0x9c [0237.743] GetLastError () returned 0x0 [0237.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.743] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}")) returned 0x10 [0237.743] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].wannacash ncov v310320")) returned 0x20 [0237.744] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [131].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.744] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.744] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.744] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xc08 [0237.744] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.744] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.744] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.744] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3") returned 197 [0237.744] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.744] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3") returned 197 [0237.744] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xc08 [0237.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.745] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.745] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:HvsgGT/yzEJwCBVcv9puf3aIK8lwBOk/6QxMyLtQy2yR5UnPYt1pQ4i1zmB+C3JlZH+1f0B/KzF3ozvBxYgwQzLEv1cKZxOnHtFKu5+uFRb3HGnJxgQDanjUB5pfJIWbtcQPHV1W9AJ1VJtzgDHC+bNdfKfC0FM+28wfQJn7Xoo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.745] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.745] CloseHandle (hObject=0x404) returned 1 [0237.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=8) returned 1 [0237.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=4) returned 1 [0237.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=8) returned 1 [0237.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=4) returned 1 [0237.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=8) returned 1 [0237.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=4) returned 1 [0237.745] SetLastError (dwErrCode=0x0) [0237.745] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", lpFilePart=0x19fa34*="customizations.xml") returned 0x63 [0237.745] GetLastError () returned 0x0 [0237.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=8) returned 1 [0237.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=4) returned 1 [0237.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=8) returned 1 [0237.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml", cchCount2=4) returned 1 [0237.745] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}")) returned 0x10 [0237.745] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml")) returned 0 [0237.746] GetLastError () returned 0x2 [0237.746] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\customizations.xml")) returned 0xffffffff [0237.746] SetLastError (dwErrCode=0x2) [0237.746] GetLastError () returned 0x2 [0237.746] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.746] LocalFree (hMem=0x92fe20) returned 0x0 [0237.746] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.746] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.747] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\masterdatastore.xml")) returned 0x20 [0237.747] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33265310246) returned 1 [0237.747] GetCurrentThreadId () returned 0x1130 [0237.747] GetCurrentThreadId () returned 0x1130 [0237.747] GetCurrentThreadId () returned 0x1130 [0237.747] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2+z^,_s}№/\\Z#)Om$xDW*J9;$t`ZJ}XW,+y", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0237.747] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2+z^,_s}№/\\Z#)Om$xDW*J9;$t`ZJ}XW,+y", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0237.747] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2+z^,_s}№/\\Z#)Om$xDW*J9;$t`ZJ}XW,+y", cchWideChar=35, lpMultiByteStr=0x2524fd0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="2+z^,_s}â\x84\x96/\\Z#)Om$xDW*J9;$t`ZJ}XW,+y", lpUsedDefaultChar=0x0) returned 37 [0237.747] GetCurrentThreadId () returned 0x1130 [0237.747] GetCurrentThreadId () returned 0x1130 [0237.747] GetCurrentThreadId () returned 0x1130 [0237.747] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\masterdatastore.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.748] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] malloc (_Size=0x64) returned 0x1d1338 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.748] GetCurrentThreadId () returned 0x1130 [0237.749] GetCurrentThreadId () returned 0x1130 [0237.749] free (_Block=0x1d1338) [0237.749] malloc (_Size=0x60) returned 0x1d1338 [0237.749] free (_Block=0x1d1338) [0237.749] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.749] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0237.749] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.749] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.749] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0237.749] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.749] ReadFile (in: hFile=0x404, lpBuffer=0x247e808, nNumberOfBytesToRead=0x10f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x247e808*, lpNumberOfBytesRead=0x19fbc8*=0x10f, lpOverlapped=0x0) returned 1 [0237.750] malloc (_Size=0x8c) returned 0x1d1338 [0237.750] malloc (_Size=0xfc) returned 0x31d77e0 [0237.750] malloc (_Size=0x40) returned 0x1d14e8 [0237.750] GetCurrentThreadId () returned 0x1130 [0237.750] GetCurrentThreadId () returned 0x1130 [0237.750] GetCurrentThreadId () returned 0x1130 [0237.750] GetCurrentThreadId () returned 0x1130 [0237.750] GetCurrentThreadId () returned 0x1130 [0237.750] GetCurrentThreadId () returned 0x1130 [0237.750] GetCurrentThreadId () returned 0x1130 [0237.750] GetCurrentThreadId () returned 0x1130 [0237.750] GetCurrentThreadId () returned 0x1130 [0237.750] GetCurrentThreadId () returned 0x1130 [0237.750] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.751] malloc (_Size=0x40) returned 0x1d7470 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] malloc (_Size=0xc) returned 0x31e1ca0 [0237.751] malloc (_Size=0x20c) returned 0x31d2860 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.751] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] free (_Block=0x1d9aa8) [0237.752] free (_Block=0x1d14e8) [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] GetCurrentThreadId () returned 0x1130 [0237.752] free (_Block=0x31d2860) [0237.752] free (_Block=0x31e1ca0) [0237.752] free (_Block=0x1d7470) [0237.752] WriteFile (in: hFile=0x2b4, lpBuffer=0x2456078*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2456078*, lpNumberOfBytesWritten=0x19fbbc*=0x186, lpOverlapped=0x0) returned 1 [0237.754] free (_Block=0x31d77e0) [0237.754] free (_Block=0x1d1338) [0237.754] CloseHandle (hObject=0x2b4) returned 1 [0237.755] CloseHandle (hObject=0x404) returned 1 [0237.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.755] SetLastError (dwErrCode=0x0) [0237.755] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", lpFilePart=0x19f9f8*="MasterDatastore.xml") returned 0x64 [0237.755] GetLastError () returned 0x0 [0237.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.755] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}")) returned 0x10 [0237.755] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\masterdatastore.xml")) returned 1 [0237.757] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x2d3)) [0237.757] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.757] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.757] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.757] CloseHandle (hObject=0x404) returned 1 [0237.757] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[2+z^,_s}№/\\Z#)Om$xDW*J9;$t`ZJ}XW,+y]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0237.757] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[2+z^,_s}№/\\Z#)Om$xDW*J9;$t`ZJ}XW,+y]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0237.757] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[2+z^,_s}№/\\Z#)Om$xDW*J9;$t`ZJ}XW,+y]", cchWideChar=68, lpMultiByteStr=0x2541be8, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[MasterDatastore.xml]omgp:[2+z^,_s}?/\\Z#)Om$xDW*J9;$t`ZJ}XW,+y]\x81\x1cT\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 68 [0237.763] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.763] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM=") returned 172 [0237.763] GetCurrentThreadId () returned 0x1130 [0237.763] GetCurrentThreadId () returned 0x1130 [0237.763] GetCurrentThreadId () returned 0x1130 [0237.763] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.763] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.764] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.764] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.764] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.764] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.764] SetLastError (dwErrCode=0x0) [0237.764] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320") returned 0x9c [0237.764] GetLastError () returned 0x0 [0237.764] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.764] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.764] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.764] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.764] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}")) returned 0x10 [0237.764] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].wannacash ncov v310320")) returned 0x20 [0237.764] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [132].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.764] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.764] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.764] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x186 [0237.765] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.765] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.765] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.765] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.765] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.765] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.765] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.765] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.765] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.765] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3") returned 197 [0237.765] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.765] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3") returned 197 [0237.765] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x186 [0237.765] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.765] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.765] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:9ZBviu5E+U3z9PCTSGGJRc4NAd5aDpCQ1wjFzgGxqLtxEwrqZiwmeJU/Zhc3dD2RwMOWhR4UwYGXubA68fXGQO4dtRBgrJTnlgwFG5mU7f1Vph1bndvVW1CmpZBl6oIHFHaMySu58AW9m5T0TuiWaTZzCkcyoAPGaH5ZLAXeMFM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.765] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.770] CloseHandle (hObject=0x404) returned 1 [0237.770] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.770] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.770] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.770] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.770] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.770] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.770] SetLastError (dwErrCode=0x0) [0237.770] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", lpFilePart=0x19fa34*="MasterDatastore.xml") returned 0x64 [0237.770] GetLastError () returned 0x0 [0237.770] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.770] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.770] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.770] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.771] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}")) returned 0x10 [0237.771] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\masterdatastore.xml")) returned 0 [0237.771] GetLastError () returned 0x2 [0237.771] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\masterdatastore.xml")) returned 0xffffffff [0237.771] SetLastError (dwErrCode=0x2) [0237.771] GetLastError () returned 0x2 [0237.771] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.771] LocalFree (hMem=0x92fe20) returned 0x0 [0237.771] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.771] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.771] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\prov\\runtime.xml")) returned 0x20 [0237.772] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33267780376) returned 1 [0237.772] GetCurrentThreadId () returned 0x1130 [0237.772] GetCurrentThreadId () returned 0x1130 [0237.772] GetCurrentThreadId () returned 0x1130 [0237.772] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9+d5&TNA94*5X?_)a$cBMDf`(za!(L>h8(waFI:8R.", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0237.772] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9+d5&TNA94*5X?_)a$cBMDf`(za!(L>h8(waFI:8R.", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0237.772] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9+d5&TNA94*5X?_)a$cBMDf`(za!(L>h8(waFI:8R.", cchWideChar=42, lpMultiByteStr=0x2525040, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9+d5&TNA94*5X?_)a$cBMDf`(za!(L>h8(waFI:8R.", lpUsedDefaultChar=0x0) returned 42 [0237.772] GetCurrentThreadId () returned 0x1130 [0237.772] GetCurrentThreadId () returned 0x1130 [0237.772] GetCurrentThreadId () returned 0x1130 [0237.772] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\prov\\runtime.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.772] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] malloc (_Size=0x64) returned 0x1d1338 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] GetCurrentThreadId () returned 0x1130 [0237.773] free (_Block=0x1d1338) [0237.773] malloc (_Size=0x60) returned 0x1d1338 [0237.773] free (_Block=0x1d1338) [0237.773] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.773] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1cc [0237.774] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.774] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.774] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1cc [0237.774] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.774] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x1cc, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x1cc, lpOverlapped=0x0) returned 1 [0237.775] malloc (_Size=0x8c) returned 0x1d1338 [0237.775] malloc (_Size=0xfc) returned 0x31d73c0 [0237.775] malloc (_Size=0x40) returned 0x1d14e8 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.775] malloc (_Size=0x40) returned 0x1d7470 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.775] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] malloc (_Size=0xc) returned 0x31e1ca0 [0237.776] malloc (_Size=0x364) returned 0x31d2860 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] free (_Block=0x1d9aa8) [0237.776] free (_Block=0x1d14e8) [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.776] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] GetCurrentThreadId () returned 0x1130 [0237.777] free (_Block=0x31d2860) [0237.777] free (_Block=0x31e1ca0) [0237.777] free (_Block=0x1d7470) [0237.777] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd9f8*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd9f8*, lpNumberOfBytesWritten=0x19fbbc*=0x28a, lpOverlapped=0x0) returned 1 [0237.778] free (_Block=0x31d73c0) [0237.778] free (_Block=0x1d1338) [0237.778] CloseHandle (hObject=0x2b4) returned 1 [0237.778] CloseHandle (hObject=0x404) returned 1 [0237.779] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.779] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.779] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.779] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.779] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.779] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.779] SetLastError (dwErrCode=0x0) [0237.779] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", lpFilePart=0x19f9f8*="RunTime.xml") returned 0x61 [0237.779] GetLastError () returned 0x0 [0237.779] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.779] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.779] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.779] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.779] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\prov")) returned 0x10 [0237.779] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\prov\\runtime.xml")) returned 1 [0237.780] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x2e1)) [0237.780] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.780] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.780] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.781] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.781] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.781] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.781] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.781] CloseHandle (hObject=0x404) returned 1 [0237.781] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[9+d5&TNA94*5X?_)a$cBMDf`(za!(L>h8(waFI:8R.]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0237.781] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[9+d5&TNA94*5X?_)a$cBMDf`(za!(L>h8(waFI:8R.]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0237.781] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[9+d5&TNA94*5X?_)a$cBMDf`(za!(L>h8(waFI:8R.]", cchWideChar=67, lpMultiByteStr=0x2541be8, cbMultiByte=67, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[RunTime.xml]omgp:[9+d5&TNA94*5X?_)a$cBMDf`(za!(L>h8(waFI:8R.]", lpUsedDefaultChar=0x0) returned 67 [0237.790] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.790] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ=") returned 172 [0237.790] GetCurrentThreadId () returned 0x1130 [0237.790] GetCurrentThreadId () returned 0x1130 [0237.790] GetCurrentThreadId () returned 0x1130 [0237.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.790] SetLastError (dwErrCode=0x0) [0237.790] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320") returned 0xa1 [0237.790] GetLastError () returned 0x0 [0237.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.791] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\prov")) returned 0x10 [0237.791] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].wannacash ncov v310320")) returned 0x20 [0237.791] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [133].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.791] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.791] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.791] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x28a [0237.791] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.791] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.791] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.792] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.792] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.792] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.792] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.792] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.792] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.792] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3") returned 197 [0237.792] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.792] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3") returned 197 [0237.792] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x28a [0237.792] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.792] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.792] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:HpOZmxdd6Ija4mPuyYc/TLbWiYcapqNZ3D+/FGsiLoENpJdrtdAcnnVNyD4EHCWDVSlAje27x6THyfa5vs2CdlUZAsr9pf7sRgVF5lS7IzYzCnjjERIOWR1eyAukxYpvCiPZ5jN57uOQ0ivAn2K/81EcwJ5m+MfrWMbmNryqMEQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.792] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.792] CloseHandle (hObject=0x404) returned 1 [0237.792] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.792] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.792] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.792] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.792] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.792] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.792] SetLastError (dwErrCode=0x0) [0237.793] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", lpFilePart=0x19fa34*="RunTime.xml") returned 0x61 [0237.793] GetLastError () returned 0x0 [0237.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.793] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\prov")) returned 0x10 [0237.793] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\prov\\runtime.xml")) returned 0 [0237.793] GetLastError () returned 0x2 [0237.793] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{99b095d8-5959-4820-bea7-7448c8427b4e}\\prov\\runtime.xml")) returned 0xffffffff [0237.793] SetLastError (dwErrCode=0x2) [0237.793] GetLastError () returned 0x2 [0237.793] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.793] LocalFree (hMem=0x92fe20) returned 0x0 [0237.793] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.793] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.794] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml")) returned 0x20 [0237.794] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33270003637) returned 1 [0237.794] GetCurrentThreadId () returned 0x1130 [0237.794] GetCurrentThreadId () returned 0x1130 [0237.794] GetCurrentThreadId () returned 0x1130 [0237.794] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$:t/;/tCv>№kUbl№J:bV?uyO9=|2№8*wd}Sb7I&C4xd", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0237.794] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$:t/;/tCv>№kUbl№J:bV?uyO9=|2№8*wd}Sb7I&C4xd", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0237.794] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$:t/;/tCv>№kUbl№J:bV?uyO9=|2№8*wd}Sb7I&C4xd", cchWideChar=43, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$:t/;/tCv>â\x84\x96kUblâ\x84\x96J:bV?uyO9=|2â\x84\x968*wd}Sb7I&C4xd", lpUsedDefaultChar=0x0) returned 49 [0237.794] GetCurrentThreadId () returned 0x1130 [0237.794] GetCurrentThreadId () returned 0x1130 [0237.794] GetCurrentThreadId () returned 0x1130 [0237.794] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.794] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.796] malloc (_Size=0x64) returned 0x1d1338 [0237.796] GetCurrentThreadId () returned 0x1130 [0237.797] GetCurrentThreadId () returned 0x1130 [0237.797] GetCurrentThreadId () returned 0x1130 [0237.797] GetCurrentThreadId () returned 0x1130 [0237.797] GetCurrentThreadId () returned 0x1130 [0237.797] GetCurrentThreadId () returned 0x1130 [0237.797] free (_Block=0x1d1338) [0237.797] malloc (_Size=0x60) returned 0x1d1338 [0237.797] free (_Block=0x1d1338) [0237.797] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.797] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1cc1 [0237.797] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.797] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.797] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1cc1 [0237.797] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.797] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x1cc1, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x1cc1, lpOverlapped=0x0) returned 1 [0237.915] malloc (_Size=0x8c) returned 0x1d1338 [0237.915] malloc (_Size=0xfc) returned 0x31d78e8 [0237.915] malloc (_Size=0x40) returned 0x1d14e8 [0237.915] GetCurrentThreadId () returned 0x1130 [0237.915] GetCurrentThreadId () returned 0x1130 [0237.915] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.916] malloc (_Size=0x40) returned 0x1d7470 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] GetCurrentThreadId () returned 0x1130 [0237.916] malloc (_Size=0xc) returned 0x31e1dc0 [0237.916] malloc (_Size=0x720) returned 0x31d2860 [0237.916] malloc (_Size=0xe3c) returned 0x1da510 [0237.917] free (_Block=0x31d2860) [0237.917] malloc (_Size=0x15ac) returned 0x1db358 [0237.917] free (_Block=0x1da510) [0237.917] malloc (_Size=0x23e4) returned 0x1dc910 [0237.917] free (_Block=0x1db358) [0237.917] malloc (_Size=0x3274) returned 0x31e40b0 [0237.918] free (_Block=0x1dc910) [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.918] GetCurrentThreadId () returned 0x1130 [0237.919] GetCurrentThreadId () returned 0x1130 [0237.919] GetCurrentThreadId () returned 0x1130 [0237.919] GetCurrentThreadId () returned 0x1130 [0237.919] GetCurrentThreadId () returned 0x1130 [0237.919] free (_Block=0x1d9aa8) [0237.919] free (_Block=0x1d14e8) [0237.919] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] GetCurrentThreadId () returned 0x1130 [0237.920] free (_Block=0x31e40b0) [0237.921] free (_Block=0x31e1dc0) [0237.921] free (_Block=0x1d7470) [0237.921] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba208*, nNumberOfBytesToWrite=0x271a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba208*, lpNumberOfBytesWritten=0x19fbbc*=0x271a, lpOverlapped=0x0) returned 1 [0237.922] free (_Block=0x31d78e8) [0237.922] free (_Block=0x1d1338) [0237.922] CloseHandle (hObject=0x2b4) returned 1 [0237.923] CloseHandle (hObject=0x404) returned 1 [0237.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=8) returned 1 [0237.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=4) returned 1 [0237.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=8) returned 1 [0237.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=4) returned 1 [0237.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=8) returned 1 [0237.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=4) returned 1 [0237.923] SetLastError (dwErrCode=0x0) [0237.924] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", lpFilePart=0x19f9f8*="customizations.xml") returned 0x63 [0237.924] GetLastError () returned 0x0 [0237.924] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=8) returned 1 [0237.924] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=4) returned 1 [0237.924] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=8) returned 1 [0237.924] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=4) returned 1 [0237.924] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}")) returned 0x10 [0237.924] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml")) returned 1 [0237.925] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x37d)) [0237.925] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.925] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.925] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.925] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.925] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.925] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.925] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.926] CloseHandle (hObject=0x404) returned 1 [0237.926] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[$:t/;/tCv>№kUbl№J:bV?uyO9=|2№8*wd}Sb7I&C4xd]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0237.926] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[$:t/;/tCv>№kUbl№J:bV?uyO9=|2№8*wd}Sb7I&C4xd]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0237.926] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[$:t/;/tCv>№kUbl№J:bV?uyO9=|2№8*wd}Sb7I&C4xd]", cchWideChar=75, lpMultiByteStr=0x252c6b0, cbMultiByte=75, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[customizations.xml]omgp:[$:t/;/tCv>?kUbl?J:bV?uyO9=|2?8*wd}Sb7I&C4xd]", lpUsedDefaultChar=0x0) returned 75 [0237.932] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.932] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA=") returned 172 [0237.932] GetCurrentThreadId () returned 0x1130 [0237.932] GetCurrentThreadId () returned 0x1130 [0237.932] GetCurrentThreadId () returned 0x1130 [0237.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.932] SetLastError (dwErrCode=0x0) [0237.932] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320") returned 0x9c [0237.932] GetLastError () returned 0x0 [0237.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.932] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}")) returned 0x10 [0237.932] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].wannacash ncov v310320")) returned 0x20 [0237.932] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [134].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.933] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.933] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.933] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x271a [0237.933] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.933] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.933] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.933] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.933] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.933] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.933] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.933] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.933] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.933] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3") returned 197 [0237.933] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.933] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3") returned 197 [0237.933] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x271a [0237.933] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.933] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.933] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PBST26rkFlwQEF3ixXUoDVvzENak7cEJd5njdxKNfXMCV1sLjaFy/etlcFgsb8IZL7LVVuqiRilNCAP0caoR3e9T2BcQ8paGj7lzA7GZFrHg6dql3Gb4WAtURzlAnGJRXNrhZLpQUW/1tF4xyvC3FIJLGtyh54PU23j7MRD95QA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.933] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.934] CloseHandle (hObject=0x404) returned 1 [0237.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=8) returned 1 [0237.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=4) returned 1 [0237.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=8) returned 1 [0237.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=4) returned 1 [0237.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=8) returned 1 [0237.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=4) returned 1 [0237.934] SetLastError (dwErrCode=0x0) [0237.934] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", lpFilePart=0x19fa34*="customizations.xml") returned 0x63 [0237.934] GetLastError () returned 0x0 [0237.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=8) returned 1 [0237.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=4) returned 1 [0237.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=8) returned 1 [0237.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml", cchCount2=4) returned 1 [0237.934] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}")) returned 0x10 [0237.934] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml")) returned 0 [0237.934] GetLastError () returned 0x2 [0237.934] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\customizations.xml")) returned 0xffffffff [0237.935] SetLastError (dwErrCode=0x2) [0237.935] GetLastError () returned 0x2 [0237.935] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.935] LocalFree (hMem=0x92fe20) returned 0x0 [0237.935] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.935] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.935] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\masterdatastore.xml")) returned 0x20 [0237.935] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33284157322) returned 1 [0237.936] GetCurrentThreadId () returned 0x1130 [0237.936] GetCurrentThreadId () returned 0x1130 [0237.936] GetCurrentThreadId () returned 0x1130 [0237.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$2w;1&&F7DmTrN~$qH}ZLXyF^;:+e-", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0237.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$2w;1&&F7DmTrN~$qH}ZLXyF^;:+e-", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0237.936] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$2w;1&&F7DmTrN~$qH}ZLXyF^;:+e-", cchWideChar=30, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$2w;1&&F7DmTrN~$qH}ZLXyF^;:+e-", lpUsedDefaultChar=0x0) returned 30 [0237.936] GetCurrentThreadId () returned 0x1130 [0237.936] GetCurrentThreadId () returned 0x1130 [0237.936] GetCurrentThreadId () returned 0x1130 [0237.936] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\masterdatastore.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.937] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] malloc (_Size=0x64) returned 0x1d1338 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.937] GetCurrentThreadId () returned 0x1130 [0237.938] GetCurrentThreadId () returned 0x1130 [0237.938] GetCurrentThreadId () returned 0x1130 [0237.938] GetCurrentThreadId () returned 0x1130 [0237.938] free (_Block=0x1d1338) [0237.938] malloc (_Size=0x60) returned 0x1d1338 [0237.938] free (_Block=0x1d1338) [0237.938] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.938] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0237.938] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.938] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.938] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0237.938] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.938] ReadFile (in: hFile=0x404, lpBuffer=0x247e808, nNumberOfBytesToRead=0x10f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x247e808*, lpNumberOfBytesRead=0x19fbc8*=0x10f, lpOverlapped=0x0) returned 1 [0237.940] malloc (_Size=0x8c) returned 0x1d1338 [0237.940] malloc (_Size=0xfc) returned 0x31d7d08 [0237.940] malloc (_Size=0x40) returned 0x1d14e8 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] GetCurrentThreadId () returned 0x1130 [0237.940] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.941] malloc (_Size=0x40) returned 0x1d7470 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] malloc (_Size=0xc) returned 0x31e1dc0 [0237.941] malloc (_Size=0x20c) returned 0x31d2860 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.941] GetCurrentThreadId () returned 0x1130 [0237.942] free (_Block=0x1d9aa8) [0237.942] free (_Block=0x1d14e8) [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] GetCurrentThreadId () returned 0x1130 [0237.942] free (_Block=0x31d2860) [0237.942] free (_Block=0x31e1dc0) [0237.942] free (_Block=0x1d7470) [0237.942] WriteFile (in: hFile=0x2b4, lpBuffer=0x2455ed8*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2455ed8*, lpNumberOfBytesWritten=0x19fbbc*=0x186, lpOverlapped=0x0) returned 1 [0237.943] free (_Block=0x31d7d08) [0237.943] free (_Block=0x1d1338) [0237.943] CloseHandle (hObject=0x2b4) returned 1 [0237.944] CloseHandle (hObject=0x404) returned 1 [0237.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.944] SetLastError (dwErrCode=0x0) [0237.944] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", lpFilePart=0x19f9f8*="MasterDatastore.xml") returned 0x64 [0237.944] GetLastError () returned 0x0 [0237.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.944] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}")) returned 0x10 [0237.944] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\masterdatastore.xml")) returned 1 [0237.945] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x38d)) [0237.945] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.945] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.946] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.946] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.946] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.946] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.946] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.946] CloseHandle (hObject=0x404) returned 1 [0237.946] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[$2w;1&&F7DmTrN~$qH}ZLXyF^;:+e-]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0237.946] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[$2w;1&&F7DmTrN~$qH}ZLXyF^;:+e-]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0237.946] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[$2w;1&&F7DmTrN~$qH}ZLXyF^;:+e-]", cchWideChar=63, lpMultiByteStr=0x2541d78, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[MasterDatastore.xml]omgp:[$2w;1&&F7DmTrN~$qH}ZLXyF^;:+e-]", lpUsedDefaultChar=0x0) returned 63 [0237.952] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.952] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo=") returned 172 [0237.952] GetCurrentThreadId () returned 0x1130 [0237.952] GetCurrentThreadId () returned 0x1130 [0237.952] GetCurrentThreadId () returned 0x1130 [0237.952] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.952] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.952] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.952] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.952] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.952] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.952] SetLastError (dwErrCode=0x0) [0237.952] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320") returned 0x9c [0237.952] GetLastError () returned 0x0 [0237.952] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.952] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.952] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.952] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.953] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}")) returned 0x10 [0237.953] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].wannacash ncov v310320")) returned 0x20 [0237.953] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [135].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.953] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.953] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.953] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x186 [0237.953] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.953] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.953] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.953] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3") returned 197 [0237.954] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.954] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3") returned 197 [0237.954] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x186 [0237.954] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.954] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.954] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:O9mOH0MzIGNYTnBzWtET3G7b9Fw4KkKwntWfiKYRPkTPhq3Sm7eJ/P+Yoaw+nz0JfF2CXtF62o+u0apVGfEqkgnUCFK5dsutRFmDZFpwIoheFgJrvW0iMTw5A/NzjRuPOCAqOKzIhdGa9h7W96imEEPizAJgDCkQZ+31hrzMXWo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.954] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.958] CloseHandle (hObject=0x404) returned 1 [0237.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.958] SetLastError (dwErrCode=0x0) [0237.958] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", lpFilePart=0x19fa34*="MasterDatastore.xml") returned 0x64 [0237.958] GetLastError () returned 0x0 [0237.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=8) returned 1 [0237.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml", cchCount2=4) returned 1 [0237.958] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}")) returned 0x10 [0237.958] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\masterdatastore.xml")) returned 0 [0237.958] GetLastError () returned 0x2 [0237.959] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\masterdatastore.xml")) returned 0xffffffff [0237.959] SetLastError (dwErrCode=0x2) [0237.959] GetLastError () returned 0x2 [0237.959] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.959] LocalFree (hMem=0x92fe20) returned 0x0 [0237.959] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.959] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.959] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\prov\\runtime.xml")) returned 0x20 [0237.959] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33286550034) returned 1 [0237.959] GetCurrentThreadId () returned 0x1130 [0237.959] GetCurrentThreadId () returned 0x1130 [0237.959] GetCurrentThreadId () returned 0x1130 [0237.959] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@ad;KXU`Ic>jkgBL9g>$XWw~uQSAU(GT}:dU%A+aWq*aeZ", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0237.960] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@ad;KXU`Ic>jkgBL9g>$XWw~uQSAU(GT}:dU%A+aWq*aeZ", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0237.960] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@ad;KXU`Ic>jkgBL9g>$XWw~uQSAU(GT}:dU%A+aWq*aeZ", cchWideChar=46, lpMultiByteStr=0x25337d8, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="@ad;KXU`Ic>jkgBL9g>$XWw~uQSAU(GT}:dU%A+aWq*aeZ", lpUsedDefaultChar=0x0) returned 46 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\prov\\runtime.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.960] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.960] GetCurrentThreadId () returned 0x1130 [0237.961] GetCurrentThreadId () returned 0x1130 [0237.961] GetCurrentThreadId () returned 0x1130 [0237.961] GetCurrentThreadId () returned 0x1130 [0237.961] malloc (_Size=0x64) returned 0x1d1338 [0237.961] GetCurrentThreadId () returned 0x1130 [0237.961] GetCurrentThreadId () returned 0x1130 [0237.961] GetCurrentThreadId () returned 0x1130 [0237.961] GetCurrentThreadId () returned 0x1130 [0237.961] GetCurrentThreadId () returned 0x1130 [0237.961] GetCurrentThreadId () returned 0x1130 [0237.961] free (_Block=0x1d1338) [0237.961] malloc (_Size=0x60) returned 0x1d1338 [0237.961] free (_Block=0x1d1338) [0237.961] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.961] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1cc [0237.961] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.961] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.961] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1cc [0237.961] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.961] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x1cc, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x1cc, lpOverlapped=0x0) returned 1 [0237.962] malloc (_Size=0x8c) returned 0x1d1338 [0237.963] malloc (_Size=0xfc) returned 0x31d74c8 [0237.963] malloc (_Size=0x40) returned 0x1d14e8 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] malloc (_Size=0xa5c) returned 0x1d9aa8 [0237.963] malloc (_Size=0x40) returned 0x1d7470 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.963] malloc (_Size=0xc) returned 0x31e1ee0 [0237.963] malloc (_Size=0x364) returned 0x31d2860 [0237.963] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] free (_Block=0x1d9aa8) [0237.964] free (_Block=0x1d14e8) [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.964] GetCurrentThreadId () returned 0x1130 [0237.965] GetCurrentThreadId () returned 0x1130 [0237.965] GetCurrentThreadId () returned 0x1130 [0237.965] GetCurrentThreadId () returned 0x1130 [0237.965] free (_Block=0x31d2860) [0237.965] free (_Block=0x31e1ee0) [0237.965] free (_Block=0x1d7470) [0237.965] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd9f8*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd9f8*, lpNumberOfBytesWritten=0x19fbbc*=0x28a, lpOverlapped=0x0) returned 1 [0237.966] free (_Block=0x31d74c8) [0237.966] free (_Block=0x1d1338) [0237.966] CloseHandle (hObject=0x2b4) returned 1 [0237.966] CloseHandle (hObject=0x404) returned 1 [0237.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.966] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.966] SetLastError (dwErrCode=0x0) [0237.966] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", lpFilePart=0x19f9f8*="RunTime.xml") returned 0x61 [0237.967] GetLastError () returned 0x0 [0237.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.967] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.967] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\prov")) returned 0x10 [0237.967] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\prov\\runtime.xml")) returned 1 [0237.968] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xd, wMilliseconds=0x39d)) [0237.968] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0237.968] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.968] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0237.968] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.968] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0237.968] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0237.968] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0237.969] CloseHandle (hObject=0x404) returned 1 [0237.969] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[@ad;KXU`Ic>jkgBL9g>$XWw~uQSAU(GT}:dU%A+aWq*aeZ]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0237.969] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[@ad;KXU`Ic>jkgBL9g>$XWw~uQSAU(GT}:dU%A+aWq*aeZ]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0237.969] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[@ad;KXU`Ic>jkgBL9g>$XWw~uQSAU(GT}:dU%A+aWq*aeZ]", cchWideChar=71, lpMultiByteStr=0x252c6b0, cbMultiByte=71, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[RunTime.xml]omgp:[@ad;KXU`Ic>jkgBL9g>$XWw~uQSAU(GT}:dU%A+aWq*aeZ]", lpUsedDefaultChar=0x0) returned 71 [0237.975] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0237.975] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo=") returned 172 [0237.975] GetCurrentThreadId () returned 0x1130 [0237.975] GetCurrentThreadId () returned 0x1130 [0237.975] GetCurrentThreadId () returned 0x1130 [0237.975] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.975] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.975] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.975] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.975] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.975] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.975] SetLastError (dwErrCode=0x0) [0237.975] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320") returned 0xa1 [0237.975] GetLastError () returned 0x0 [0237.975] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.975] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.975] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0237.975] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0237.975] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\prov")) returned 0x10 [0237.976] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].wannacash ncov v310320")) returned 0x20 [0237.976] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [136].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.976] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0237.976] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.976] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x28a [0237.976] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0237.976] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0237.976] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.976] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.976] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.976] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.976] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.976] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.976] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.976] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3") returned 197 [0237.976] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0237.977] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3") returned 197 [0237.977] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x28a [0237.977] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.977] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0237.977] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:HpPmNuKNxFV4Gu24OPJeB2fhiJWs58OmkfeTn1wxpFNzXqnTgM9NWjSygAP35vN7xeXK9igEvz5hUy9ZRmSN0bQmB37w9+m146BRU7lx0o+tpAguMG6QY+qgpAy5jsYRaXuaxVUVhzur2Fjo66NkozRsTYUslI9c+OeeBPamXRo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0237.977] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0237.977] CloseHandle (hObject=0x404) returned 1 [0237.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.977] SetLastError (dwErrCode=0x0) [0237.977] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", lpFilePart=0x19fa34*="RunTime.xml") returned 0x61 [0237.978] GetLastError () returned 0x0 [0237.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0237.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0237.978] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\prov")) returned 0x10 [0237.978] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\prov\\runtime.xml")) returned 0 [0237.978] GetLastError () returned 0x2 [0237.978] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\\prov\\runtime.xml")) returned 0xffffffff [0237.978] SetLastError (dwErrCode=0x2) [0237.978] GetLastError () returned 0x2 [0237.978] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0237.978] LocalFree (hMem=0x92fe20) returned 0x0 [0237.978] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0237.978] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0237.979] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml")) returned 0x20 [0237.980] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33288578646) returned 1 [0237.980] GetCurrentThreadId () returned 0x1130 [0237.980] GetCurrentThreadId () returned 0x1130 [0237.980] GetCurrentThreadId () returned 0x1130 [0237.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="otL~ed%PN\"EHW/|M(*s4~3`W=k\\6-#cVDo?;2U5ARmJ", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0237.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="otL~ed%PN\"EHW/|M(*s4~3`W=k\\6-#cVDo?;2U5ARmJ", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0237.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="otL~ed%PN\"EHW/|M(*s4~3`W=k\\6-#cVDo?;2U5ARmJ", cchWideChar=43, lpMultiByteStr=0x2525040, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="otL~ed%PN\"EHW/|M(*s4~3`W=k\\6-#cVDo?;2U5ARmJ", lpUsedDefaultChar=0x0) returned 43 [0237.980] GetCurrentThreadId () returned 0x1130 [0237.980] GetCurrentThreadId () returned 0x1130 [0237.980] GetCurrentThreadId () returned 0x1130 [0237.980] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0237.980] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] malloc (_Size=0x64) returned 0x1d1338 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] GetCurrentThreadId () returned 0x1130 [0237.981] free (_Block=0x1d1338) [0237.981] malloc (_Size=0x60) returned 0x1d1338 [0237.981] free (_Block=0x1d1338) [0237.981] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.982] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x85a [0237.982] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.982] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.982] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x85a [0237.982] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0237.982] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x85a, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x85a, lpOverlapped=0x0) returned 1 [0238.175] malloc (_Size=0x8c) returned 0x1d1338 [0238.175] malloc (_Size=0xfc) returned 0x31d78e8 [0238.175] malloc (_Size=0x40) returned 0x1d14e8 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.175] GetCurrentThreadId () returned 0x1130 [0238.176] malloc (_Size=0xa5c) returned 0x1d9aa8 [0238.176] malloc (_Size=0x40) returned 0x1d7470 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] malloc (_Size=0xc) returned 0x31e1e80 [0238.176] malloc (_Size=0x720) returned 0x31d2860 [0238.176] malloc (_Size=0xe3c) returned 0x1da510 [0238.176] free (_Block=0x31d2860) [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.176] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] free (_Block=0x1d9aa8) [0238.177] free (_Block=0x1d14e8) [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.177] GetCurrentThreadId () returned 0x1130 [0238.178] GetCurrentThreadId () returned 0x1130 [0238.178] GetCurrentThreadId () returned 0x1130 [0238.178] GetCurrentThreadId () returned 0x1130 [0238.178] GetCurrentThreadId () returned 0x1130 [0238.178] GetCurrentThreadId () returned 0x1130 [0238.178] GetCurrentThreadId () returned 0x1130 [0238.178] GetCurrentThreadId () returned 0x1130 [0238.178] GetCurrentThreadId () returned 0x1130 [0238.178] GetCurrentThreadId () returned 0x1130 [0238.178] free (_Block=0x1da510) [0238.178] free (_Block=0x31e1e80) [0238.178] free (_Block=0x1d7470) [0238.178] WriteFile (in: hFile=0x2b4, lpBuffer=0x24362d8*, nNumberOfBytesToWrite=0xb6d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesWritten=0x19fbbc*=0xb6d, lpOverlapped=0x0) returned 1 [0238.179] free (_Block=0x31d78e8) [0238.180] free (_Block=0x1d1338) [0238.180] CloseHandle (hObject=0x2b4) returned 1 [0238.180] CloseHandle (hObject=0x404) returned 1 [0238.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=8) returned 1 [0238.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=4) returned 1 [0238.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=8) returned 1 [0238.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=4) returned 1 [0238.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=8) returned 1 [0238.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=4) returned 1 [0238.180] SetLastError (dwErrCode=0x0) [0238.180] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", lpFilePart=0x19f9f8*="customizations.xml") returned 0x63 [0238.181] GetLastError () returned 0x0 [0238.181] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=8) returned 1 [0238.181] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=4) returned 1 [0238.181] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=8) returned 1 [0238.181] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=4) returned 1 [0238.181] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}")) returned 0x10 [0238.181] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml")) returned 1 [0238.182] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xe, wMilliseconds=0x8f)) [0238.182] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0238.182] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.183] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0238.183] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.183] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0238.183] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.183] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0238.183] CloseHandle (hObject=0x404) returned 1 [0238.183] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[otL~ed%PN\"EHW/|M(*s4~3`W=k\\6-#cVDo?;2U5ARmJ]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0238.183] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[otL~ed%PN\"EHW/|M(*s4~3`W=k\\6-#cVDo?;2U5ARmJ]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0238.183] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[otL~ed%PN\"EHW/|M(*s4~3`W=k\\6-#cVDo?;2U5ARmJ]", cchWideChar=75, lpMultiByteStr=0x252c6b0, cbMultiByte=75, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[customizations.xml]omgp:[otL~ed%PN\"EHW/|M(*s4~3`W=k\\6-#cVDo?;2U5ARmJ]", lpUsedDefaultChar=0x0) returned 75 [0238.192] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0238.192] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE=") returned 172 [0238.192] GetCurrentThreadId () returned 0x1130 [0238.192] GetCurrentThreadId () returned 0x1130 [0238.192] GetCurrentThreadId () returned 0x1130 [0238.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.192] SetLastError (dwErrCode=0x0) [0238.192] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320") returned 0x9c [0238.192] GetLastError () returned 0x0 [0238.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.193] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}")) returned 0x10 [0238.193] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].wannacash ncov v310320")) returned 0x20 [0238.193] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [137].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.193] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0238.193] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.193] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xb6d [0238.193] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.194] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0238.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.194] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.194] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.194] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.194] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.194] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3") returned 197 [0238.194] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.194] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3") returned 197 [0238.194] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xb6d [0238.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:3WCIj/v30oanqZZZuLxZt0LgcPLr6uBn1jSdNePwnd0nsvHCdVmJWFx9J0P6Fx6X2Ngu97BHze3opmFodDPi+5fE21hKQ775UAal2xLDF9rT10Ri+uiMTIhIlSM6Pqk4vX3FkXCCAByQQcOqA9L04deLhNNhIvHYGm56+KeBbxE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.194] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0238.195] CloseHandle (hObject=0x404) returned 1 [0238.195] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=8) returned 1 [0238.195] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=4) returned 1 [0238.195] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=8) returned 1 [0238.195] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=4) returned 1 [0238.195] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=8) returned 1 [0238.195] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=4) returned 1 [0238.195] SetLastError (dwErrCode=0x0) [0238.195] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", lpFilePart=0x19fa34*="customizations.xml") returned 0x63 [0238.195] GetLastError () returned 0x0 [0238.195] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=8) returned 1 [0238.195] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=4) returned 1 [0238.195] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=8) returned 1 [0238.195] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml", cchCount2=4) returned 1 [0238.195] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}")) returned 0x10 [0238.195] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml")) returned 0 [0238.196] GetLastError () returned 0x2 [0238.196] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\customizations.xml")) returned 0xffffffff [0238.196] SetLastError (dwErrCode=0x2) [0238.196] GetLastError () returned 0x2 [0238.196] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0238.196] LocalFree (hMem=0x92fe20) returned 0x0 [0238.196] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0238.196] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0238.196] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\\masterdatastore.xml")) returned 0x20 [0238.197] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33310289026) returned 1 [0238.197] GetCurrentThreadId () returned 0x1130 [0238.197] GetCurrentThreadId () returned 0x1130 [0238.197] GetCurrentThreadId () returned 0x1130 [0238.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="+C3%pBDVg№QamJHUPUe=zT", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0238.331] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=">\"2ZM4c3T+*1t$zEd*+ukL>UPUe=zT", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0238.331] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=">\"2ZM4c3T+*1t$zEd*+ukL>UPUe=zT", cchWideChar=30, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=">\"2ZM4c3T+*1t$zEd*+ukL>UPUe=zT", lpUsedDefaultChar=0x0) returned 30 [0238.331] GetCurrentThreadId () returned 0x1130 [0238.331] GetCurrentThreadId () returned 0x1130 [0238.331] GetCurrentThreadId () returned 0x1130 [0238.331] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\prov\\runtime.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.331] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] GetCurrentThreadId () returned 0x1130 [0238.332] malloc (_Size=0x64) returned 0x1d1338 [0238.333] GetCurrentThreadId () returned 0x1130 [0238.333] GetCurrentThreadId () returned 0x1130 [0238.333] GetCurrentThreadId () returned 0x1130 [0238.333] GetCurrentThreadId () returned 0x1130 [0238.333] GetCurrentThreadId () returned 0x1130 [0238.333] GetCurrentThreadId () returned 0x1130 [0238.333] free (_Block=0x1d1338) [0238.333] malloc (_Size=0x60) returned 0x1d1338 [0238.333] free (_Block=0x1d1338) [0238.333] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.333] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1cc [0238.333] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.333] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.333] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1cc [0238.333] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.333] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x1cc, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x1cc, lpOverlapped=0x0) returned 1 [0238.335] malloc (_Size=0x8c) returned 0x1d1338 [0238.335] malloc (_Size=0xfc) returned 0x31d75d0 [0238.335] malloc (_Size=0x40) returned 0x1d14e8 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] GetCurrentThreadId () returned 0x1130 [0238.335] malloc (_Size=0xa5c) returned 0x1d9aa8 [0238.335] malloc (_Size=0x40) returned 0x1d7470 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] malloc (_Size=0xc) returned 0x31e1d18 [0238.336] malloc (_Size=0x364) returned 0x31d2860 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.336] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] free (_Block=0x1d9aa8) [0238.337] free (_Block=0x1d14e8) [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] GetCurrentThreadId () returned 0x1130 [0238.337] free (_Block=0x31d2860) [0238.337] free (_Block=0x31e1d18) [0238.338] free (_Block=0x1d7470) [0238.338] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd9f8*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd9f8*, lpNumberOfBytesWritten=0x19fbbc*=0x28a, lpOverlapped=0x0) returned 1 [0238.339] free (_Block=0x31d75d0) [0238.339] free (_Block=0x1d1338) [0238.339] CloseHandle (hObject=0x2b4) returned 1 [0238.339] CloseHandle (hObject=0x404) returned 1 [0238.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.339] SetLastError (dwErrCode=0x0) [0238.340] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", lpFilePart=0x19f9f8*="RunTime.xml") returned 0x61 [0238.340] GetLastError () returned 0x0 [0238.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.340] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\prov")) returned 0x10 [0238.340] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\prov\\runtime.xml")) returned 1 [0238.341] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xe, wMilliseconds=0x12c)) [0238.341] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0238.341] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.341] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0238.341] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.341] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0238.342] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.342] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0238.342] CloseHandle (hObject=0x404) returned 1 [0238.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[>\"2ZM4c3T+*1t$zEd*+ukL>UPUe=zT]", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0238.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[>\"2ZM4c3T+*1t$zEd*+ukL>UPUe=zT]", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0238.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[>\"2ZM4c3T+*1t$zEd*+ukL>UPUe=zT]", cchWideChar=55, lpMultiByteStr=0x2516890, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[RunTime.xml]omgp:[>\"2ZM4c3T+*1t$zEd*+ukL>UPUe=zT]", lpUsedDefaultChar=0x0) returned 55 [0238.353] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0238.353] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU=") returned 172 [0238.353] GetCurrentThreadId () returned 0x1130 [0238.353] GetCurrentThreadId () returned 0x1130 [0238.353] GetCurrentThreadId () returned 0x1130 [0238.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.354] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.354] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.354] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.354] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.354] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.354] SetLastError (dwErrCode=0x0) [0238.354] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320") returned 0xa1 [0238.354] GetLastError () returned 0x0 [0238.354] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.354] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.354] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.354] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.354] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\prov")) returned 0x10 [0238.354] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].wannacash ncov v310320")) returned 0x20 [0238.355] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [142].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0238.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x28a [0238.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.355] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0238.355] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.355] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.355] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.355] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.355] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.355] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.355] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.356] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3") returned 197 [0238.356] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.356] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3") returned 197 [0238.356] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x28a [0238.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DbLY1rZDTcX+wJ7hOTlj+WCGQZO7mEcs6AcO9Jp+lqna5kAUZ9VnkrWRyZefK9ZwRzRO8nIXqFtGYuVee5b8J43lkHEaK+fSwLLyRU+F2vlWZZok4lcn7Zh3BxdZI4iT5tKZLXZiSJ68oVPsRVaAyshDEcFQ63lHCqTJXxpReVU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.356] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0238.356] CloseHandle (hObject=0x404) returned 1 [0238.356] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.356] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.357] SetLastError (dwErrCode=0x0) [0238.357] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", lpFilePart=0x19fa34*="RunTime.xml") returned 0x61 [0238.357] GetLastError () returned 0x0 [0238.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.357] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\prov")) returned 0x10 [0238.357] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\prov\\runtime.xml")) returned 0 [0238.357] GetLastError () returned 0x2 [0238.357] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\\prov\\runtime.xml")) returned 0xffffffff [0238.357] SetLastError (dwErrCode=0x2) [0238.357] GetLastError () returned 0x2 [0238.358] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0238.358] LocalFree (hMem=0x92fe20) returned 0x0 [0238.358] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0238.358] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0238.358] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml")) returned 0x20 [0238.358] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33326464588) returned 1 [0238.359] GetCurrentThreadId () returned 0x1130 [0238.359] GetCurrentThreadId () returned 0x1130 [0238.359] GetCurrentThreadId () returned 0x1130 [0238.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="~xOq*=3w+h$vmDG№P:cRPf+4>M2o\"6~qen|#BP", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0238.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="~xOq*=3w+h$vmDG№P:cRPf+4>M2o\"6~qen|#BP", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0238.359] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="~xOq*=3w+h$vmDG№P:cRPf+4>M2o\"6~qen|#BP", cchWideChar=38, lpMultiByteStr=0x2525040, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="~xOq*=3w+h$vmDGâ\x84\x96P:cRPf+4>M2o\"6~qen|#BP", lpUsedDefaultChar=0x0) returned 40 [0238.359] GetCurrentThreadId () returned 0x1130 [0238.359] GetCurrentThreadId () returned 0x1130 [0238.359] GetCurrentThreadId () returned 0x1130 [0238.359] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.359] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0238.363] GetCurrentThreadId () returned 0x1130 [0238.363] GetCurrentThreadId () returned 0x1130 [0238.363] GetCurrentThreadId () returned 0x1130 [0238.363] GetCurrentThreadId () returned 0x1130 [0238.363] GetCurrentThreadId () returned 0x1130 [0238.363] GetCurrentThreadId () returned 0x1130 [0238.363] GetCurrentThreadId () returned 0x1130 [0238.363] GetCurrentThreadId () returned 0x1130 [0238.363] GetCurrentThreadId () returned 0x1130 [0238.364] GetCurrentThreadId () returned 0x1130 [0238.364] GetCurrentThreadId () returned 0x1130 [0238.364] GetCurrentThreadId () returned 0x1130 [0238.364] GetCurrentThreadId () returned 0x1130 [0238.364] malloc (_Size=0x64) returned 0x1d1338 [0238.364] GetCurrentThreadId () returned 0x1130 [0238.364] GetCurrentThreadId () returned 0x1130 [0238.364] GetCurrentThreadId () returned 0x1130 [0238.364] GetCurrentThreadId () returned 0x1130 [0238.364] GetCurrentThreadId () returned 0x1130 [0238.364] GetCurrentThreadId () returned 0x1130 [0238.364] free (_Block=0x1d1338) [0238.364] malloc (_Size=0x60) returned 0x1d1338 [0238.364] free (_Block=0x1d1338) [0238.364] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.364] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x67b [0238.365] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.365] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.365] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x67b [0238.365] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.365] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x67b, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x67b, lpOverlapped=0x0) returned 1 [0238.367] malloc (_Size=0x8c) returned 0x1d1338 [0238.367] malloc (_Size=0xfc) returned 0x31d73c0 [0238.367] malloc (_Size=0x40) returned 0x1d14e8 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.367] GetCurrentThreadId () returned 0x1130 [0238.368] malloc (_Size=0xa5c) returned 0x1d9aa8 [0238.368] malloc (_Size=0x40) returned 0x1d7470 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] malloc (_Size=0xc) returned 0x31e1d18 [0238.368] malloc (_Size=0x720) returned 0x31d2860 [0238.368] malloc (_Size=0xbdc) returned 0x1da510 [0238.368] free (_Block=0x31d2860) [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.368] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] free (_Block=0x1d9aa8) [0238.369] free (_Block=0x1d14e8) [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] GetCurrentThreadId () returned 0x1130 [0238.369] free (_Block=0x1da510) [0238.369] free (_Block=0x31e1d18) [0238.369] free (_Block=0x1d7470) [0238.369] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c66f8*, nNumberOfBytesToWrite=0x8e3, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c66f8*, lpNumberOfBytesWritten=0x19fbbc*=0x8e3, lpOverlapped=0x0) returned 1 [0238.370] free (_Block=0x31d73c0) [0238.370] free (_Block=0x1d1338) [0238.370] CloseHandle (hObject=0x2b4) returned 1 [0238.371] CloseHandle (hObject=0x404) returned 1 [0238.371] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=8) returned 1 [0238.371] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=4) returned 1 [0238.371] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=8) returned 1 [0238.371] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=4) returned 1 [0238.371] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=8) returned 1 [0238.371] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=4) returned 1 [0238.371] SetLastError (dwErrCode=0x0) [0238.371] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", lpFilePart=0x19f9f8*="customizations.xml") returned 0x63 [0238.371] GetLastError () returned 0x0 [0238.371] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=8) returned 1 [0238.371] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=4) returned 1 [0238.371] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=8) returned 1 [0238.371] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=4) returned 1 [0238.371] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}")) returned 0x10 [0238.372] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml")) returned 1 [0238.373] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xe, wMilliseconds=0x14b)) [0238.373] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0238.373] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.373] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0238.374] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.374] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0238.374] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.374] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0238.374] CloseHandle (hObject=0x404) returned 1 [0238.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[~xOq*=3w+h$vmDG№P:cRPf+4>M2o\"6~qen|#BP]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0238.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[~xOq*=3w+h$vmDG№P:cRPf+4>M2o\"6~qen|#BP]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0238.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[~xOq*=3w+h$vmDG№P:cRPf+4>M2o\"6~qen|#BP]", cchWideChar=70, lpMultiByteStr=0x252c6b0, cbMultiByte=70, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[customizations.xml]omgp:[~xOq*=3w+h$vmDG?P:cRPf+4>M2o\"6~qen|#BP]", lpUsedDefaultChar=0x0) returned 70 [0238.381] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0238.381] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo=") returned 172 [0238.381] GetCurrentThreadId () returned 0x1130 [0238.381] GetCurrentThreadId () returned 0x1130 [0238.381] GetCurrentThreadId () returned 0x1130 [0238.382] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.382] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.382] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.382] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.382] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.382] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.382] SetLastError (dwErrCode=0x0) [0238.382] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320") returned 0x9c [0238.382] GetLastError () returned 0x0 [0238.382] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.382] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.382] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.382] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.382] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}")) returned 0x10 [0238.382] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].wannacash ncov v310320")) returned 0x20 [0238.382] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [143].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.382] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0238.382] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.383] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x8e3 [0238.383] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.383] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0238.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.383] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.383] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.383] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3") returned 197 [0238.383] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.383] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3") returned 197 [0238.383] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x8e3 [0238.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.383] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VfMClBjSqzmCNtRnUzlL5z6vQ5yeq7pV2U+YuGE2+5U7Duh6N+EJJcC0mZBCyIsGzWPGVVkQ8/yHtruQ1XOgoaLJd0pHlm7ApXbthckbkD4eSOySyGVs4GgQTi2DUmiB2HjTrmoBqYY1WtPulxQtftsYImxZFLMEh5isQjeKWzo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.383] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0238.383] CloseHandle (hObject=0x404) returned 1 [0238.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=8) returned 1 [0238.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=4) returned 1 [0238.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=8) returned 1 [0238.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=4) returned 1 [0238.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=8) returned 1 [0238.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=4) returned 1 [0238.384] SetLastError (dwErrCode=0x0) [0238.384] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", lpFilePart=0x19fa34*="customizations.xml") returned 0x63 [0238.384] GetLastError () returned 0x0 [0238.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=8) returned 1 [0238.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=4) returned 1 [0238.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=8) returned 1 [0238.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml", cchCount2=4) returned 1 [0238.384] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}")) returned 0x10 [0238.384] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml")) returned 0 [0238.384] GetLastError () returned 0x2 [0238.385] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\customizations.xml")) returned 0xffffffff [0238.385] SetLastError (dwErrCode=0x2) [0238.385] GetLastError () returned 0x2 [0238.385] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0238.385] LocalFree (hMem=0x92fe20) returned 0x0 [0238.385] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0238.385] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0238.385] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\masterdatastore.xml")) returned 0x20 [0238.385] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33329167502) returned 1 [0238.386] GetCurrentThreadId () returned 0x1130 [0238.386] GetCurrentThreadId () returned 0x1130 [0238.386] GetCurrentThreadId () returned 0x1130 [0238.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K|uvN2u>Bw4d93k+eZB%Ie&eeKWcb", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0238.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K|uvN2u>Bw4d93k+eZB%Ie&eeKWcb", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0238.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K|uvN2u>Bw4d93k+eZB%Ie&eeKWcb", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="K|uvN2u>Bw4d93k+eZB%Ie&eeKWcb", lpUsedDefaultChar=0x0) returned 29 [0238.386] GetCurrentThreadId () returned 0x1130 [0238.386] GetCurrentThreadId () returned 0x1130 [0238.386] GetCurrentThreadId () returned 0x1130 [0238.386] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\masterdatastore.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.386] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0238.386] GetCurrentThreadId () returned 0x1130 [0238.386] GetCurrentThreadId () returned 0x1130 [0238.386] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] malloc (_Size=0x64) returned 0x1d1338 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] GetCurrentThreadId () returned 0x1130 [0238.387] free (_Block=0x1d1338) [0238.387] malloc (_Size=0x60) returned 0x1d1338 [0238.387] free (_Block=0x1d1338) [0238.387] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.387] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0238.388] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.388] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.388] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10f [0238.388] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.388] ReadFile (in: hFile=0x404, lpBuffer=0x247e808, nNumberOfBytesToRead=0x10f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x247e808*, lpNumberOfBytesRead=0x19fbc8*=0x10f, lpOverlapped=0x0) returned 1 [0238.389] malloc (_Size=0x8c) returned 0x1d1338 [0238.389] malloc (_Size=0xfc) returned 0x31d78e8 [0238.389] malloc (_Size=0x40) returned 0x1d14e8 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] malloc (_Size=0xa5c) returned 0x1d9aa8 [0238.389] malloc (_Size=0x40) returned 0x1d7470 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.389] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] malloc (_Size=0xc) returned 0x31e1d18 [0238.390] malloc (_Size=0x20c) returned 0x31d2860 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] free (_Block=0x1d9aa8) [0238.390] free (_Block=0x1d14e8) [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.390] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] GetCurrentThreadId () returned 0x1130 [0238.391] free (_Block=0x31d2860) [0238.391] free (_Block=0x31e1d18) [0238.391] free (_Block=0x1d7470) [0238.391] WriteFile (in: hFile=0x2b4, lpBuffer=0x2456078*, nNumberOfBytesToWrite=0x186, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2456078*, lpNumberOfBytesWritten=0x19fbbc*=0x186, lpOverlapped=0x0) returned 1 [0238.392] free (_Block=0x31d78e8) [0238.392] free (_Block=0x1d1338) [0238.392] CloseHandle (hObject=0x2b4) returned 1 [0238.393] CloseHandle (hObject=0x404) returned 1 [0238.393] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=8) returned 1 [0238.393] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=4) returned 1 [0238.393] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=8) returned 1 [0238.393] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=4) returned 1 [0238.393] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=8) returned 1 [0238.393] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=4) returned 1 [0238.393] SetLastError (dwErrCode=0x0) [0238.393] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", lpFilePart=0x19f9f8*="MasterDatastore.xml") returned 0x64 [0238.393] GetLastError () returned 0x0 [0238.393] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=8) returned 1 [0238.393] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=4) returned 1 [0238.393] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=8) returned 1 [0238.393] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=4) returned 1 [0238.393] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}")) returned 0x10 [0238.394] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\masterdatastore.xml")) returned 1 [0238.395] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xe, wMilliseconds=0x16a)) [0238.395] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0238.395] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0238.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0238.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.395] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0238.395] CloseHandle (hObject=0x404) returned 1 [0238.395] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[K|uvN2u>Bw4d93k+eZB%Ie&eeKWcb]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0238.395] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[K|uvN2u>Bw4d93k+eZB%Ie&eeKWcb]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0238.396] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MasterDatastore.xml]omgp:[K|uvN2u>Bw4d93k+eZB%Ie&eeKWcb]", cchWideChar=62, lpMultiByteStr=0x2541d78, cbMultiByte=62, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[MasterDatastore.xml]omgp:[K|uvN2u>Bw4d93k+eZB%Ie&eeKWcb]", lpUsedDefaultChar=0x0) returned 62 [0238.402] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0238.402] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0=") returned 172 [0238.402] GetCurrentThreadId () returned 0x1130 [0238.402] GetCurrentThreadId () returned 0x1130 [0238.402] GetCurrentThreadId () returned 0x1130 [0238.402] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.402] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.402] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.402] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.403] SetLastError (dwErrCode=0x0) [0238.403] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320") returned 0x9c [0238.403] GetLastError () returned 0x0 [0238.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.403] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}")) returned 0x10 [0238.403] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].wannacash ncov v310320")) returned 0x20 [0238.403] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [144].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.403] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0238.403] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.404] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x186 [0238.404] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.404] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0238.404] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.404] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.404] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.404] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.404] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3") returned 197 [0238.404] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.404] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3") returned 197 [0238.404] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x186 [0238.404] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.404] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.404] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DxWWBWRo1ZvmQ96N+AGFHTJxGaFiiruF8ggp9kRmacgrI+oN5GG2Ph6MT3iv3dIsivA4RZKCc6pNaNCqJs5flTCPD3zB8qrbbXO6p3obaiufFYBlRPHKDiV4qBIv93ezAyrB7pT51KWiXO1x+JChl2lmUvbDGNB4Zpl+EKe5fk0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.404] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0238.416] CloseHandle (hObject=0x404) returned 1 [0238.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=8) returned 1 [0238.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=4) returned 1 [0238.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=8) returned 1 [0238.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=4) returned 1 [0238.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=8) returned 1 [0238.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=4) returned 1 [0238.417] SetLastError (dwErrCode=0x0) [0238.417] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", lpFilePart=0x19fa34*="MasterDatastore.xml") returned 0x64 [0238.417] GetLastError () returned 0x0 [0238.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=8) returned 1 [0238.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=4) returned 1 [0238.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=8) returned 1 [0238.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml", cchCount2=4) returned 1 [0238.417] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}")) returned 0x10 [0238.417] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\masterdatastore.xml")) returned 0 [0238.417] GetLastError () returned 0x2 [0238.418] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\masterdatastore.xml")) returned 0xffffffff [0238.418] SetLastError (dwErrCode=0x2) [0238.418] GetLastError () returned 0x2 [0238.418] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0238.418] LocalFree (hMem=0x92fe20) returned 0x0 [0238.418] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0238.418] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0238.418] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\prov\\runtime.xml")) returned 0x20 [0238.419] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33332471302) returned 1 [0238.419] GetCurrentThreadId () returned 0x1130 [0238.419] GetCurrentThreadId () returned 0x1130 [0238.419] GetCurrentThreadId () returned 0x1130 [0238.419] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@BAF8f!>>b№*C8Tk$.,oqm_Q5e>J%?Jl8H#7pAtPK>Zwh}", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0238.419] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@BAF8f!>>b№*C8Tk$.,oqm_Q5e>J%?Jl8H#7pAtPK>Zwh}", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0238.419] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@BAF8f!>>b№*C8Tk$.,oqm_Q5e>J%?Jl8H#7pAtPK>Zwh}", cchWideChar=46, lpMultiByteStr=0x25337d8, cbMultiByte=48, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="@BAF8f!>>bâ\x84\x96*C8Tk$.,oqm_Q5e>J%?Jl8H#7pAtPK>Zwh}", lpUsedDefaultChar=0x0) returned 48 [0238.419] GetCurrentThreadId () returned 0x1130 [0238.419] GetCurrentThreadId () returned 0x1130 [0238.419] GetCurrentThreadId () returned 0x1130 [0238.419] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\prov\\runtime.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.419] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] GetCurrentThreadId () returned 0x1130 [0238.420] malloc (_Size=0x64) returned 0x1d1338 [0238.421] GetCurrentThreadId () returned 0x1130 [0238.421] GetCurrentThreadId () returned 0x1130 [0238.421] GetCurrentThreadId () returned 0x1130 [0238.421] GetCurrentThreadId () returned 0x1130 [0238.421] GetCurrentThreadId () returned 0x1130 [0238.421] GetCurrentThreadId () returned 0x1130 [0238.421] free (_Block=0x1d1338) [0238.421] malloc (_Size=0x60) returned 0x1d1338 [0238.421] free (_Block=0x1d1338) [0238.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x222 [0238.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x222 [0238.422] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.422] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x222, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x222, lpOverlapped=0x0) returned 1 [0238.423] malloc (_Size=0x8c) returned 0x1d1338 [0238.424] malloc (_Size=0xfc) returned 0x31d73c0 [0238.424] malloc (_Size=0x40) returned 0x1d14e8 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] malloc (_Size=0xa5c) returned 0x1d9aa8 [0238.424] malloc (_Size=0x40) returned 0x1d7470 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.424] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] malloc (_Size=0xc) returned 0x31e1dc0 [0238.425] malloc (_Size=0x414) returned 0x31d2860 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] GetCurrentThreadId () returned 0x1130 [0238.425] free (_Block=0x1d9aa8) [0238.425] free (_Block=0x1d14e8) [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.426] GetCurrentThreadId () returned 0x1130 [0238.427] free (_Block=0x31d2860) [0238.427] free (_Block=0x31e1dc0) [0238.427] free (_Block=0x1d7470) [0238.427] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bdaf8*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bdaf8*, lpNumberOfBytesWritten=0x19fbbc*=0x30c, lpOverlapped=0x0) returned 1 [0238.429] free (_Block=0x31d73c0) [0238.429] free (_Block=0x1d1338) [0238.429] CloseHandle (hObject=0x2b4) returned 1 [0238.430] CloseHandle (hObject=0x404) returned 1 [0238.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.430] SetLastError (dwErrCode=0x0) [0238.430] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", lpFilePart=0x19f9f8*="RunTime.xml") returned 0x61 [0238.430] GetLastError () returned 0x0 [0238.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.430] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\prov")) returned 0x10 [0238.431] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\prov\\runtime.xml")) returned 1 [0238.432] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xe, wMilliseconds=0x189)) [0238.432] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0238.432] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.432] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0238.432] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.432] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0238.432] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.433] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0238.433] CloseHandle (hObject=0x404) returned 1 [0238.433] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[@BAF8f!>>b№*C8Tk$.,oqm_Q5e>J%?Jl8H#7pAtPK>Zwh}]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0238.433] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[@BAF8f!>>b№*C8Tk$.,oqm_Q5e>J%?Jl8H#7pAtPK>Zwh}]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0238.433] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RunTime.xml]omgp:[@BAF8f!>>b№*C8Tk$.,oqm_Q5e>J%?Jl8H#7pAtPK>Zwh}]", cchWideChar=71, lpMultiByteStr=0x252c6b0, cbMultiByte=71, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[RunTime.xml]omgp:[@BAF8f!>>b?*C8Tk$.,oqm_Q5e>J%?Jl8H#7pAtPK>Zwh}]", lpUsedDefaultChar=0x0) returned 71 [0238.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0238.442] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434788, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI=") returned 172 [0238.442] GetCurrentThreadId () returned 0x1130 [0238.442] GetCurrentThreadId () returned 0x1130 [0238.442] GetCurrentThreadId () returned 0x1130 [0238.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.443] SetLastError (dwErrCode=0x0) [0238.443] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320") returned 0xa1 [0238.443] GetLastError () returned 0x0 [0238.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.443] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\prov")) returned 0x10 [0238.443] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].wannacash ncov v310320")) returned 0x20 [0238.443] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\prov\\Файл зашифрован. Пиши. Почта clubnika@elude.in [145].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0238.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x30c [0238.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.444] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0238.444] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.444] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.444] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.444] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.444] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.444] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3") returned 197 [0238.444] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.444] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3") returned 197 [0238.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x30c [0238.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qBq9bqPwXRMjEqTaYd0DJmBuCdCDFIGRMSQnKEN+PagIgDBMAwrGtwSTkGa1SssNrqOWuoFQt32xhIn5z0dUGNVKHs1VUjUr1seRYt6voYPNdr3adBtSc55S5CTwOCG+1nif9DCc1IaFnlsTluqfdm16FyyGKHFnscfVRTBGdWI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.445] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0238.445] CloseHandle (hObject=0x404) returned 1 [0238.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.446] SetLastError (dwErrCode=0x0) [0238.446] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", lpFilePart=0x19fa34*="RunTime.xml") returned 0x61 [0238.446] GetLastError () returned 0x0 [0238.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=8) returned 1 [0238.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml", cchCount2=4) returned 1 [0238.446] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\prov")) returned 0x10 [0238.446] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\prov\\runtime.xml")) returned 0 [0238.446] GetLastError () returned 0x2 [0238.446] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\Prov\\RunTime.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c5dc3753-b6c8-4057-b396-bf13d769311c}\\prov\\runtime.xml")) returned 0xffffffff [0238.446] SetLastError (dwErrCode=0x2) [0238.446] GetLastError () returned 0x2 [0238.446] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0238.446] LocalFree (hMem=0x92fe20) returned 0x0 [0238.446] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0238.447] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0238.447] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml")) returned 0x20 [0238.447] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33335355337) returned 1 [0238.447] GetCurrentThreadId () returned 0x1130 [0238.448] GetCurrentThreadId () returned 0x1130 [0238.448] GetCurrentThreadId () returned 0x1130 [0238.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$O}kxm_df38}4q:wvze1/eKI@Tj^N,Re(+MmvW()6", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0238.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$O}kxm_df38}4q:wvze1/eKI@Tj^N,Re(+MmvW()6", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0238.448] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$O}kxm_df38}4q:wvze1/eKI@Tj^N,Re(+MmvW()6", cchWideChar=41, lpMultiByteStr=0x2524fd0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$O}kxm_df38}4q:wvze1/eKI@Tj^N,Re(+MmvW()6", lpUsedDefaultChar=0x0) returned 41 [0238.448] GetCurrentThreadId () returned 0x1130 [0238.448] GetCurrentThreadId () returned 0x1130 [0238.448] GetCurrentThreadId () returned 0x1130 [0238.448] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.448] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0238.448] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] malloc (_Size=0x64) returned 0x1d1338 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] GetCurrentThreadId () returned 0x1130 [0238.449] free (_Block=0x1d1338) [0238.449] malloc (_Size=0x60) returned 0x1d1338 [0238.450] free (_Block=0x1d1338) [0238.450] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.450] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x9ba5b [0238.450] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.450] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fe10000 [0238.465] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.466] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x9ba5b [0238.466] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0238.466] ReadFile (in: hFile=0x404, lpBuffer=0x7fe10018, nNumberOfBytesToRead=0x9ba5b, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fe10018*, lpNumberOfBytesRead=0x19fbc8*=0x9ba5b, lpOverlapped=0x0) returned 1 [0238.476] malloc (_Size=0x8c) returned 0x1d1338 [0238.476] malloc (_Size=0xfc) returned 0x31d73c0 [0238.476] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd70000 [0238.488] malloc (_Size=0x40) returned 0x1d14e8 [0238.488] GetCurrentThreadId () returned 0x1130 [0238.488] GetCurrentThreadId () returned 0x1130 [0238.488] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] malloc (_Size=0xa5c) returned 0x1d9aa8 [0238.489] malloc (_Size=0x40) returned 0x1d7470 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] GetCurrentThreadId () returned 0x1130 [0238.489] malloc (_Size=0xc) returned 0x31e1ca0 [0238.489] malloc (_Size=0x720) returned 0x31d2860 [0238.489] malloc (_Size=0xe3c) returned 0x1da510 [0238.490] free (_Block=0x31d2860) [0238.490] malloc (_Size=0x15ac) returned 0x1db358 [0238.490] free (_Block=0x1da510) [0238.490] malloc (_Size=0x23e4) returned 0x1dc910 [0238.490] free (_Block=0x1db358) [0238.490] malloc (_Size=0x3274) returned 0x31e40b0 [0238.491] free (_Block=0x1dc910) [0238.491] malloc (_Size=0x4820) returned 0x1da510 [0238.491] free (_Block=0x31e40b0) [0238.491] malloc (_Size=0x64e4) returned 0x31e40b0 [0238.491] free (_Block=0x1da510) [0238.492] malloc (_Size=0x8920) returned 0x31ea5a0 [0238.493] free (_Block=0x31e40b0) [0238.493] malloc (_Size=0xbb90) returned 0x31f2ec8 [0238.493] free (_Block=0x31ea5a0) [0238.493] malloc (_Size=0xfc90) returned 0x31fea60 [0238.494] free (_Block=0x31f2ec8) [0238.494] malloc (_Size=0x1533c) returned 0x31e40b0 [0238.495] free (_Block=0x31fea60) [0238.495] malloc (_Size=0x1c704) returned 0x31f93f8 [0238.496] free (_Block=0x31e40b0) [0238.496] malloc (_Size=0x265c8) returned 0x3a60048 [0238.497] free (_Block=0x31f93f8) [0238.497] malloc (_Size=0x33758) returned 0x31e40b0 [0238.497] free (_Block=0x3a60048) [0238.498] malloc (_Size=0x45104) returned 0x3a60048 [0238.499] free (_Block=0x31e40b0) [0238.499] malloc (_Size=0x5c874) returned 0x31e40b0 [0238.512] free (_Block=0x3a60048) [0238.513] malloc (_Size=0x7bac8) returned 0x3a60048 [0238.514] free (_Block=0x31e40b0) [0238.518] malloc (_Size=0xa5358) returned 0xa0f020 [0238.524] free (_Block=0x3a60048) [0238.526] malloc (_Size=0xdcbac) returned 0x2d14020 [0238.535] free (_Block=0xa0f020) [0238.541] VirtualAlloc (lpAddress=0x0, dwSize=0xe0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fc90000 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.570] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] free (_Block=0x1d9aa8) [0238.571] free (_Block=0x1d14e8) [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.571] GetCurrentThreadId () returned 0x1130 [0238.572] GetCurrentThreadId () returned 0x1130 [0238.572] GetCurrentThreadId () returned 0x1130 [0238.572] GetCurrentThreadId () returned 0x1130 [0238.572] GetCurrentThreadId () returned 0x1130 [0238.572] GetCurrentThreadId () returned 0x1130 [0238.572] GetCurrentThreadId () returned 0x1130 [0238.572] GetCurrentThreadId () returned 0x1130 [0238.572] GetCurrentThreadId () returned 0x1130 [0238.572] GetCurrentThreadId () returned 0x1130 [0238.572] GetCurrentThreadId () returned 0x1130 [0238.573] free (_Block=0x2d14020) [0238.578] free (_Block=0x31e1ca0) [0238.578] free (_Block=0x1d7470) [0238.579] WriteFile (in: hFile=0x2b4, lpBuffer=0x7fc90018*, nNumberOfBytesToWrite=0xd2c7b, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fc90018*, lpNumberOfBytesWritten=0x19fbbc*=0xd2c7b, lpOverlapped=0x0) returned 1 [0238.668] free (_Block=0x31d73c0) [0238.668] free (_Block=0x1d1338) [0238.668] VirtualFree (lpAddress=0x7fc90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0238.674] VirtualFree (lpAddress=0x7fd70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0238.678] VirtualFree (lpAddress=0x7fe10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0238.678] CloseHandle (hObject=0x2b4) returned 1 [0238.679] CloseHandle (hObject=0x404) returned 1 [0238.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=8) returned 1 [0238.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=4) returned 1 [0238.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=8) returned 1 [0238.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=4) returned 1 [0238.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=8) returned 1 [0238.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=4) returned 1 [0238.679] SetLastError (dwErrCode=0x0) [0238.679] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", lpFilePart=0x19f9f8*="customizations.xml") returned 0x63 [0238.679] GetLastError () returned 0x0 [0238.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=8) returned 1 [0238.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=4) returned 1 [0238.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=8) returned 1 [0238.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=4) returned 1 [0238.680] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}")) returned 0x10 [0238.680] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml")) returned 1 [0238.730] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0xe, wMilliseconds=0x2b2)) [0238.730] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0238.730] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.730] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0238.730] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.730] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0238.730] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0238.730] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0238.730] CloseHandle (hObject=0x404) returned 1 [0238.731] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[$O}kxm_df38}4q:wvze1/eKI@Tj^N,Re(+MmvW()6]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0238.731] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[$O}kxm_df38}4q:wvze1/eKI@Tj^N,Re(+MmvW()6]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0238.731] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[customizations.xml]omgp:[$O}kxm_df38}4q:wvze1/eKI@Tj^N,Re(+MmvW()6]", cchWideChar=73, lpMultiByteStr=0x252c6b0, cbMultiByte=73, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[customizations.xml]omgp:[$O}kxm_df38}4q:wvze1/eKI@Tj^N,Re(+MmvW()6]", lpUsedDefaultChar=0x0) returned 73 [0238.740] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0238.740] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc=") returned 172 [0238.741] GetCurrentThreadId () returned 0x1130 [0238.741] GetCurrentThreadId () returned 0x1130 [0238.741] GetCurrentThreadId () returned 0x1130 [0238.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.741] SetLastError (dwErrCode=0x0) [0238.741] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320") returned 0x9c [0238.741] GetLastError () returned 0x0 [0238.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0238.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0238.741] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}")) returned 0x10 [0238.741] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].wannacash ncov v310320")) returned 0x20 [0238.741] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [146].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0238.742] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0238.742] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.742] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xd2c7b [0238.742] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0238.742] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0238.742] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.742] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.742] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.742] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.742] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.742] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3") returned 197 [0238.742] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0238.742] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3") returned 197 [0238.742] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xd2c7b [0238.743] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.743] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0238.743] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:/tCs3sO1WbPpphPZKIXSS+Q2o22UzoXBlWoYOYmBF3PsrVVfaJw6Fy4vOXPFeHDTlmhK63nFTT7+VLr0/6e1PJtv5TcM339XSo2360jn7r20FuIMAdpAqsk51Wmhwr9G5DLCoEndaiy4oiYVugKEFF9DStLm+qTdbFpgW0Ztplc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0238.743] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0238.743] CloseHandle (hObject=0x404) returned 1 [0238.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=8) returned 1 [0238.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=4) returned 1 [0238.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=8) returned 1 [0238.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=4) returned 1 [0238.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=8) returned 1 [0238.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=4) returned 1 [0238.743] SetLastError (dwErrCode=0x0) [0238.743] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", lpFilePart=0x19fa34*="customizations.xml") returned 0x63 [0238.743] GetLastError () returned 0x0 [0238.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=8) returned 1 [0238.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=4) returned 1 [0238.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=8) returned 1 [0238.744] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml", cchCount2=4) returned 1 [0238.744] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}")) returned 0x10 [0238.744] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml")) returned 0 [0238.744] GetLastError () returned 0x2 [0238.744] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\customizations.xml")) returned 0xffffffff [0238.744] SetLastError (dwErrCode=0x2) [0238.744] GetLastError () returned 0x2 [0238.744] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0238.744] LocalFree (hMem=0x92fe20) returned 0x0 [0238.744] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0238.744] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0238.745] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\MasterDatastore.xml" (normalized: "c:\\users\\all users\\microsoft\\provisioning\\{c8a326e4-f518-4f14-b543-97a57e1a975e}\\masterdatastore.xml")) returned 0x20 [0238.745] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33365090277) returned 1 [0238.745] GetCurrentThreadId () returned 0x1130 [0238.745] GetCurrentThreadId () returned 0x1130 [0238.745] GetCurrentThreadId () returned 0x1130 [0238.745] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="y3TVXG;XiVoFI7C,$h\\jg~u/!;$*$Uo", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0239.317] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rCAx\"K=@VHWY9e%`Imzjq}{;>u/!;$*$Uo", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0239.317] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rCAx\"K=@VHWY9e%`Imzjq}{;>u/!;$*$Uo", cchWideChar=34, lpMultiByteStr=0x250f7b8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rCAx\"K=@VHWY9e%`Imzjq}{;>u/!;$*$Uo", lpUsedDefaultChar=0x0) returned 34 [0239.317] GetCurrentThreadId () returned 0x1130 [0239.317] GetCurrentThreadId () returned 0x1130 [0239.317] GetCurrentThreadId () returned 0x1130 [0239.317] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftinternetexplorer2013.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.317] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [162].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [162].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] malloc (_Size=0x64) returned 0x1d1338 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] GetCurrentThreadId () returned 0x1130 [0239.318] free (_Block=0x1d1338) [0239.319] malloc (_Size=0x60) returned 0x1d1338 [0239.319] free (_Block=0x1d1338) [0239.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc27 [0239.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc27 [0239.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.319] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc27, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc27, lpOverlapped=0x0) returned 1 [0239.339] malloc (_Size=0x8c) returned 0x1d1338 [0239.339] malloc (_Size=0xfc) returned 0x31d7f18 [0239.339] malloc (_Size=0x40) returned 0x1d14e8 [0239.339] GetCurrentThreadId () returned 0x1130 [0239.339] GetCurrentThreadId () returned 0x1130 [0239.339] GetCurrentThreadId () returned 0x1130 [0239.339] GetCurrentThreadId () returned 0x1130 [0239.339] GetCurrentThreadId () returned 0x1130 [0239.339] GetCurrentThreadId () returned 0x1130 [0239.339] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.340] malloc (_Size=0x40) returned 0x1d7470 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] GetCurrentThreadId () returned 0x1130 [0239.340] malloc (_Size=0xc) returned 0x31e1ec8 [0239.340] malloc (_Size=0x720) returned 0x31d2860 [0239.340] malloc (_Size=0xe3c) returned 0x1d9aa8 [0239.341] free (_Block=0x31d2860) [0239.341] malloc (_Size=0x15ac) returned 0x1da8f0 [0239.341] free (_Block=0x1d9aa8) [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.341] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] free (_Block=0x31e40b0) [0239.342] free (_Block=0x1d14e8) [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] GetCurrentThreadId () returned 0x1130 [0239.342] free (_Block=0x1da8f0) [0239.342] free (_Block=0x31e1ec8) [0239.343] free (_Block=0x1d7470) [0239.343] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x109a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x109a, lpOverlapped=0x0) returned 1 [0239.344] free (_Block=0x31d7f18) [0239.344] free (_Block=0x1d1338) [0239.344] CloseHandle (hObject=0x2b4) returned 1 [0239.344] CloseHandle (hObject=0x404) returned 1 [0239.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", cchCount2=8) returned 1 [0239.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", cchCount2=4) returned 1 [0239.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", cchCount2=8) returned 1 [0239.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", cchCount2=4) returned 1 [0239.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", cchCount2=8) returned 1 [0239.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", cchCount2=4) returned 1 [0239.345] SetLastError (dwErrCode=0x0) [0239.345] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", lpFilePart=0x19f9f8*="MicrosoftInternetExplorer2013.xml") returned 0x51 [0239.345] GetLastError () returned 0x0 [0239.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", cchCount2=8) returned 1 [0239.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", cchCount2=4) returned 1 [0239.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", cchCount2=8) returned 1 [0239.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml", cchCount2=4) returned 1 [0239.345] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.345] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftinternetexplorer2013.xml")) returned 0 [0239.346] GetLastError () returned 0x5 [0239.346] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftinternetexplorer2013.xml")) returned 0x20 [0239.346] SetLastError (dwErrCode=0x5) [0239.346] GetLastError () returned 0x5 [0239.346] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.346] LocalFree (hMem=0x9509e0) returned 0x0 [0239.346] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.347] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.347] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftInternetExplorer2013Backup.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftinternetexplorer2013backup.xml")) returned 0x20 [0239.347] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33425346458) returned 1 [0239.347] GetCurrentThreadId () returned 0x1130 [0239.347] GetCurrentThreadId () returned 0x1130 [0239.347] GetCurrentThreadId () returned 0x1130 [0239.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":KF!<~;Cv>UQduaF№oTe8lB.", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0239.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}~|FC@$ABsXx>\";#vsZkpoRW5\"nc-~/>Te8lB.", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0239.516] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}~|FC@$ABsXx>\";#vsZkpoRW5\"nc-~/>Te8lB.", cchWideChar=38, lpMultiByteStr=0x2524fd0, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="}~|FC@$ABsXx>\";#vsZkpoRW5\"nc-~/>Te8lB.c9T)shqPR\x02\x01", lpUsedDefaultChar=0x0) returned 38 [0239.516] GetCurrentThreadId () returned 0x1130 [0239.516] GetCurrentThreadId () returned 0x1130 [0239.516] GetCurrentThreadId () returned 0x1130 [0239.516] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2010win64.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.516] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [169].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [169].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] malloc (_Size=0x64) returned 0x1d1338 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.517] GetCurrentThreadId () returned 0x1130 [0239.518] GetCurrentThreadId () returned 0x1130 [0239.518] GetCurrentThreadId () returned 0x1130 [0239.518] GetCurrentThreadId () returned 0x1130 [0239.518] free (_Block=0x1d1338) [0239.518] malloc (_Size=0x60) returned 0x1d1338 [0239.518] free (_Block=0x1d1338) [0239.518] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.518] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x11c51 [0239.518] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.518] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.518] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x11c51 [0239.518] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.518] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x11c51, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x11c51, lpOverlapped=0x0) returned 1 [0239.521] malloc (_Size=0x8c) returned 0x1d1338 [0239.521] malloc (_Size=0xfc) returned 0x31d78e8 [0239.521] malloc (_Size=0x40) returned 0x1d14e8 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.521] malloc (_Size=0x40) returned 0x1d7470 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.521] GetCurrentThreadId () returned 0x1130 [0239.522] GetCurrentThreadId () returned 0x1130 [0239.522] GetCurrentThreadId () returned 0x1130 [0239.522] GetCurrentThreadId () returned 0x1130 [0239.522] GetCurrentThreadId () returned 0x1130 [0239.522] GetCurrentThreadId () returned 0x1130 [0239.522] GetCurrentThreadId () returned 0x1130 [0239.522] GetCurrentThreadId () returned 0x1130 [0239.522] GetCurrentThreadId () returned 0x1130 [0239.522] malloc (_Size=0xc) returned 0x31e1dc0 [0239.522] malloc (_Size=0x720) returned 0x31d2860 [0239.522] malloc (_Size=0xe3c) returned 0x1d9aa8 [0239.522] free (_Block=0x31d2860) [0239.522] malloc (_Size=0x15ac) returned 0x1da8f0 [0239.523] free (_Block=0x1d9aa8) [0239.523] malloc (_Size=0x23e4) returned 0x1dbea8 [0239.523] free (_Block=0x1da8f0) [0239.523] malloc (_Size=0x3274) returned 0x3a60048 [0239.523] free (_Block=0x1dbea8) [0239.523] malloc (_Size=0x4820) returned 0x1d9aa8 [0239.524] free (_Block=0x3a60048) [0239.524] malloc (_Size=0x64e4) returned 0x3a60048 [0239.524] free (_Block=0x1d9aa8) [0239.525] malloc (_Size=0x8920) returned 0x3a66538 [0239.525] free (_Block=0x3a60048) [0239.525] malloc (_Size=0xbb90) returned 0x3a6ee60 [0239.526] free (_Block=0x3a66538) [0239.526] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0239.527] free (_Block=0x3a6ee60) [0239.527] malloc (_Size=0x1533c) returned 0x3a60048 [0239.528] free (_Block=0x3a7a9f8) [0239.529] malloc (_Size=0x1c704) returned 0x3a75390 [0239.529] free (_Block=0x3a60048) [0239.529] GetCurrentThreadId () returned 0x1130 [0239.529] GetCurrentThreadId () returned 0x1130 [0239.529] GetCurrentThreadId () returned 0x1130 [0239.529] GetCurrentThreadId () returned 0x1130 [0239.529] GetCurrentThreadId () returned 0x1130 [0239.529] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] free (_Block=0x31e40b0) [0239.530] free (_Block=0x1d14e8) [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.530] GetCurrentThreadId () returned 0x1130 [0239.531] GetCurrentThreadId () returned 0x1130 [0239.531] GetCurrentThreadId () returned 0x1130 [0239.531] GetCurrentThreadId () returned 0x1130 [0239.531] GetCurrentThreadId () returned 0x1130 [0239.531] free (_Block=0x3a75390) [0239.531] free (_Block=0x31e1dc0) [0239.531] free (_Block=0x1d7470) [0239.531] WriteFile (in: hFile=0x2b4, lpBuffer=0x39da208*, nNumberOfBytesToWrite=0x1812d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39da208*, lpNumberOfBytesWritten=0x19fbbc*=0x1812d, lpOverlapped=0x0) returned 1 [0239.550] free (_Block=0x31d78e8) [0239.550] free (_Block=0x1d1338) [0239.550] CloseHandle (hObject=0x2b4) returned 1 [0239.551] CloseHandle (hObject=0x404) returned 1 [0239.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", cchCount2=8) returned 1 [0239.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", cchCount2=4) returned 1 [0239.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", cchCount2=8) returned 1 [0239.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", cchCount2=4) returned 1 [0239.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", cchCount2=8) returned 1 [0239.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", cchCount2=4) returned 1 [0239.551] SetLastError (dwErrCode=0x0) [0239.551] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", lpFilePart=0x19f9f8*="MicrosoftOffice2010Win64.xml") returned 0x4c [0239.551] GetLastError () returned 0x0 [0239.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", cchCount2=8) returned 1 [0239.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", cchCount2=4) returned 1 [0239.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", cchCount2=8) returned 1 [0239.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml", cchCount2=4) returned 1 [0239.552] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.552] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2010win64.xml")) returned 0 [0239.552] GetLastError () returned 0x5 [0239.552] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2010Win64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2010win64.xml")) returned 0x20 [0239.552] SetLastError (dwErrCode=0x5) [0239.552] GetLastError () returned 0x5 [0239.552] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.552] LocalFree (hMem=0x950b90) returned 0x0 [0239.552] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.553] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.553] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013backupwin32.xml")) returned 0x20 [0239.553] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33445944838) returned 1 [0239.553] GetCurrentThreadId () returned 0x1130 [0239.553] GetCurrentThreadId () returned 0x1130 [0239.553] GetCurrentThreadId () returned 0x1130 [0239.553] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A&b}-HW,Ve>/I%.M+f^K&z\"NP+pr_W", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0239.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A&b}-HW,Ve>/I%.M+f^K&z\"NP+pr_W", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0239.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A&b}-HW,Ve>/I%.M+f^K&z\"NP+pr_W", cchWideChar=30, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="A&b}-HW,Ve>/I%.M+f^K&z\"NP+pr_WÿxqJOS\x11øP\x02", lpUsedDefaultChar=0x0) returned 30 [0239.554] GetCurrentThreadId () returned 0x1130 [0239.554] GetCurrentThreadId () returned 0x1130 [0239.554] GetCurrentThreadId () returned 0x1130 [0239.554] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013backupwin32.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.554] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [170].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [170].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.554] GetCurrentThreadId () returned 0x1130 [0239.554] GetCurrentThreadId () returned 0x1130 [0239.554] GetCurrentThreadId () returned 0x1130 [0239.554] GetCurrentThreadId () returned 0x1130 [0239.554] GetCurrentThreadId () returned 0x1130 [0239.554] GetCurrentThreadId () returned 0x1130 [0239.554] GetCurrentThreadId () returned 0x1130 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] malloc (_Size=0x64) returned 0x1d1338 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] GetCurrentThreadId () returned 0x1130 [0239.555] free (_Block=0x1d1338) [0239.555] malloc (_Size=0x60) returned 0x1d1338 [0239.555] free (_Block=0x1d1338) [0239.555] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.555] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3368 [0239.555] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.556] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.556] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3368 [0239.556] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.556] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x3368, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x3368, lpOverlapped=0x0) returned 1 [0239.558] malloc (_Size=0x8c) returned 0x1d1338 [0239.558] malloc (_Size=0xfc) returned 0x31d7f18 [0239.558] malloc (_Size=0x40) returned 0x1d14e8 [0239.558] GetCurrentThreadId () returned 0x1130 [0239.558] GetCurrentThreadId () returned 0x1130 [0239.558] GetCurrentThreadId () returned 0x1130 [0239.558] GetCurrentThreadId () returned 0x1130 [0239.558] GetCurrentThreadId () returned 0x1130 [0239.558] GetCurrentThreadId () returned 0x1130 [0239.558] GetCurrentThreadId () returned 0x1130 [0239.558] GetCurrentThreadId () returned 0x1130 [0239.558] GetCurrentThreadId () returned 0x1130 [0239.558] GetCurrentThreadId () returned 0x1130 [0239.558] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.559] malloc (_Size=0x40) returned 0x1d7470 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] GetCurrentThreadId () returned 0x1130 [0239.559] malloc (_Size=0xc) returned 0x31e1dc0 [0239.559] malloc (_Size=0x720) returned 0x31d2860 [0239.559] malloc (_Size=0xe3c) returned 0x1d9aa8 [0239.560] free (_Block=0x31d2860) [0239.560] malloc (_Size=0x15ac) returned 0x1da8f0 [0239.560] free (_Block=0x1d9aa8) [0239.560] malloc (_Size=0x23e4) returned 0x1dbea8 [0239.560] free (_Block=0x1da8f0) [0239.560] malloc (_Size=0x3274) returned 0x3a60048 [0239.560] free (_Block=0x1dbea8) [0239.561] malloc (_Size=0x4820) returned 0x1d9aa8 [0239.561] free (_Block=0x3a60048) [0239.561] GetCurrentThreadId () returned 0x1130 [0239.561] GetCurrentThreadId () returned 0x1130 [0239.561] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] free (_Block=0x31e40b0) [0239.562] free (_Block=0x1d14e8) [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.562] GetCurrentThreadId () returned 0x1130 [0239.563] GetCurrentThreadId () returned 0x1130 [0239.563] GetCurrentThreadId () returned 0x1130 [0239.563] GetCurrentThreadId () returned 0x1130 [0239.563] GetCurrentThreadId () returned 0x1130 [0239.563] GetCurrentThreadId () returned 0x1130 [0239.563] GetCurrentThreadId () returned 0x1130 [0239.563] GetCurrentThreadId () returned 0x1130 [0239.563] GetCurrentThreadId () returned 0x1130 [0239.563] GetCurrentThreadId () returned 0x1130 [0239.563] free (_Block=0x1d9aa8) [0239.563] free (_Block=0x31e1dc0) [0239.563] free (_Block=0x1d7470) [0239.563] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd008*, nNumberOfBytesToWrite=0x45bf, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd008*, lpNumberOfBytesWritten=0x19fbbc*=0x45bf, lpOverlapped=0x0) returned 1 [0239.565] free (_Block=0x31d7f18) [0239.565] free (_Block=0x1d1338) [0239.565] CloseHandle (hObject=0x2b4) returned 1 [0239.566] CloseHandle (hObject=0x404) returned 1 [0239.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", cchCount2=8) returned 1 [0239.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", cchCount2=4) returned 1 [0239.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", cchCount2=8) returned 1 [0239.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", cchCount2=4) returned 1 [0239.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", cchCount2=8) returned 1 [0239.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", cchCount2=4) returned 1 [0239.566] SetLastError (dwErrCode=0x0) [0239.566] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", lpFilePart=0x19f9f8*="MicrosoftOffice2013BackupWin32.xml") returned 0x52 [0239.566] GetLastError () returned 0x0 [0239.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", cchCount2=8) returned 1 [0239.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", cchCount2=4) returned 1 [0239.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", cchCount2=8) returned 1 [0239.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml", cchCount2=4) returned 1 [0239.566] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.567] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013backupwin32.xml")) returned 0 [0239.567] GetLastError () returned 0x5 [0239.567] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013backupwin32.xml")) returned 0x20 [0239.567] SetLastError (dwErrCode=0x5) [0239.567] GetLastError () returned 0x5 [0239.567] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.567] LocalFree (hMem=0x9508c0) returned 0x0 [0239.567] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.567] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.568] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013backupwin64.xml")) returned 0x20 [0239.568] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33447413370) returned 1 [0239.568] GetCurrentThreadId () returned 0x1130 [0239.568] GetCurrentThreadId () returned 0x1130 [0239.568] GetCurrentThreadId () returned 0x1130 [0239.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="k=k%m4&fv7igIZ*5w#clB*=(-n!,xX", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0239.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="k=k%m4&fv7igIZ*5w#clB*=(-n!,xX", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0239.568] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="k=k%m4&fv7igIZ*5w#clB*=(-n!,xX", cchWideChar=30, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="k=k%m4&fv7igIZ*5w#clB*=(-n!,xXÿxqJOS\x11øP\x02", lpUsedDefaultChar=0x0) returned 30 [0239.568] GetCurrentThreadId () returned 0x1130 [0239.568] GetCurrentThreadId () returned 0x1130 [0239.568] GetCurrentThreadId () returned 0x1130 [0239.568] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013backupwin64.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.569] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [171].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [171].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] GetCurrentThreadId () returned 0x1130 [0239.569] malloc (_Size=0x64) returned 0x1d1338 [0239.570] GetCurrentThreadId () returned 0x1130 [0239.570] GetCurrentThreadId () returned 0x1130 [0239.570] GetCurrentThreadId () returned 0x1130 [0239.570] GetCurrentThreadId () returned 0x1130 [0239.570] GetCurrentThreadId () returned 0x1130 [0239.570] GetCurrentThreadId () returned 0x1130 [0239.570] free (_Block=0x1d1338) [0239.570] malloc (_Size=0x60) returned 0x1d1338 [0239.570] free (_Block=0x1d1338) [0239.570] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.570] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3368 [0239.570] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.570] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.570] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3368 [0239.570] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.570] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x3368, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x3368, lpOverlapped=0x0) returned 1 [0239.573] malloc (_Size=0x8c) returned 0x1d1338 [0239.573] malloc (_Size=0xfc) returned 0x31d7f18 [0239.573] malloc (_Size=0x40) returned 0x1d14e8 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.573] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.573] malloc (_Size=0x40) returned 0x1d7470 [0239.573] GetCurrentThreadId () returned 0x1130 [0239.574] GetCurrentThreadId () returned 0x1130 [0239.574] GetCurrentThreadId () returned 0x1130 [0239.574] GetCurrentThreadId () returned 0x1130 [0239.574] GetCurrentThreadId () returned 0x1130 [0239.574] GetCurrentThreadId () returned 0x1130 [0239.574] GetCurrentThreadId () returned 0x1130 [0239.574] GetCurrentThreadId () returned 0x1130 [0239.574] GetCurrentThreadId () returned 0x1130 [0239.574] GetCurrentThreadId () returned 0x1130 [0239.574] GetCurrentThreadId () returned 0x1130 [0239.574] GetCurrentThreadId () returned 0x1130 [0239.574] malloc (_Size=0xc) returned 0x31e1ca0 [0239.574] malloc (_Size=0x720) returned 0x31d2860 [0239.574] malloc (_Size=0xe3c) returned 0x1d9aa8 [0239.574] free (_Block=0x31d2860) [0239.575] malloc (_Size=0x15ac) returned 0x1da8f0 [0239.575] free (_Block=0x1d9aa8) [0239.575] malloc (_Size=0x23e4) returned 0x1dbea8 [0239.575] free (_Block=0x1da8f0) [0239.575] malloc (_Size=0x3274) returned 0x3a60048 [0239.575] free (_Block=0x1dbea8) [0239.575] malloc (_Size=0x4820) returned 0x1d9aa8 [0239.575] free (_Block=0x3a60048) [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] free (_Block=0x31e40b0) [0239.576] free (_Block=0x1d14e8) [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.576] GetCurrentThreadId () returned 0x1130 [0239.577] GetCurrentThreadId () returned 0x1130 [0239.577] GetCurrentThreadId () returned 0x1130 [0239.577] GetCurrentThreadId () returned 0x1130 [0239.577] GetCurrentThreadId () returned 0x1130 [0239.577] GetCurrentThreadId () returned 0x1130 [0239.577] GetCurrentThreadId () returned 0x1130 [0239.577] GetCurrentThreadId () returned 0x1130 [0239.577] GetCurrentThreadId () returned 0x1130 [0239.577] GetCurrentThreadId () returned 0x1130 [0239.577] GetCurrentThreadId () returned 0x1130 [0239.577] free (_Block=0x1d9aa8) [0239.577] free (_Block=0x31e1ca0) [0239.577] free (_Block=0x1d7470) [0239.577] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd008*, nNumberOfBytesToWrite=0x45bf, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd008*, lpNumberOfBytesWritten=0x19fbbc*=0x45bf, lpOverlapped=0x0) returned 1 [0239.579] free (_Block=0x31d7f18) [0239.579] free (_Block=0x1d1338) [0239.579] CloseHandle (hObject=0x2b4) returned 1 [0239.580] CloseHandle (hObject=0x404) returned 1 [0239.580] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", cchCount2=8) returned 1 [0239.580] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", cchCount2=4) returned 1 [0239.580] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", cchCount2=8) returned 1 [0239.580] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", cchCount2=4) returned 1 [0239.580] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", cchCount2=8) returned 1 [0239.580] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", cchCount2=4) returned 1 [0239.580] SetLastError (dwErrCode=0x0) [0239.580] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", lpFilePart=0x19f9f8*="MicrosoftOffice2013BackupWin64.xml") returned 0x52 [0239.580] GetLastError () returned 0x0 [0239.580] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", cchCount2=8) returned 1 [0239.580] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", cchCount2=4) returned 1 [0239.580] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", cchCount2=8) returned 1 [0239.580] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml", cchCount2=4) returned 1 [0239.580] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.581] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013backupwin64.xml")) returned 0 [0239.581] GetLastError () returned 0x5 [0239.581] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013BackupWin64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013backupwin64.xml")) returned 0x20 [0239.581] SetLastError (dwErrCode=0x5) [0239.581] GetLastError () returned 0x5 [0239.581] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ਐ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.581] LocalFree (hMem=0x950a10) returned 0x0 [0239.581] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.581] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.582] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013office365win32.xml")) returned 0x20 [0239.582] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33448821956) returned 1 [0239.582] GetCurrentThreadId () returned 0x1130 [0239.582] GetCurrentThreadId () returned 0x1130 [0239.582] GetCurrentThreadId () returned 0x1130 [0239.582] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="oy`wQ^OLY+o++\"gJN4SNJ=&H85*$7e,URv=#86#G2.", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0239.582] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="oy`wQ^OLY+o++\"gJN4SNJ=&H85*$7e,URv=#86#G2.", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0239.582] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="oy`wQ^OLY+o++\"gJN4SNJ=&H85*$7e,URv=#86#G2.", cchWideChar=42, lpMultiByteStr=0x2525040, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="oy`wQ^OLY+o++\"gJN4SNJ=&H85*$7e,URv=#86#G2.ye©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 42 [0239.582] GetCurrentThreadId () returned 0x1130 [0239.582] GetCurrentThreadId () returned 0x1130 [0239.582] GetCurrentThreadId () returned 0x1130 [0239.582] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013office365win32.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.583] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [172].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [172].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.583] GetCurrentThreadId () returned 0x1130 [0239.584] malloc (_Size=0x64) returned 0x1d1338 [0239.584] GetCurrentThreadId () returned 0x1130 [0239.584] GetCurrentThreadId () returned 0x1130 [0239.584] GetCurrentThreadId () returned 0x1130 [0239.584] GetCurrentThreadId () returned 0x1130 [0239.584] GetCurrentThreadId () returned 0x1130 [0239.584] GetCurrentThreadId () returned 0x1130 [0239.584] free (_Block=0x1d1338) [0239.584] malloc (_Size=0x60) returned 0x1d1338 [0239.584] free (_Block=0x1d1338) [0239.584] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.584] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2964 [0239.584] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.584] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.584] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2964 [0239.584] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.584] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2964, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2964, lpOverlapped=0x0) returned 1 [0239.593] malloc (_Size=0x8c) returned 0x1d1338 [0239.593] malloc (_Size=0xfc) returned 0x31d70a8 [0239.593] malloc (_Size=0x40) returned 0x1d14e8 [0239.593] GetCurrentThreadId () returned 0x1130 [0239.593] GetCurrentThreadId () returned 0x1130 [0239.593] GetCurrentThreadId () returned 0x1130 [0239.593] GetCurrentThreadId () returned 0x1130 [0239.593] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.594] malloc (_Size=0x40) returned 0x1d7470 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] GetCurrentThreadId () returned 0x1130 [0239.594] malloc (_Size=0xc) returned 0x31e1e20 [0239.594] malloc (_Size=0x720) returned 0x31d2860 [0239.594] malloc (_Size=0xe3c) returned 0x1d9aa8 [0239.595] free (_Block=0x31d2860) [0239.595] malloc (_Size=0x15ac) returned 0x1da8f0 [0239.595] free (_Block=0x1d9aa8) [0239.595] malloc (_Size=0x23e4) returned 0x1dbea8 [0239.595] free (_Block=0x1da8f0) [0239.596] malloc (_Size=0x3274) returned 0x3a60048 [0239.596] free (_Block=0x1dbea8) [0239.596] malloc (_Size=0x4820) returned 0x1d9aa8 [0239.596] free (_Block=0x3a60048) [0239.596] GetCurrentThreadId () returned 0x1130 [0239.596] GetCurrentThreadId () returned 0x1130 [0239.596] GetCurrentThreadId () returned 0x1130 [0239.596] GetCurrentThreadId () returned 0x1130 [0239.596] GetCurrentThreadId () returned 0x1130 [0239.596] GetCurrentThreadId () returned 0x1130 [0239.596] GetCurrentThreadId () returned 0x1130 [0239.596] GetCurrentThreadId () returned 0x1130 [0239.596] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] free (_Block=0x31e40b0) [0239.597] free (_Block=0x1d14e8) [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.597] GetCurrentThreadId () returned 0x1130 [0239.598] GetCurrentThreadId () returned 0x1130 [0239.598] GetCurrentThreadId () returned 0x1130 [0239.598] GetCurrentThreadId () returned 0x1130 [0239.598] free (_Block=0x1d9aa8) [0239.598] free (_Block=0x31e1e20) [0239.598] free (_Block=0x1d7470) [0239.598] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bbc08*, nNumberOfBytesToWrite=0x3836, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bbc08*, lpNumberOfBytesWritten=0x19fbbc*=0x3836, lpOverlapped=0x0) returned 1 [0239.599] free (_Block=0x31d70a8) [0239.599] free (_Block=0x1d1338) [0239.599] CloseHandle (hObject=0x2b4) returned 1 [0239.599] CloseHandle (hObject=0x404) returned 1 [0239.599] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", cchCount2=8) returned 1 [0239.599] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", cchCount2=4) returned 1 [0239.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", cchCount2=8) returned 1 [0239.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", cchCount2=4) returned 1 [0239.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", cchCount2=8) returned 1 [0239.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", cchCount2=4) returned 1 [0239.600] SetLastError (dwErrCode=0x0) [0239.600] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", lpFilePart=0x19f9f8*="MicrosoftOffice2013Office365Win32.xml") returned 0x55 [0239.600] GetLastError () returned 0x0 [0239.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", cchCount2=8) returned 1 [0239.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", cchCount2=4) returned 1 [0239.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", cchCount2=8) returned 1 [0239.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml", cchCount2=4) returned 1 [0239.600] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.600] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013office365win32.xml")) returned 0 [0239.600] GetLastError () returned 0x5 [0239.600] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013office365win32.xml")) returned 0x20 [0239.601] SetLastError (dwErrCode=0x5) [0239.601] GetLastError () returned 0x5 [0239.601] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ઠ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.601] LocalFree (hMem=0x950aa0) returned 0x0 [0239.601] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.601] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.601] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013office365win64.xml")) returned 0x20 [0239.602] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33450838219) returned 1 [0239.602] GetCurrentThreadId () returned 0x1130 [0239.602] GetCurrentThreadId () returned 0x1130 [0239.602] GetCurrentThreadId () returned 0x1130 [0239.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Go/NIl,6X!,4c<+-!U7Uw@NZYh", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0239.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Go/NIl,6X!,4c<+-!U7Uw@NZYh", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0239.602] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Go/NIl,6X!,4c<+-!U7Uw@NZYh", cchWideChar=26, lpMultiByteStr=0x2508f38, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Go/NIl,6X!,4c<+-!U7Uw@NZYh", lpUsedDefaultChar=0x0) returned 26 [0239.603] GetCurrentThreadId () returned 0x1130 [0239.603] GetCurrentThreadId () returned 0x1130 [0239.603] GetCurrentThreadId () returned 0x1130 [0239.603] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013office365win64.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.603] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [173].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [173].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.603] GetCurrentThreadId () returned 0x1130 [0239.603] GetCurrentThreadId () returned 0x1130 [0239.603] GetCurrentThreadId () returned 0x1130 [0239.603] GetCurrentThreadId () returned 0x1130 [0239.603] GetCurrentThreadId () returned 0x1130 [0239.603] GetCurrentThreadId () returned 0x1130 [0239.603] GetCurrentThreadId () returned 0x1130 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] malloc (_Size=0x64) returned 0x1d1338 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] GetCurrentThreadId () returned 0x1130 [0239.604] free (_Block=0x1d1338) [0239.604] malloc (_Size=0x60) returned 0x1d1338 [0239.604] free (_Block=0x1d1338) [0239.604] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.604] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2964 [0239.604] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.605] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.605] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2964 [0239.605] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.605] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2964, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2964, lpOverlapped=0x0) returned 1 [0239.608] malloc (_Size=0x8c) returned 0x1d1338 [0239.608] malloc (_Size=0xfc) returned 0x31d71b0 [0239.608] malloc (_Size=0x40) returned 0x1d14e8 [0239.608] GetCurrentThreadId () returned 0x1130 [0239.608] GetCurrentThreadId () returned 0x1130 [0239.608] GetCurrentThreadId () returned 0x1130 [0239.608] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.609] malloc (_Size=0x40) returned 0x1d7470 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] GetCurrentThreadId () returned 0x1130 [0239.609] malloc (_Size=0xc) returned 0x31e1ec8 [0239.610] malloc (_Size=0x720) returned 0x31d2860 [0239.610] malloc (_Size=0xe3c) returned 0x1d9aa8 [0239.610] free (_Block=0x31d2860) [0239.610] malloc (_Size=0x15ac) returned 0x1da8f0 [0239.610] free (_Block=0x1d9aa8) [0239.611] malloc (_Size=0x23e4) returned 0x1dbea8 [0239.611] free (_Block=0x1da8f0) [0239.611] malloc (_Size=0x3274) returned 0x3a60048 [0239.611] free (_Block=0x1dbea8) [0239.611] malloc (_Size=0x4820) returned 0x1d9aa8 [0239.611] free (_Block=0x3a60048) [0239.611] GetCurrentThreadId () returned 0x1130 [0239.611] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] free (_Block=0x31e40b0) [0239.612] free (_Block=0x1d14e8) [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.612] GetCurrentThreadId () returned 0x1130 [0239.613] GetCurrentThreadId () returned 0x1130 [0239.613] GetCurrentThreadId () returned 0x1130 [0239.613] GetCurrentThreadId () returned 0x1130 [0239.613] GetCurrentThreadId () returned 0x1130 [0239.613] GetCurrentThreadId () returned 0x1130 [0239.613] GetCurrentThreadId () returned 0x1130 [0239.613] GetCurrentThreadId () returned 0x1130 [0239.613] GetCurrentThreadId () returned 0x1130 [0239.613] GetCurrentThreadId () returned 0x1130 [0239.613] free (_Block=0x1d9aa8) [0239.613] free (_Block=0x31e1ec8) [0239.613] free (_Block=0x1d7470) [0239.613] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bbc08*, nNumberOfBytesToWrite=0x3836, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bbc08*, lpNumberOfBytesWritten=0x19fbbc*=0x3836, lpOverlapped=0x0) returned 1 [0239.615] free (_Block=0x31d71b0) [0239.615] free (_Block=0x1d1338) [0239.615] CloseHandle (hObject=0x2b4) returned 1 [0239.615] CloseHandle (hObject=0x404) returned 1 [0239.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", cchCount2=8) returned 1 [0239.616] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", cchCount2=4) returned 1 [0239.616] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", cchCount2=8) returned 1 [0239.616] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", cchCount2=4) returned 1 [0239.616] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", cchCount2=8) returned 1 [0239.616] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", cchCount2=4) returned 1 [0239.616] SetLastError (dwErrCode=0x0) [0239.616] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", lpFilePart=0x19f9f8*="MicrosoftOffice2013Office365Win64.xml") returned 0x55 [0239.616] GetLastError () returned 0x0 [0239.616] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", cchCount2=8) returned 1 [0239.616] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", cchCount2=4) returned 1 [0239.616] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", cchCount2=8) returned 1 [0239.616] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml", cchCount2=4) returned 1 [0239.616] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.616] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013office365win64.xml")) returned 0 [0239.616] GetLastError () returned 0x5 [0239.616] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Office365Win64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013office365win64.xml")) returned 0x20 [0239.617] SetLastError (dwErrCode=0x5) [0239.617] GetLastError () returned 0x5 [0239.617] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.617] LocalFree (hMem=0x950c50) returned 0x0 [0239.617] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.617] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.617] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOffice2013Win32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoffice2013win32.xml")) returned 0x20 [0239.618] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33452385495) returned 1 [0239.618] GetCurrentThreadId () returned 0x1130 [0239.618] GetCurrentThreadId () returned 0x1130 [0239.618] GetCurrentThreadId () returned 0x1130 [0239.618] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="f3D=1HT8jM9y:WETI))sKl2LX-qbvtCc#-ov1~bW{r/(*№q=%U^m4Hh76.", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0239.843] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\",2LX-qbvtCc#-ov1~bW{r/(*№q=%U^m4Hh76.", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0239.843] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\",2LX-qbvtCc#-ov1~bW{r/(*№q=%U^m4Hh76.", cchWideChar=49, lpMultiByteStr=0x25337d8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\",2LX-qbvtCc#-ov1~bW{r/(*â\x84\x96q=%U^m4Hh76.", lpUsedDefaultChar=0x0) returned 51 [0239.843] GetCurrentThreadId () returned 0x1130 [0239.843] GetCurrentThreadId () returned 0x1130 [0239.843] GetCurrentThreadId () returned 0x1130 [0239.843] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoutlook2013cawin64.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.843] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [181].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [181].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.843] GetCurrentThreadId () returned 0x1130 [0239.843] GetCurrentThreadId () returned 0x1130 [0239.843] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] malloc (_Size=0x64) returned 0x1d1338 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] GetCurrentThreadId () returned 0x1130 [0239.844] free (_Block=0x1d1338) [0239.844] malloc (_Size=0x60) returned 0x1d1338 [0239.844] free (_Block=0x1d1338) [0239.844] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.844] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x506 [0239.844] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.844] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.845] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x506 [0239.845] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.845] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x506, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x506, lpOverlapped=0x0) returned 1 [0239.846] malloc (_Size=0x8c) returned 0x1d1338 [0239.846] malloc (_Size=0xfc) returned 0x31d7af8 [0239.847] malloc (_Size=0x40) returned 0x1d14e8 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.847] malloc (_Size=0x40) returned 0x1d7470 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] GetCurrentThreadId () returned 0x1130 [0239.847] malloc (_Size=0xc) returned 0x31e1d18 [0239.848] malloc (_Size=0x720) returned 0x31d2860 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] free (_Block=0x31e40b0) [0239.848] free (_Block=0x1d14e8) [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.848] GetCurrentThreadId () returned 0x1130 [0239.849] GetCurrentThreadId () returned 0x1130 [0239.849] GetCurrentThreadId () returned 0x1130 [0239.849] GetCurrentThreadId () returned 0x1130 [0239.849] GetCurrentThreadId () returned 0x1130 [0239.849] GetCurrentThreadId () returned 0x1130 [0239.849] GetCurrentThreadId () returned 0x1130 [0239.849] free (_Block=0x31d2860) [0239.849] free (_Block=0x31e1d18) [0239.849] free (_Block=0x1d7470) [0239.849] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c64f8*, nNumberOfBytesToWrite=0x6f4, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c64f8*, lpNumberOfBytesWritten=0x19fbbc*=0x6f4, lpOverlapped=0x0) returned 1 [0239.850] free (_Block=0x31d7af8) [0239.850] free (_Block=0x1d1338) [0239.850] CloseHandle (hObject=0x2b4) returned 1 [0239.850] CloseHandle (hObject=0x404) returned 1 [0239.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", cchCount2=8) returned 1 [0239.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", cchCount2=4) returned 1 [0239.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", cchCount2=8) returned 1 [0239.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", cchCount2=4) returned 1 [0239.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", cchCount2=8) returned 1 [0239.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", cchCount2=4) returned 1 [0239.851] SetLastError (dwErrCode=0x0) [0239.851] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", lpFilePart=0x19f9f8*="MicrosoftOutlook2013CAWin64.xml") returned 0x4f [0239.851] GetLastError () returned 0x0 [0239.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", cchCount2=8) returned 1 [0239.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", cchCount2=4) returned 1 [0239.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", cchCount2=8) returned 1 [0239.851] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml", cchCount2=4) returned 1 [0239.851] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.851] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoutlook2013cawin64.xml")) returned 0 [0239.851] GetLastError () returned 0x5 [0239.851] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2013CAWin64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoutlook2013cawin64.xml")) returned 0x20 [0239.851] SetLastError (dwErrCode=0x5) [0239.851] GetLastError () returned 0x5 [0239.851] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ਐ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.851] LocalFree (hMem=0x950a10) returned 0x0 [0239.851] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.852] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.852] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoutlook2016cawin32.xml")) returned 0x20 [0239.853] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33475871872) returned 1 [0239.853] GetCurrentThreadId () returned 0x1130 [0239.853] GetCurrentThreadId () returned 0x1130 [0239.853] GetCurrentThreadId () returned 0x1130 [0239.853] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#mjIPyKb`u6d\\iYE8_V);5:GIGsd(-p", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0239.853] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#mjIPyKb`u6d\\iYE8_V);5:GIGsd(-p", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0239.853] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#mjIPyKb`u6d\\iYE8_V);5:GIGsd(-p", cchWideChar=31, lpMultiByteStr=0x250f7b8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="#mjIPyKb`u6d\\iYE8_V);5:GIGsd(-pàqJOS\x11øP\x02", lpUsedDefaultChar=0x0) returned 31 [0239.853] GetCurrentThreadId () returned 0x1130 [0239.853] GetCurrentThreadId () returned 0x1130 [0239.853] GetCurrentThreadId () returned 0x1130 [0239.853] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoutlook2016cawin32.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.853] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [182].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [182].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] malloc (_Size=0x64) returned 0x1d1338 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] GetCurrentThreadId () returned 0x1130 [0239.854] free (_Block=0x1d1338) [0239.854] malloc (_Size=0x60) returned 0x1d1338 [0239.854] free (_Block=0x1d1338) [0239.854] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.855] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x509 [0239.855] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.855] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.855] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x509 [0239.855] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.855] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x509, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x509, lpOverlapped=0x0) returned 1 [0239.867] malloc (_Size=0x8c) returned 0x1d1338 [0239.867] malloc (_Size=0xfc) returned 0x31d7d08 [0239.868] malloc (_Size=0x40) returned 0x1d14e8 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.868] malloc (_Size=0x40) returned 0x1d7470 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.868] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] malloc (_Size=0xc) returned 0x31e1d18 [0239.869] malloc (_Size=0x720) returned 0x31d2860 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] GetCurrentThreadId () returned 0x1130 [0239.869] free (_Block=0x31e40b0) [0239.870] free (_Block=0x1d14e8) [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] GetCurrentThreadId () returned 0x1130 [0239.870] free (_Block=0x31d2860) [0239.870] free (_Block=0x31e1d18) [0239.870] free (_Block=0x1d7470) [0239.870] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c64f8*, nNumberOfBytesToWrite=0x6f4, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c64f8*, lpNumberOfBytesWritten=0x19fbbc*=0x6f4, lpOverlapped=0x0) returned 1 [0239.872] free (_Block=0x31d7d08) [0239.872] free (_Block=0x1d1338) [0239.872] CloseHandle (hObject=0x2b4) returned 1 [0239.873] CloseHandle (hObject=0x404) returned 1 [0239.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", cchCount2=8) returned 1 [0239.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", cchCount2=4) returned 1 [0239.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", cchCount2=8) returned 1 [0239.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", cchCount2=4) returned 1 [0239.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", cchCount2=8) returned 1 [0239.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", cchCount2=4) returned 1 [0239.873] SetLastError (dwErrCode=0x0) [0239.873] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", lpFilePart=0x19f9f8*="MicrosoftOutlook2016CAWin32.xml") returned 0x4f [0239.873] GetLastError () returned 0x0 [0239.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", cchCount2=8) returned 1 [0239.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", cchCount2=4) returned 1 [0239.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", cchCount2=8) returned 1 [0239.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml", cchCount2=4) returned 1 [0239.873] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.874] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoutlook2016cawin32.xml")) returned 0 [0239.874] GetLastError () returned 0x5 [0239.874] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoutlook2016cawin32.xml")) returned 0x20 [0239.874] SetLastError (dwErrCode=0x5) [0239.874] GetLastError () returned 0x5 [0239.874] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.874] LocalFree (hMem=0x9509e0) returned 0x0 [0239.874] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.875] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.875] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoutlook2016cawin64.xml")) returned 0x20 [0239.875] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33478127904) returned 1 [0239.875] GetCurrentThreadId () returned 0x1130 [0239.875] GetCurrentThreadId () returned 0x1130 [0239.875] GetCurrentThreadId () returned 0x1130 [0239.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Q5UW5xb+2c;B=!}LH(jlp{Q@$p&,2z^ZYXzpVbD_*Se", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0239.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Q5UW5xb+2c;B=!}LH(jlp{Q@$p&,2z^ZYXzpVbD_*Se", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0239.875] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Q5UW5xb+2c;B=!}LH(jlp{Q@$p&,2z^ZYXzpVbD_*Se", cchWideChar=43, lpMultiByteStr=0x2525040, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Q5UW5xb+2c;B=!}LH(jlp{Q@$p&,2z^ZYXzpVbD_*See©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 43 [0239.875] GetCurrentThreadId () returned 0x1130 [0239.875] GetCurrentThreadId () returned 0x1130 [0239.876] GetCurrentThreadId () returned 0x1130 [0239.876] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoutlook2016cawin64.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.876] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [183].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [183].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.877] GetCurrentThreadId () returned 0x1130 [0239.877] GetCurrentThreadId () returned 0x1130 [0239.877] GetCurrentThreadId () returned 0x1130 [0239.877] GetCurrentThreadId () returned 0x1130 [0239.877] GetCurrentThreadId () returned 0x1130 [0239.877] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] malloc (_Size=0x64) returned 0x1d1338 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] GetCurrentThreadId () returned 0x1130 [0239.878] free (_Block=0x1d1338) [0239.878] malloc (_Size=0x60) returned 0x1d1338 [0239.878] free (_Block=0x1d1338) [0239.878] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.878] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x509 [0239.879] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.879] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.879] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x509 [0239.879] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.879] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x509, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x509, lpOverlapped=0x0) returned 1 [0239.881] malloc (_Size=0x8c) returned 0x1d1338 [0239.881] malloc (_Size=0xfc) returned 0x31d7c00 [0239.881] malloc (_Size=0x40) returned 0x1d14e8 [0239.881] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.882] malloc (_Size=0x40) returned 0x1d7470 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.882] GetCurrentThreadId () returned 0x1130 [0239.883] malloc (_Size=0xc) returned 0x31e1d18 [0239.883] malloc (_Size=0x720) returned 0x31d2860 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] free (_Block=0x31e40b0) [0239.883] free (_Block=0x1d14e8) [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.883] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] GetCurrentThreadId () returned 0x1130 [0239.884] free (_Block=0x31d2860) [0239.884] free (_Block=0x31e1d18) [0239.884] free (_Block=0x1d7470) [0239.884] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c64f8*, nNumberOfBytesToWrite=0x6f4, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c64f8*, lpNumberOfBytesWritten=0x19fbbc*=0x6f4, lpOverlapped=0x0) returned 1 [0239.885] free (_Block=0x31d7c00) [0239.885] free (_Block=0x1d1338) [0239.885] CloseHandle (hObject=0x2b4) returned 1 [0239.886] CloseHandle (hObject=0x404) returned 1 [0239.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", cchCount2=8) returned 1 [0239.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", cchCount2=4) returned 1 [0239.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", cchCount2=8) returned 1 [0239.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", cchCount2=4) returned 1 [0239.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", cchCount2=8) returned 1 [0239.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", cchCount2=4) returned 1 [0239.886] SetLastError (dwErrCode=0x0) [0239.886] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", lpFilePart=0x19f9f8*="MicrosoftOutlook2016CAWin64.xml") returned 0x4f [0239.886] GetLastError () returned 0x0 [0239.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", cchCount2=8) returned 1 [0239.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", cchCount2=4) returned 1 [0239.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", cchCount2=8) returned 1 [0239.886] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml", cchCount2=4) returned 1 [0239.886] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.886] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoutlook2016cawin64.xml")) returned 0 [0239.887] GetLastError () returned 0x5 [0239.887] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftOutlook2016CAWin64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftoutlook2016cawin64.xml")) returned 0x20 [0239.887] SetLastError (dwErrCode=0x5) [0239.887] GetLastError () returned 0x5 [0239.887] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.887] LocalFree (hMem=0x950c50) returned 0x0 [0239.887] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.887] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.888] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftskypeforbusiness2016win32.xml")) returned 0x20 [0239.888] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33479408018) returned 1 [0239.888] GetCurrentThreadId () returned 0x1130 [0239.888] GetCurrentThreadId () returned 0x1130 [0239.888] GetCurrentThreadId () returned 0x1130 [0239.888] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Y|`_85K/№4?C?6Uc1yQb№U;#1%.hOYC-181v+EA", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0239.888] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Y|`_85K/№4?C?6Uc1yQb№U;#1%.hOYC-181v+EA", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0239.888] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Y|`_85K/№4?C?6Uc1yQb№U;#1%.hOYC-181v+EA", cchWideChar=39, lpMultiByteStr=0x2524fd0, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Y|`_85K/â\x84\x964?C?6Uc1yQbâ\x84\x96U;#1%.hOYC-181v+EA)qPR\x02\x01", lpUsedDefaultChar=0x0) returned 43 [0239.888] GetCurrentThreadId () returned 0x1130 [0239.888] GetCurrentThreadId () returned 0x1130 [0239.888] GetCurrentThreadId () returned 0x1130 [0239.888] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftskypeforbusiness2016win32.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.888] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [184].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [184].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.910] GetCurrentThreadId () returned 0x1130 [0239.910] GetCurrentThreadId () returned 0x1130 [0239.910] GetCurrentThreadId () returned 0x1130 [0239.910] GetCurrentThreadId () returned 0x1130 [0239.910] GetCurrentThreadId () returned 0x1130 [0239.910] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] malloc (_Size=0x64) returned 0x1d1338 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] GetCurrentThreadId () returned 0x1130 [0239.911] free (_Block=0x1d1338) [0239.911] malloc (_Size=0x60) returned 0x1d1338 [0239.911] free (_Block=0x1d1338) [0239.911] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.911] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xb4b [0239.911] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.911] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.911] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xb4b [0239.912] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.912] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xb4b, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xb4b, lpOverlapped=0x0) returned 1 [0239.913] malloc (_Size=0x8c) returned 0x1d1338 [0239.913] malloc (_Size=0xfc) returned 0x31d73c0 [0239.913] malloc (_Size=0x40) returned 0x1d14e8 [0239.913] GetCurrentThreadId () returned 0x1130 [0239.913] GetCurrentThreadId () returned 0x1130 [0239.913] GetCurrentThreadId () returned 0x1130 [0239.913] GetCurrentThreadId () returned 0x1130 [0239.913] GetCurrentThreadId () returned 0x1130 [0239.913] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.914] malloc (_Size=0x40) returned 0x1d7470 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] GetCurrentThreadId () returned 0x1130 [0239.914] malloc (_Size=0xc) returned 0x31e1ca0 [0239.914] malloc (_Size=0x720) returned 0x31d2860 [0239.914] malloc (_Size=0xe3c) returned 0x1d9aa8 [0239.915] free (_Block=0x31d2860) [0239.915] malloc (_Size=0x1454) returned 0x1da8f0 [0239.915] free (_Block=0x1d9aa8) [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] free (_Block=0x31e40b0) [0239.915] free (_Block=0x1d14e8) [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.915] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] GetCurrentThreadId () returned 0x1130 [0239.916] free (_Block=0x1da8f0) [0239.916] free (_Block=0x31e1ca0) [0239.916] free (_Block=0x1d7470) [0239.916] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b73d8*, nNumberOfBytesToWrite=0xf69, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b73d8*, lpNumberOfBytesWritten=0x19fbbc*=0xf69, lpOverlapped=0x0) returned 1 [0239.917] free (_Block=0x31d73c0) [0239.917] free (_Block=0x1d1338) [0239.917] CloseHandle (hObject=0x2b4) returned 1 [0239.918] CloseHandle (hObject=0x404) returned 1 [0239.918] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", cchCount2=8) returned 1 [0239.918] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", cchCount2=4) returned 1 [0239.918] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", cchCount2=8) returned 1 [0239.918] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", cchCount2=4) returned 1 [0239.918] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", cchCount2=8) returned 1 [0239.918] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", cchCount2=4) returned 1 [0239.918] SetLastError (dwErrCode=0x0) [0239.918] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", lpFilePart=0x19f9f8*="MicrosoftSkypeForBusiness2016Win32.xml") returned 0x56 [0239.918] GetLastError () returned 0x0 [0239.918] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", cchCount2=8) returned 1 [0239.918] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", cchCount2=4) returned 1 [0239.918] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", cchCount2=8) returned 1 [0239.918] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml", cchCount2=4) returned 1 [0239.918] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.919] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftskypeforbusiness2016win32.xml")) returned 0 [0239.919] GetLastError () returned 0x5 [0239.919] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win32.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftskypeforbusiness2016win32.xml")) returned 0x20 [0239.919] SetLastError (dwErrCode=0x5) [0239.919] GetLastError () returned 0x5 [0239.919] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.919] LocalFree (hMem=0x9509e0) returned 0x0 [0239.919] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.919] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.920] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftskypeforbusiness2016win64.xml")) returned 0x20 [0239.923] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33482949497) returned 1 [0239.923] GetCurrentThreadId () returned 0x1130 [0239.923] GetCurrentThreadId () returned 0x1130 [0239.923] GetCurrentThreadId () returned 0x1130 [0239.923] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="93<@O}#EJI9fx`*HsGszU-;q.x:{-lO1|R~3,>)ynB}", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0239.924] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="93<@O}#EJI9fx`*HsGszU-;q.x:{-lO1|R~3,>)ynB}", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0239.924] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="93<@O}#EJI9fx`*HsGszU-;q.x:{-lO1|R~3,>)ynB}", cchWideChar=43, lpMultiByteStr=0x2525040, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="93<@O}#EJI9fx`*HsGszU-;q.x:{-lO1|R~3,>)ynB}e©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 43 [0239.924] GetCurrentThreadId () returned 0x1130 [0239.924] GetCurrentThreadId () returned 0x1130 [0239.924] GetCurrentThreadId () returned 0x1130 [0239.924] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftskypeforbusiness2016win64.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.924] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [185].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [185].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.924] GetCurrentThreadId () returned 0x1130 [0239.924] GetCurrentThreadId () returned 0x1130 [0239.924] GetCurrentThreadId () returned 0x1130 [0239.924] GetCurrentThreadId () returned 0x1130 [0239.924] GetCurrentThreadId () returned 0x1130 [0239.924] GetCurrentThreadId () returned 0x1130 [0239.924] GetCurrentThreadId () returned 0x1130 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] malloc (_Size=0x64) returned 0x1d1338 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] GetCurrentThreadId () returned 0x1130 [0239.925] free (_Block=0x1d1338) [0239.925] malloc (_Size=0x60) returned 0x1d1338 [0239.925] free (_Block=0x1d1338) [0239.925] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.925] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xb4b [0239.925] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.925] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.925] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xb4b [0239.925] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.926] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xb4b, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xb4b, lpOverlapped=0x0) returned 1 [0239.927] malloc (_Size=0x8c) returned 0x1d1338 [0239.927] malloc (_Size=0xfc) returned 0x31d71b0 [0239.927] malloc (_Size=0x40) returned 0x1d14e8 [0239.927] GetCurrentThreadId () returned 0x1130 [0239.927] GetCurrentThreadId () returned 0x1130 [0239.927] GetCurrentThreadId () returned 0x1130 [0239.927] GetCurrentThreadId () returned 0x1130 [0239.927] GetCurrentThreadId () returned 0x1130 [0239.927] GetCurrentThreadId () returned 0x1130 [0239.927] GetCurrentThreadId () returned 0x1130 [0239.927] GetCurrentThreadId () returned 0x1130 [0239.927] GetCurrentThreadId () returned 0x1130 [0239.927] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.928] malloc (_Size=0x40) returned 0x1d7470 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] GetCurrentThreadId () returned 0x1130 [0239.928] malloc (_Size=0xc) returned 0x31e1dc0 [0239.928] malloc (_Size=0x720) returned 0x31d2860 [0239.928] malloc (_Size=0xe3c) returned 0x1d9aa8 [0239.928] free (_Block=0x31d2860) [0239.928] malloc (_Size=0x1454) returned 0x1da8f0 [0239.929] free (_Block=0x1d9aa8) [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] free (_Block=0x31e40b0) [0239.929] free (_Block=0x1d14e8) [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.929] GetCurrentThreadId () returned 0x1130 [0239.930] GetCurrentThreadId () returned 0x1130 [0239.930] GetCurrentThreadId () returned 0x1130 [0239.930] GetCurrentThreadId () returned 0x1130 [0239.930] GetCurrentThreadId () returned 0x1130 [0239.930] GetCurrentThreadId () returned 0x1130 [0239.930] GetCurrentThreadId () returned 0x1130 [0239.930] GetCurrentThreadId () returned 0x1130 [0239.930] GetCurrentThreadId () returned 0x1130 [0239.930] GetCurrentThreadId () returned 0x1130 [0239.930] free (_Block=0x1da8f0) [0239.930] free (_Block=0x31e1dc0) [0239.930] free (_Block=0x1d7470) [0239.930] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b73d8*, nNumberOfBytesToWrite=0xf69, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b73d8*, lpNumberOfBytesWritten=0x19fbbc*=0xf69, lpOverlapped=0x0) returned 1 [0239.931] free (_Block=0x31d71b0) [0239.931] free (_Block=0x1d1338) [0239.931] CloseHandle (hObject=0x2b4) returned 1 [0239.931] CloseHandle (hObject=0x404) returned 1 [0239.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", cchCount2=8) returned 1 [0239.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", cchCount2=4) returned 1 [0239.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", cchCount2=8) returned 1 [0239.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", cchCount2=4) returned 1 [0239.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", cchCount2=8) returned 1 [0239.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", cchCount2=4) returned 1 [0239.932] SetLastError (dwErrCode=0x0) [0239.932] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", lpFilePart=0x19f9f8*="MicrosoftSkypeForBusiness2016Win64.xml") returned 0x56 [0239.932] GetLastError () returned 0x0 [0239.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", cchCount2=8) returned 1 [0239.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", cchCount2=4) returned 1 [0239.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", cchCount2=8) returned 1 [0239.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml", cchCount2=4) returned 1 [0239.932] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.932] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftskypeforbusiness2016win64.xml")) returned 0 [0239.932] GetLastError () returned 0x5 [0239.932] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftSkypeForBusiness2016Win64.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftskypeforbusiness2016win64.xml")) returned 0x20 [0239.933] SetLastError (dwErrCode=0x5) [0239.933] GetLastError () returned 0x5 [0239.933] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ૐ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.933] LocalFree (hMem=0x950ad0) returned 0x0 [0239.933] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.933] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.933] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftwordpad.xml")) returned 0x20 [0239.933] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33483962471) returned 1 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`U$tB`w;c/`6q:w#kJ_^~\\zWeK", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0239.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`U$tB`w;c/`6q:w#kJ_^~\\zWeK", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0239.934] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`U$tB`w;c/`6q:w#kJ_^~\\zWeK", cchWideChar=30, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="`U$tB`w;c/`6q:w#kJ_^~\\zWeK", lpUsedDefaultChar=0x0) returned 30 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftwordpad.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.934] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [186].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [186].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.934] GetCurrentThreadId () returned 0x1130 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] malloc (_Size=0x64) returned 0x1d1338 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] GetCurrentThreadId () returned 0x1130 [0239.935] free (_Block=0x1d1338) [0239.935] malloc (_Size=0x60) returned 0x1d1338 [0239.935] free (_Block=0x1d1338) [0239.935] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.935] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3ed [0239.935] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.935] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.935] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3ed [0239.935] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.936] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x3ed, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x3ed, lpOverlapped=0x0) returned 1 [0239.939] malloc (_Size=0x8c) returned 0x1d1338 [0239.939] malloc (_Size=0xfc) returned 0x31d73c0 [0239.939] malloc (_Size=0x40) returned 0x1d14e8 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] GetCurrentThreadId () returned 0x1130 [0239.939] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.940] malloc (_Size=0x40) returned 0x1d7470 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] malloc (_Size=0xc) returned 0x31e1ca0 [0239.940] malloc (_Size=0x720) returned 0x31d2860 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.940] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] free (_Block=0x31e40b0) [0239.941] free (_Block=0x1d14e8) [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] GetCurrentThreadId () returned 0x1130 [0239.941] free (_Block=0x31d2860) [0239.941] free (_Block=0x31e1ca0) [0239.941] free (_Block=0x1d7470) [0239.941] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c2df8*, nNumberOfBytesToWrite=0x56e, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c2df8*, lpNumberOfBytesWritten=0x19fbbc*=0x56e, lpOverlapped=0x0) returned 1 [0239.942] free (_Block=0x31d73c0) [0239.943] free (_Block=0x1d1338) [0239.943] CloseHandle (hObject=0x2b4) returned 1 [0239.943] CloseHandle (hObject=0x404) returned 1 [0239.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", cchCount2=8) returned 1 [0239.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", cchCount2=4) returned 1 [0239.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", cchCount2=8) returned 1 [0239.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", cchCount2=4) returned 1 [0239.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", cchCount2=8) returned 1 [0239.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", cchCount2=4) returned 1 [0239.943] SetLastError (dwErrCode=0x0) [0239.943] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", lpFilePart=0x19f9f8*="MicrosoftWordpad.xml") returned 0x44 [0239.943] GetLastError () returned 0x0 [0239.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", cchCount2=8) returned 1 [0239.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", cchCount2=4) returned 1 [0239.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", cchCount2=8) returned 1 [0239.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml", cchCount2=4) returned 1 [0239.944] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.944] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftwordpad.xml")) returned 0 [0239.944] GetLastError () returned 0x5 [0239.944] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\MicrosoftWordpad.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\microsoftwordpad.xml")) returned 0x20 [0239.944] SetLastError (dwErrCode=0x5) [0239.944] GetLastError () returned 0x5 [0239.944] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.944] LocalFree (hMem=0x950b90) returned 0x0 [0239.944] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.945] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.945] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\NetworkPrinters.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\networkprinters.xml")) returned 0x20 [0239.948] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33485435995) returned 1 [0239.948] GetCurrentThreadId () returned 0x1130 [0239.948] GetCurrentThreadId () returned 0x1130 [0239.948] GetCurrentThreadId () returned 0x1130 [0239.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pCxHWf5№//I:>^l", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0239.968] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wr+VbC|`QbD=Ut!mj,u\"$c(l%>//I:>^l", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0239.968] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wr+VbC|`QbD=Ut!mj,u\"$c(l%>//I:>^l", cchWideChar=37, lpMultiByteStr=0x2525040, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wr+VbC|`QbD=Ut!mj,u\"$c(l%>//I:>^l", lpUsedDefaultChar=0x0) returned 37 [0239.968] GetCurrentThreadId () returned 0x1130 [0239.969] GetCurrentThreadId () returned 0x1130 [0239.969] GetCurrentThreadId () returned 0x1130 [0239.969] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\roamingcredentialsettings.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.969] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [188].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [188].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.969] GetCurrentThreadId () returned 0x1130 [0239.969] GetCurrentThreadId () returned 0x1130 [0239.969] GetCurrentThreadId () returned 0x1130 [0239.969] GetCurrentThreadId () returned 0x1130 [0239.969] GetCurrentThreadId () returned 0x1130 [0239.969] GetCurrentThreadId () returned 0x1130 [0239.969] GetCurrentThreadId () returned 0x1130 [0239.969] GetCurrentThreadId () returned 0x1130 [0239.970] GetCurrentThreadId () returned 0x1130 [0239.970] GetCurrentThreadId () returned 0x1130 [0239.971] GetCurrentThreadId () returned 0x1130 [0239.971] GetCurrentThreadId () returned 0x1130 [0239.971] GetCurrentThreadId () returned 0x1130 [0239.971] malloc (_Size=0x64) returned 0x1d1338 [0239.971] GetCurrentThreadId () returned 0x1130 [0239.971] GetCurrentThreadId () returned 0x1130 [0239.971] GetCurrentThreadId () returned 0x1130 [0239.971] GetCurrentThreadId () returned 0x1130 [0239.971] GetCurrentThreadId () returned 0x1130 [0239.971] GetCurrentThreadId () returned 0x1130 [0239.971] free (_Block=0x1d1338) [0239.971] malloc (_Size=0x60) returned 0x1d1338 [0239.971] free (_Block=0x1d1338) [0239.971] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.971] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xd59 [0239.971] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.971] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.971] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xd59 [0239.971] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.971] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xd59, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xd59, lpOverlapped=0x0) returned 1 [0239.972] malloc (_Size=0x8c) returned 0x1d1338 [0239.972] malloc (_Size=0xfc) returned 0x31d75d0 [0239.972] malloc (_Size=0x40) returned 0x1d14e8 [0239.972] GetCurrentThreadId () returned 0x1130 [0239.972] GetCurrentThreadId () returned 0x1130 [0239.972] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.973] malloc (_Size=0x40) returned 0x1d7470 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] GetCurrentThreadId () returned 0x1130 [0239.973] malloc (_Size=0xc) returned 0x31e1ca0 [0239.973] malloc (_Size=0x720) returned 0x31d2860 [0239.973] malloc (_Size=0xe3c) returned 0x1d9aa8 [0239.974] free (_Block=0x31d2860) [0239.974] malloc (_Size=0x15ac) returned 0x1da8f0 [0239.974] free (_Block=0x1d9aa8) [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] GetCurrentThreadId () returned 0x1130 [0239.974] free (_Block=0x31e40b0) [0239.974] free (_Block=0x1d14e8) [0239.974] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] GetCurrentThreadId () returned 0x1130 [0239.975] free (_Block=0x1da8f0) [0239.975] free (_Block=0x31e1ca0) [0239.975] free (_Block=0x1d7470) [0239.975] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b75d8*, nNumberOfBytesToWrite=0x1234, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b75d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1234, lpOverlapped=0x0) returned 1 [0239.976] free (_Block=0x31d75d0) [0239.976] free (_Block=0x1d1338) [0239.976] CloseHandle (hObject=0x2b4) returned 1 [0239.977] CloseHandle (hObject=0x404) returned 1 [0239.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", cchCount2=8) returned 1 [0239.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", cchCount2=4) returned 1 [0239.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", cchCount2=8) returned 1 [0239.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", cchCount2=4) returned 1 [0239.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", cchCount2=8) returned 1 [0239.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", cchCount2=4) returned 1 [0239.977] SetLastError (dwErrCode=0x0) [0239.977] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", lpFilePart=0x19f9f8*="RoamingCredentialSettings.xml") returned 0x4d [0239.977] GetLastError () returned 0x0 [0239.977] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", cchCount2=8) returned 1 [0239.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", cchCount2=4) returned 1 [0239.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", cchCount2=8) returned 1 [0239.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml", cchCount2=4) returned 1 [0239.978] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.978] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\roamingcredentialsettings.xml")) returned 0 [0239.978] GetLastError () returned 0x5 [0239.978] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\RoamingCredentialSettings.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\roamingcredentialsettings.xml")) returned 0x20 [0239.978] SetLastError (dwErrCode=0x5) [0239.978] GetLastError () returned 0x5 [0239.978] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.978] LocalFree (hMem=0x950b30) returned 0x0 [0239.978] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.979] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.979] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\themesettings2013.xml")) returned 0x20 [0239.980] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33488621362) returned 1 [0239.980] GetCurrentThreadId () returned 0x1130 [0239.980] GetCurrentThreadId () returned 0x1130 [0239.980] GetCurrentThreadId () returned 0x1130 [0239.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cs%o{}~№%51Ca4{/B&%!/T|htTz$`4HVjmB_Ev&", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0239.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cs%o{}~№%51Ca4{/B&%!/T|htTz$`4HVjmB_Ev&", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0239.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cs%o{}~№%51Ca4{/B&%!/T|htTz$`4HVjmB_Ev&", cchWideChar=39, lpMultiByteStr=0x2524fd0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cs%o{}~â\x84\x96%51Ca4{/B&%!/T|htTz$`4HVjmB_Ev&EA)qPR\x02\x01", lpUsedDefaultChar=0x0) returned 41 [0239.980] GetCurrentThreadId () returned 0x1130 [0239.980] GetCurrentThreadId () returned 0x1130 [0239.980] GetCurrentThreadId () returned 0x1130 [0239.980] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\themesettings2013.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.981] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [189].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [189].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.981] GetCurrentThreadId () returned 0x1130 [0239.982] GetCurrentThreadId () returned 0x1130 [0239.982] malloc (_Size=0x64) returned 0x1d1338 [0239.982] GetCurrentThreadId () returned 0x1130 [0239.982] GetCurrentThreadId () returned 0x1130 [0239.982] GetCurrentThreadId () returned 0x1130 [0239.982] GetCurrentThreadId () returned 0x1130 [0239.982] GetCurrentThreadId () returned 0x1130 [0239.982] GetCurrentThreadId () returned 0x1130 [0239.982] free (_Block=0x1d1338) [0239.982] malloc (_Size=0x60) returned 0x1d1338 [0239.982] free (_Block=0x1d1338) [0239.982] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.982] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa2e [0239.982] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.982] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.982] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa2e [0239.982] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.983] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xa2e, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xa2e, lpOverlapped=0x0) returned 1 [0239.984] malloc (_Size=0x8c) returned 0x1d1338 [0239.984] malloc (_Size=0xfc) returned 0x31d72b8 [0239.984] malloc (_Size=0x40) returned 0x1d14e8 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.984] GetCurrentThreadId () returned 0x1130 [0239.985] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.985] malloc (_Size=0x40) returned 0x1d7470 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] GetCurrentThreadId () returned 0x1130 [0239.985] malloc (_Size=0xc) returned 0x31e1ef8 [0239.985] malloc (_Size=0x720) returned 0x31d2860 [0239.985] malloc (_Size=0xe3c) returned 0x1d9aa8 [0239.986] free (_Block=0x31d2860) [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] free (_Block=0x31e40b0) [0239.986] free (_Block=0x1d14e8) [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.986] GetCurrentThreadId () returned 0x1130 [0239.987] GetCurrentThreadId () returned 0x1130 [0239.987] GetCurrentThreadId () returned 0x1130 [0239.987] GetCurrentThreadId () returned 0x1130 [0239.987] GetCurrentThreadId () returned 0x1130 [0239.987] GetCurrentThreadId () returned 0x1130 [0239.987] GetCurrentThreadId () returned 0x1130 [0239.987] GetCurrentThreadId () returned 0x1130 [0239.987] GetCurrentThreadId () returned 0x1130 [0239.987] GetCurrentThreadId () returned 0x1130 [0239.987] free (_Block=0x1d9aa8) [0239.987] free (_Block=0x31e1ef8) [0239.987] free (_Block=0x1d7470) [0239.987] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xde3, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xde3, lpOverlapped=0x0) returned 1 [0239.988] free (_Block=0x31d72b8) [0239.988] free (_Block=0x1d1338) [0239.988] CloseHandle (hObject=0x2b4) returned 1 [0239.989] CloseHandle (hObject=0x404) returned 1 [0239.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", cchCount2=8) returned 1 [0239.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", cchCount2=4) returned 1 [0239.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", cchCount2=8) returned 1 [0239.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", cchCount2=4) returned 1 [0239.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", cchCount2=8) returned 1 [0239.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", cchCount2=4) returned 1 [0239.989] SetLastError (dwErrCode=0x0) [0239.989] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", lpFilePart=0x19f9f8*="ThemeSettings2013.xml") returned 0x45 [0239.989] GetLastError () returned 0x0 [0239.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", cchCount2=8) returned 1 [0239.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", cchCount2=4) returned 1 [0239.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", cchCount2=8) returned 1 [0239.989] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml", cchCount2=4) returned 1 [0239.989] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0239.989] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\themesettings2013.xml")) returned 0 [0239.990] GetLastError () returned 0x5 [0239.990] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\ThemeSettings2013.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\themesettings2013.xml")) returned 0x20 [0239.990] SetLastError (dwErrCode=0x5) [0239.990] GetLastError () returned 0x5 [0239.990] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0239.990] LocalFree (hMem=0x9508c0) returned 0x0 [0239.990] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0239.990] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0239.990] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\vdistate.xml")) returned 0x20 [0239.991] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33489727355) returned 1 [0239.991] GetCurrentThreadId () returned 0x1130 [0239.991] GetCurrentThreadId () returned 0x1130 [0239.991] GetCurrentThreadId () returned 0x1130 [0239.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Q:DNj\\dO#pe=fDuvS&GBXj.tTJE!W+eefR4WM^A$s", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0239.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Q:DNj\\dO#pe=fDuvS&GBXj.tTJE!W+eefR4WM^A$s", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0239.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Q:DNj\\dO#pe=fDuvS&GBXj.tTJE!W+eefR4WM^A$s", cchWideChar=41, lpMultiByteStr=0x2525040, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Q:DNj\\dO#pe=fDuvS&GBXj.tTJE!W+eefR4WM^A$sB}e©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 41 [0239.991] GetCurrentThreadId () returned 0x1130 [0239.991] GetCurrentThreadId () returned 0x1130 [0239.991] GetCurrentThreadId () returned 0x1130 [0239.991] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\vdistate.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0239.992] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [190].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\Файл зашифрован. Пиши. Почта clubnika@elude.in [190].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0239.992] GetCurrentThreadId () returned 0x1130 [0239.992] GetCurrentThreadId () returned 0x1130 [0239.992] GetCurrentThreadId () returned 0x1130 [0239.992] GetCurrentThreadId () returned 0x1130 [0239.992] GetCurrentThreadId () returned 0x1130 [0239.992] GetCurrentThreadId () returned 0x1130 [0239.992] GetCurrentThreadId () returned 0x1130 [0239.992] GetCurrentThreadId () returned 0x1130 [0239.993] GetCurrentThreadId () returned 0x1130 [0239.993] GetCurrentThreadId () returned 0x1130 [0239.993] GetCurrentThreadId () returned 0x1130 [0239.993] GetCurrentThreadId () returned 0x1130 [0239.993] GetCurrentThreadId () returned 0x1130 [0239.993] malloc (_Size=0x64) returned 0x1d1338 [0239.993] GetCurrentThreadId () returned 0x1130 [0239.993] GetCurrentThreadId () returned 0x1130 [0239.993] GetCurrentThreadId () returned 0x1130 [0239.993] GetCurrentThreadId () returned 0x1130 [0239.993] GetCurrentThreadId () returned 0x1130 [0239.993] GetCurrentThreadId () returned 0x1130 [0239.993] free (_Block=0x1d1338) [0239.993] malloc (_Size=0x60) returned 0x1d1338 [0239.993] free (_Block=0x1d1338) [0239.993] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.993] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x37c [0239.993] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.994] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.994] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x37c [0239.994] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0239.994] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x37c, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x37c, lpOverlapped=0x0) returned 1 [0239.996] malloc (_Size=0x8c) returned 0x1d1338 [0239.996] malloc (_Size=0xfc) returned 0x31d73c0 [0239.996] malloc (_Size=0x40) returned 0x1d14e8 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] malloc (_Size=0xa5c) returned 0x31e40b0 [0239.996] malloc (_Size=0x40) returned 0x1d7470 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] GetCurrentThreadId () returned 0x1130 [0239.996] malloc (_Size=0xc) returned 0x31e1ca0 [0239.996] malloc (_Size=0x670) returned 0x31d2860 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] free (_Block=0x31e40b0) [0239.997] free (_Block=0x1d14e8) [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.997] GetCurrentThreadId () returned 0x1130 [0239.998] GetCurrentThreadId () returned 0x1130 [0239.998] GetCurrentThreadId () returned 0x1130 [0239.998] GetCurrentThreadId () returned 0x1130 [0239.998] GetCurrentThreadId () returned 0x1130 [0239.998] free (_Block=0x31d2860) [0239.998] free (_Block=0x31e1ca0) [0239.998] free (_Block=0x1d7470) [0239.998] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c1bf8*, nNumberOfBytesToWrite=0x4d3, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c1bf8*, lpNumberOfBytesWritten=0x19fbbc*=0x4d3, lpOverlapped=0x0) returned 1 [0239.999] free (_Block=0x31d73c0) [0239.999] free (_Block=0x1d1338) [0239.999] CloseHandle (hObject=0x2b4) returned 1 [0239.999] CloseHandle (hObject=0x404) returned 1 [0239.999] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", cchCount2=8) returned 1 [0239.999] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", cchCount2=4) returned 1 [0239.999] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", cchCount2=8) returned 1 [0239.999] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", cchCount2=4) returned 1 [0239.999] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", cchCount2=8) returned 1 [0239.999] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", cchCount2=4) returned 1 [0240.000] SetLastError (dwErrCode=0x0) [0240.000] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", lpFilePart=0x19f9f8*="VdiState.xml") returned 0x3c [0240.000] GetLastError () returned 0x0 [0240.000] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", cchCount2=8) returned 1 [0240.000] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", cchCount2=4) returned 1 [0240.000] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", cchCount2=8) returned 1 [0240.000] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml", cchCount2=4) returned 1 [0240.000] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates")) returned 0x10 [0240.000] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\vdistate.xml")) returned 0 [0240.000] GetLastError () returned 0x5 [0240.000] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\UEV\\InboxTemplates\\VdiState.xml" (normalized: "c:\\users\\all users\\microsoft\\uev\\inboxtemplates\\vdistate.xml")) returned 0x20 [0240.001] SetLastError (dwErrCode=0x5) [0240.001] GetLastError () returned 0x5 [0240.001] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fc54, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﱴ\x19充Oﲀ\x19兯Oﱴ\x19") returned 0x13 [0240.001] LocalFree (hMem=0x9509e0) returned 0x0 [0240.001] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc44) [0240.001] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f060, ReturnValue=0x0) [0240.002] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default user.dat")) returned 0x20 [0240.002] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33490865161) returned 1 [0240.003] GetCurrentThreadId () returned 0x1130 [0240.003] GetCurrentThreadId () returned 0x1130 [0240.003] GetCurrentThreadId () returned 0x1130 [0240.003] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PaI^/:xio>e|{#LE?gm9R*M8:s", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0240.003] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PaI^/:xio>e|{#LE?gm9R*M8:s", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0240.003] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PaI^/:xio>e|{#LE?gm9R*M8:s", cchWideChar=26, lpMultiByteStr=0x2508f38, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PaI^/:xio>e|{#LE?gm9R*M8:s", lpUsedDefaultChar=0x0) returned 26 [0240.003] GetCurrentThreadId () returned 0x1130 [0240.003] GetCurrentThreadId () returned 0x1130 [0240.003] GetCurrentThreadId () returned 0x1130 [0240.003] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default user.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.003] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] malloc (_Size=0x64) returned 0x1d1338 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.023] GetCurrentThreadId () returned 0x1130 [0240.024] GetCurrentThreadId () returned 0x1130 [0240.024] GetCurrentThreadId () returned 0x1130 [0240.024] GetCurrentThreadId () returned 0x1130 [0240.024] free (_Block=0x1d1338) [0240.024] malloc (_Size=0x60) returned 0x1d1338 [0240.024] free (_Block=0x1d1338) [0240.024] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.024] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x930d0 [0240.024] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.024] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fe10000 [0240.034] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.034] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x930d0 [0240.034] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.034] ReadFile (in: hFile=0x404, lpBuffer=0x7fe10018, nNumberOfBytesToRead=0x930d0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fe10018*, lpNumberOfBytesRead=0x19fbc8*=0x930d0, lpOverlapped=0x0) returned 1 [0240.042] malloc (_Size=0x8c) returned 0x1d1338 [0240.042] malloc (_Size=0xfc) returned 0x31d7e10 [0240.042] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd70000 [0240.054] malloc (_Size=0x40) returned 0x1d14e8 [0240.054] GetCurrentThreadId () returned 0x1130 [0240.054] GetCurrentThreadId () returned 0x1130 [0240.054] GetCurrentThreadId () returned 0x1130 [0240.054] GetCurrentThreadId () returned 0x1130 [0240.054] GetCurrentThreadId () returned 0x1130 [0240.054] GetCurrentThreadId () returned 0x1130 [0240.054] GetCurrentThreadId () returned 0x1130 [0240.054] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] malloc (_Size=0xa5c) returned 0x31e40b0 [0240.055] malloc (_Size=0x40) returned 0x1d7470 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] GetCurrentThreadId () returned 0x1130 [0240.055] malloc (_Size=0xc) returned 0x31e1ca0 [0240.055] malloc (_Size=0x720) returned 0x31d2860 [0240.055] malloc (_Size=0xe3c) returned 0x1d9aa8 [0240.055] free (_Block=0x31d2860) [0240.055] malloc (_Size=0x15ac) returned 0x1da8f0 [0240.055] free (_Block=0x1d9aa8) [0240.055] malloc (_Size=0x23e4) returned 0x1dbea8 [0240.056] free (_Block=0x1da8f0) [0240.056] malloc (_Size=0x3274) returned 0x3a60048 [0240.056] free (_Block=0x1dbea8) [0240.056] malloc (_Size=0x4820) returned 0x1d9aa8 [0240.056] free (_Block=0x3a60048) [0240.057] malloc (_Size=0x64e4) returned 0x3a60048 [0240.057] free (_Block=0x1d9aa8) [0240.057] malloc (_Size=0x8920) returned 0x3a66538 [0240.057] free (_Block=0x3a60048) [0240.057] malloc (_Size=0xbb90) returned 0x3a6ee60 [0240.058] free (_Block=0x3a66538) [0240.059] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0240.059] free (_Block=0x3a6ee60) [0240.060] malloc (_Size=0x1533c) returned 0x3a60048 [0240.060] free (_Block=0x3a7a9f8) [0240.060] malloc (_Size=0x1c704) returned 0x3a75390 [0240.060] free (_Block=0x3a60048) [0240.061] malloc (_Size=0x265c8) returned 0x3a91aa0 [0240.062] free (_Block=0x3a75390) [0240.063] malloc (_Size=0x33758) returned 0x31e4b18 [0240.104] free (_Block=0x3a91aa0) [0240.105] malloc (_Size=0x45104) returned 0x3a60048 [0240.105] free (_Block=0x31e4b18) [0240.105] malloc (_Size=0x5c874) returned 0x31e4b18 [0240.108] free (_Block=0x3a60048) [0240.110] malloc (_Size=0x7bac8) returned 0x3a60048 [0240.114] free (_Block=0x31e4b18) [0240.120] malloc (_Size=0xa5358) returned 0xa05020 [0240.128] free (_Block=0x3a60048) [0240.130] malloc (_Size=0xdcbac) returned 0x2d11020 [0240.152] free (_Block=0xa05020) [0240.158] VirtualAlloc (lpAddress=0x0, dwSize=0xd0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fca0000 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] free (_Block=0x31e40b0) [0240.169] free (_Block=0x1d14e8) [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.169] GetCurrentThreadId () returned 0x1130 [0240.170] GetCurrentThreadId () returned 0x1130 [0240.170] GetCurrentThreadId () returned 0x1130 [0240.170] GetCurrentThreadId () returned 0x1130 [0240.170] GetCurrentThreadId () returned 0x1130 [0240.170] GetCurrentThreadId () returned 0x1130 [0240.170] GetCurrentThreadId () returned 0x1130 [0240.170] GetCurrentThreadId () returned 0x1130 [0240.170] GetCurrentThreadId () returned 0x1130 [0240.170] GetCurrentThreadId () returned 0x1130 [0240.170] GetCurrentThreadId () returned 0x1130 [0240.170] GetCurrentThreadId () returned 0x1130 [0240.172] free (_Block=0x2d11020) [0240.179] free (_Block=0x31e1ca0) [0240.179] free (_Block=0x1d7470) [0240.179] WriteFile (in: hFile=0x2b4, lpBuffer=0x7fca0018*, nNumberOfBytesToWrite=0xc7245, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fca0018*, lpNumberOfBytesWritten=0x19fbbc*=0xc7245, lpOverlapped=0x0) returned 1 [0240.205] free (_Block=0x31d7e10) [0240.205] free (_Block=0x1d1338) [0240.205] VirtualFree (lpAddress=0x7fca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.211] VirtualFree (lpAddress=0x7fd70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.215] VirtualFree (lpAddress=0x7fe10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.215] CloseHandle (hObject=0x2b4) returned 1 [0240.216] CloseHandle (hObject=0x404) returned 1 [0240.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=8) returned 1 [0240.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=4) returned 1 [0240.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=8) returned 1 [0240.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=4) returned 1 [0240.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=8) returned 1 [0240.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=4) returned 1 [0240.216] SetLastError (dwErrCode=0x0) [0240.216] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", lpFilePart=0x19f9f8*="Default User.dat") returned 0x43 [0240.217] GetLastError () returned 0x0 [0240.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=8) returned 1 [0240.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=4) returned 1 [0240.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=8) returned 1 [0240.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=4) returned 1 [0240.217] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.217] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default user.dat")) returned 1 [0240.231] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x10, wMilliseconds=0xc2)) [0240.232] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0240.232] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.232] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0240.232] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.232] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0240.232] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.232] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0240.232] CloseHandle (hObject=0x404) returned 1 [0240.233] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Default User.dat]omgp:[PaI^/:xio>e|{#LE?gm9R*M8:s]", cchWideChar=56, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0240.233] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Default User.dat]omgp:[PaI^/:xio>e|{#LE?gm9R*M8:s]", cchWideChar=56, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0240.233] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Default User.dat]omgp:[PaI^/:xio>e|{#LE?gm9R*M8:s]", cchWideChar=56, lpMultiByteStr=0x2516b18, cbMultiByte=56, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[Default User.dat]omgp:[PaI^/:xio>e|{#LE?gm9R*M8:s]", lpUsedDefaultChar=0x0) returned 56 [0240.245] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0240.245] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA=") returned 172 [0240.245] GetCurrentThreadId () returned 0x1130 [0240.245] GetCurrentThreadId () returned 0x1130 [0240.245] GetCurrentThreadId () returned 0x1130 [0240.245] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.246] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.246] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.246] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.246] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.246] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.246] SetLastError (dwErrCode=0x0) [0240.246] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320") returned 0x7e [0240.246] GetLastError () returned 0x0 [0240.246] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.246] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.246] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.246] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.246] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.246] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].wannacash ncov v310320")) returned 0x20 [0240.246] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [191].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.246] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0240.246] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.247] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xc7245 [0240.247] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.247] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0240.247] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.247] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.247] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.247] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.247] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.247] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.247] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.247] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3") returned 197 [0240.247] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.247] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3") returned 197 [0240.247] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xc7245 [0240.247] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.247] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.247] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:nRrtDCYBA5aDTgzT2CKySXUpbq/V4n8LMTEksSRYgzUbJC7VwiwRqmWoqdLixBwHTuFzw9sEjg1suEiYGH3kN8TEDWJbbRLeByps4pmaVRdt8nPhJzz837rRGqejFHxwAq1tkfa2kpizqrtXlcEIcUz2yPiix420T4iZwAL+QSA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.247] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0240.248] CloseHandle (hObject=0x404) returned 1 [0240.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=8) returned 1 [0240.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=4) returned 1 [0240.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=8) returned 1 [0240.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=4) returned 1 [0240.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=8) returned 1 [0240.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=4) returned 1 [0240.248] SetLastError (dwErrCode=0x0) [0240.248] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", lpFilePart=0x19fa34*="Default User.dat") returned 0x43 [0240.248] GetLastError () returned 0x0 [0240.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=8) returned 1 [0240.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=4) returned 1 [0240.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=8) returned 1 [0240.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat", cchCount2=4) returned 1 [0240.248] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.248] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default user.dat")) returned 0 [0240.248] GetLastError () returned 0x2 [0240.248] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Default User.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\default user.dat")) returned 0xffffffff [0240.248] SetLastError (dwErrCode=0x2) [0240.249] GetLastError () returned 0x2 [0240.249] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0240.249] LocalFree (hMem=0x92fe20) returned 0x0 [0240.249] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0240.249] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0240.249] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\fd1hvy.dat")) returned 0x20 [0240.250] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33515594490) returned 1 [0240.250] GetCurrentThreadId () returned 0x1130 [0240.250] GetCurrentThreadId () returned 0x1130 [0240.250] GetCurrentThreadId () returned 0x1130 [0240.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="c`/iUf(VN=+HE^PdS!fOQ>№c_|}№", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0240.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="c`/iUf(VN=+HE^PdS!fOQ>№c_|}№", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0240.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="c`/iUf(VN=+HE^PdS!fOQ>№c_|}№", cchWideChar=28, lpMultiByteStr=0x250f7b8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c`/iUf(VN=+HE^PdS!fOQ>â\x84\x96c_|}â\x84\x96", lpUsedDefaultChar=0x0) returned 32 [0240.250] GetCurrentThreadId () returned 0x1130 [0240.250] GetCurrentThreadId () returned 0x1130 [0240.250] GetCurrentThreadId () returned 0x1130 [0240.250] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\fd1hvy.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.250] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] GetCurrentThreadId () returned 0x1130 [0240.251] malloc (_Size=0x64) returned 0x1d1338 [0240.252] GetCurrentThreadId () returned 0x1130 [0240.252] GetCurrentThreadId () returned 0x1130 [0240.252] GetCurrentThreadId () returned 0x1130 [0240.252] GetCurrentThreadId () returned 0x1130 [0240.252] GetCurrentThreadId () returned 0x1130 [0240.252] GetCurrentThreadId () returned 0x1130 [0240.252] free (_Block=0x1d1338) [0240.252] malloc (_Size=0x60) returned 0x1d1338 [0240.252] free (_Block=0x1d1338) [0240.252] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.252] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.252] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.252] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.252] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.252] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.252] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0240.252] malloc (_Size=0x8c) returned 0x1d1338 [0240.252] malloc (_Size=0xfc) returned 0x31d77e0 [0240.252] malloc (_Size=0x40) returned 0x1d14e8 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] malloc (_Size=0xa5c) returned 0x31e40b0 [0240.253] malloc (_Size=0x40) returned 0x1d7470 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] malloc (_Size=0xc) returned 0x31e1e80 [0240.253] malloc (_Size=0x40) returned 0x1d74b8 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.253] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] free (_Block=0x31e40b0) [0240.254] free (_Block=0x1d14e8) [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.254] GetCurrentThreadId () returned 0x1130 [0240.255] free (_Block=0x1d74b8) [0240.255] free (_Block=0x31e1e80) [0240.255] free (_Block=0x1d7470) [0240.255] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0240.256] free (_Block=0x31d77e0) [0240.256] free (_Block=0x1d1338) [0240.256] CloseHandle (hObject=0x2b4) returned 1 [0240.256] CloseHandle (hObject=0x404) returned 1 [0240.256] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=8) returned 1 [0240.256] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=4) returned 1 [0240.256] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=8) returned 1 [0240.256] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=4) returned 1 [0240.256] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=8) returned 1 [0240.256] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=4) returned 1 [0240.256] SetLastError (dwErrCode=0x0) [0240.256] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", lpFilePart=0x19f9f8*="FD1HVy.dat") returned 0x3d [0240.256] GetLastError () returned 0x0 [0240.256] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=8) returned 1 [0240.256] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=4) returned 1 [0240.256] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=8) returned 1 [0240.256] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=4) returned 1 [0240.256] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.257] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\fd1hvy.dat")) returned 1 [0240.257] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x10, wMilliseconds=0xde)) [0240.257] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0240.257] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.257] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0240.257] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.257] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0240.257] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.257] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0240.257] CloseHandle (hObject=0x404) returned 1 [0240.258] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[FD1HVy.dat]omgp:[c`/iUf(VN=+HE^PdS!fOQ>№c_|}№]", cchWideChar=52, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 52 [0240.258] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[FD1HVy.dat]omgp:[c`/iUf(VN=+HE^PdS!fOQ>№c_|}№]", cchWideChar=52, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 52 [0240.258] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[FD1HVy.dat]omgp:[c`/iUf(VN=+HE^PdS!fOQ>№c_|}№]", cchWideChar=52, lpMultiByteStr=0x25337d8, cbMultiByte=52, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[FD1HVy.dat]omgp:[c`/iUf(VN=+HE^PdS!fOQ>?c_|}?]", lpUsedDefaultChar=0x0) returned 52 [0240.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0240.264] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I=") returned 172 [0240.264] GetCurrentThreadId () returned 0x1130 [0240.264] GetCurrentThreadId () returned 0x1130 [0240.264] GetCurrentThreadId () returned 0x1130 [0240.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.264] SetLastError (dwErrCode=0x0) [0240.264] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320") returned 0x7e [0240.264] GetLastError () returned 0x0 [0240.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.264] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.264] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.264] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].wannacash ncov v310320")) returned 0x20 [0240.264] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [192].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.264] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0240.264] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.265] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0240.265] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.265] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0240.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.265] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.265] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3") returned 197 [0240.265] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.265] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3") returned 197 [0240.265] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0240.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ii9o5XrFsgyKsDkHk2cqGMiBRRXmNQZhkd1RuF0wkWhHEn0u5QagvnHnpBNxBo7CT2NZe+smK5I0lqJcgOY1XcOxHNJhewfl0bRGwrkRbxWCjBphdzY1C3dLncBspJFbqQKefqOzWZPBWyuuHZNVsD8uKgbF9ohNwAN5VllKI4I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.265] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0240.265] CloseHandle (hObject=0x404) returned 1 [0240.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=8) returned 1 [0240.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=4) returned 1 [0240.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=8) returned 1 [0240.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=4) returned 1 [0240.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=8) returned 1 [0240.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=4) returned 1 [0240.266] SetLastError (dwErrCode=0x0) [0240.266] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", lpFilePart=0x19fa34*="FD1HVy.dat") returned 0x3d [0240.266] GetLastError () returned 0x0 [0240.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=8) returned 1 [0240.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=4) returned 1 [0240.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=8) returned 1 [0240.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat", cchCount2=4) returned 1 [0240.266] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.266] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\fd1hvy.dat")) returned 0 [0240.266] GetLastError () returned 0x2 [0240.266] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\FD1HVy.dat" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\fd1hvy.dat")) returned 0xffffffff [0240.267] SetLastError (dwErrCode=0x2) [0240.267] GetLastError () returned 0x2 [0240.267] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0240.267] LocalFree (hMem=0x92fe20) returned 0x0 [0240.267] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0240.267] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0240.267] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp")) returned 0x20 [0240.268] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33517464282) returned 1 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4y(^jk/=QT4a@/vl|/1tl&XEV=~dfB6>z{krE213s(\"8", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0240.269] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4y(^jk/=QT4a@/vl|/1tl&XEV=~dfB6>z{krE213s(\"8", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0240.269] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4y(^jk/=QT4a@/vl|/1tl&XEV=~dfB6>z{krE213s(\"8", cchWideChar=44, lpMultiByteStr=0x2524fd0, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4y(^jk/=QT4a@/vl|/1tl&XEV=~dfB6>z{krE213s(\"8qPR\x02\x01", lpUsedDefaultChar=0x0) returned 44 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.269] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.269] GetCurrentThreadId () returned 0x1130 [0240.270] GetCurrentThreadId () returned 0x1130 [0240.270] GetCurrentThreadId () returned 0x1130 [0240.270] GetCurrentThreadId () returned 0x1130 [0240.270] GetCurrentThreadId () returned 0x1130 [0240.270] GetCurrentThreadId () returned 0x1130 [0240.270] malloc (_Size=0x64) returned 0x1d1338 [0240.270] GetCurrentThreadId () returned 0x1130 [0240.270] GetCurrentThreadId () returned 0x1130 [0240.270] GetCurrentThreadId () returned 0x1130 [0240.270] GetCurrentThreadId () returned 0x1130 [0240.270] GetCurrentThreadId () returned 0x1130 [0240.270] GetCurrentThreadId () returned 0x1130 [0240.270] free (_Block=0x1d1338) [0240.270] malloc (_Size=0x60) returned 0x1d1338 [0240.270] free (_Block=0x1d1338) [0240.270] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.270] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x93038 [0240.270] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.270] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fe10000 [0240.278] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.278] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x93038 [0240.278] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.279] ReadFile (in: hFile=0x404, lpBuffer=0x7fe10018, nNumberOfBytesToRead=0x93038, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fe10018*, lpNumberOfBytesRead=0x19fbc8*=0x93038, lpOverlapped=0x0) returned 1 [0240.297] malloc (_Size=0x8c) returned 0x1d1338 [0240.298] malloc (_Size=0xfc) returned 0x31d7c00 [0240.299] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd70000 [0240.310] malloc (_Size=0x40) returned 0x1d14e8 [0240.310] GetCurrentThreadId () returned 0x1130 [0240.310] GetCurrentThreadId () returned 0x1130 [0240.310] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] malloc (_Size=0xa5c) returned 0x31e40b0 [0240.311] malloc (_Size=0x40) returned 0x1d7470 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] GetCurrentThreadId () returned 0x1130 [0240.311] malloc (_Size=0xc) returned 0x31e1ca0 [0240.311] malloc (_Size=0x720) returned 0x31d2860 [0240.311] malloc (_Size=0xe3c) returned 0x1d9aa8 [0240.312] free (_Block=0x31d2860) [0240.312] malloc (_Size=0x15ac) returned 0x1da8f0 [0240.312] free (_Block=0x1d9aa8) [0240.312] malloc (_Size=0x23e4) returned 0x1dbea8 [0240.312] free (_Block=0x1da8f0) [0240.312] malloc (_Size=0x3274) returned 0x3a60048 [0240.312] free (_Block=0x1dbea8) [0240.313] malloc (_Size=0x4820) returned 0x1d9aa8 [0240.313] free (_Block=0x3a60048) [0240.314] malloc (_Size=0x64e4) returned 0x3a60048 [0240.314] free (_Block=0x1d9aa8) [0240.314] malloc (_Size=0x8920) returned 0x3a66538 [0240.315] free (_Block=0x3a60048) [0240.315] malloc (_Size=0xbb90) returned 0x3a6ee60 [0240.315] free (_Block=0x3a66538) [0240.316] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0240.316] free (_Block=0x3a6ee60) [0240.317] malloc (_Size=0x1533c) returned 0x3a60048 [0240.317] free (_Block=0x3a7a9f8) [0240.317] malloc (_Size=0x1c704) returned 0x3a75390 [0240.317] free (_Block=0x3a60048) [0240.317] malloc (_Size=0x265c8) returned 0x3a91aa0 [0240.319] free (_Block=0x3a75390) [0240.319] malloc (_Size=0x33758) returned 0x31e4b18 [0240.321] free (_Block=0x3a91aa0) [0240.322] malloc (_Size=0x45104) returned 0x3a60048 [0240.323] free (_Block=0x31e4b18) [0240.324] malloc (_Size=0x5c874) returned 0x31e4b18 [0240.325] free (_Block=0x3a60048) [0240.326] malloc (_Size=0x7bac8) returned 0x3a60048 [0240.327] free (_Block=0x31e4b18) [0240.334] malloc (_Size=0xa5358) returned 0xa0b020 [0240.341] free (_Block=0x3a60048) [0240.343] malloc (_Size=0xdcbac) returned 0x2d1b020 [0240.354] free (_Block=0xa0b020) [0240.359] VirtualAlloc (lpAddress=0x0, dwSize=0xd0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fca0000 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] free (_Block=0x31e40b0) [0240.370] free (_Block=0x1d14e8) [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.370] GetCurrentThreadId () returned 0x1130 [0240.371] GetCurrentThreadId () returned 0x1130 [0240.371] GetCurrentThreadId () returned 0x1130 [0240.371] GetCurrentThreadId () returned 0x1130 [0240.371] GetCurrentThreadId () returned 0x1130 [0240.371] GetCurrentThreadId () returned 0x1130 [0240.371] GetCurrentThreadId () returned 0x1130 [0240.371] free (_Block=0x2d1b020) [0240.418] free (_Block=0x31e1ca0) [0240.418] free (_Block=0x1d7470) [0240.418] WriteFile (in: hFile=0x2b4, lpBuffer=0x7fca0018*, nNumberOfBytesToWrite=0xc716e, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fca0018*, lpNumberOfBytesWritten=0x19fbbc*=0xc716e, lpOverlapped=0x0) returned 1 [0240.429] free (_Block=0x31d7c00) [0240.429] free (_Block=0x1d1338) [0240.429] VirtualFree (lpAddress=0x7fca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.434] VirtualFree (lpAddress=0x7fd70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.438] VirtualFree (lpAddress=0x7fe10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0240.438] CloseHandle (hObject=0x2b4) returned 1 [0240.439] CloseHandle (hObject=0x404) returned 1 [0240.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=8) returned 1 [0240.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=4) returned 1 [0240.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=8) returned 1 [0240.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=4) returned 1 [0240.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=8) returned 1 [0240.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=4) returned 1 [0240.440] SetLastError (dwErrCode=0x0) [0240.440] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", lpFilePart=0x19f9f8*="guest.bmp") returned 0x3c [0240.440] GetLastError () returned 0x0 [0240.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=8) returned 1 [0240.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=4) returned 1 [0240.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=8) returned 1 [0240.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=4) returned 1 [0240.440] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.440] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp")) returned 1 [0240.448] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x10, wMilliseconds=0x199)) [0240.448] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0240.448] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.448] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0240.448] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.448] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0240.448] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.448] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0240.449] CloseHandle (hObject=0x404) returned 1 [0240.450] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[guest.bmp]omgp:[4y(^jk/=QT4a@/vl|/1tl&XEV=~dfB6>z{krE213s(\"8]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0240.450] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[guest.bmp]omgp:[4y(^jk/=QT4a@/vl|/1tl&XEV=~dfB6>z{krE213s(\"8]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0240.450] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[guest.bmp]omgp:[4y(^jk/=QT4a@/vl|/1tl&XEV=~dfB6>z{krE213s(\"8]", cchWideChar=67, lpMultiByteStr=0x2541d78, cbMultiByte=67, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[guest.bmp]omgp:[4y(^jk/=QT4a@/vl|/1tl&XEV=~dfB6>z{krE213s(\"8]", lpUsedDefaultChar=0x0) returned 67 [0240.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0240.461] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4=") returned 172 [0240.461] GetCurrentThreadId () returned 0x1130 [0240.461] GetCurrentThreadId () returned 0x1130 [0240.461] GetCurrentThreadId () returned 0x1130 [0240.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.461] SetLastError (dwErrCode=0x0) [0240.461] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320") returned 0x7e [0240.461] GetLastError () returned 0x0 [0240.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.461] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.462] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].wannacash ncov v310320")) returned 0x20 [0240.462] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [193].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.462] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0240.462] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.462] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xc716e [0240.462] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.462] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0240.463] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.463] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.463] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.463] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.463] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.463] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3") returned 197 [0240.463] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.463] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3") returned 197 [0240.463] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xc716e [0240.463] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.463] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.463] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BpQgxrB1XQXRjmnfcyd4cIWzcrTSL4HchD1wCSRO11fPV0Seg5rMjGdlJ6CDNhzB2hAPqfByQAedz9NrmZDqMpzvhHdsdH75b02Bz/CqDNEgNPxdPjNK/TyawG6YI87HjX7BmsvrLdctN4U5xEVIUw9EvrAE/i6iriEI4kw+gB4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.463] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0240.463] CloseHandle (hObject=0x404) returned 1 [0240.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=8) returned 1 [0240.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=4) returned 1 [0240.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=8) returned 1 [0240.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=4) returned 1 [0240.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=8) returned 1 [0240.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=4) returned 1 [0240.464] SetLastError (dwErrCode=0x0) [0240.464] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", lpFilePart=0x19fa34*="guest.bmp") returned 0x3c [0240.464] GetLastError () returned 0x0 [0240.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=8) returned 1 [0240.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=4) returned 1 [0240.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=8) returned 1 [0240.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp", cchCount2=4) returned 1 [0240.464] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.464] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp")) returned 0 [0240.465] GetLastError () returned 0x2 [0240.465] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.bmp" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.bmp")) returned 0xffffffff [0240.465] SetLastError (dwErrCode=0x2) [0240.465] GetLastError () returned 0x2 [0240.465] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0240.465] LocalFree (hMem=0x92fe20) returned 0x0 [0240.465] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0240.465] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0240.465] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.png")) returned 0x20 [0240.466] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33537180762) returned 1 [0240.466] GetCurrentThreadId () returned 0x1130 [0240.466] GetCurrentThreadId () returned 0x1130 [0240.466] GetCurrentThreadId () returned 0x1130 [0240.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ee/\"yNpiTo{JSyEV3@№hIB/tfNyOx~ARA\\D563vAL5_}1", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0240.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ee/\"yNpiTo{JSyEV3@№hIB/tfNyOx~ARA\\D563vAL5_}1", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0240.466] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ee/\"yNpiTo{JSyEV3@№hIB/tfNyOx~ARA\\D563vAL5_}1", cchWideChar=45, lpMultiByteStr=0x25337d8, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ee/\"yNpiTo{JSyEV3@â\x84\x96hIB/tfNyOx~ARA\\D563vAL5_}1", lpUsedDefaultChar=0x0) returned 47 [0240.466] GetCurrentThreadId () returned 0x1130 [0240.466] GetCurrentThreadId () returned 0x1130 [0240.466] GetCurrentThreadId () returned 0x1130 [0240.466] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.466] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.467] malloc (_Size=0x64) returned 0x1d1338 [0240.467] GetCurrentThreadId () returned 0x1130 [0240.468] GetCurrentThreadId () returned 0x1130 [0240.468] GetCurrentThreadId () returned 0x1130 [0240.468] GetCurrentThreadId () returned 0x1130 [0240.468] GetCurrentThreadId () returned 0x1130 [0240.468] GetCurrentThreadId () returned 0x1130 [0240.468] free (_Block=0x1d1338) [0240.468] malloc (_Size=0x60) returned 0x1d1338 [0240.468] free (_Block=0x1d1338) [0240.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1518 [0240.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.469] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1518 [0240.469] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.469] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x1518, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x1518, lpOverlapped=0x0) returned 1 [0240.471] malloc (_Size=0x8c) returned 0x1d1338 [0240.471] malloc (_Size=0xfc) returned 0x31d7e10 [0240.471] malloc (_Size=0x40) returned 0x1d14e8 [0240.471] GetCurrentThreadId () returned 0x1130 [0240.471] GetCurrentThreadId () returned 0x1130 [0240.471] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] malloc (_Size=0xa5c) returned 0x31e40b0 [0240.472] malloc (_Size=0x40) returned 0x1d7470 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] GetCurrentThreadId () returned 0x1130 [0240.472] malloc (_Size=0xc) returned 0x31e1e68 [0240.472] malloc (_Size=0x720) returned 0x31d2860 [0240.472] malloc (_Size=0xe3c) returned 0x1d9aa8 [0240.473] free (_Block=0x31d2860) [0240.473] malloc (_Size=0x15ac) returned 0x1da8f0 [0240.473] free (_Block=0x1d9aa8) [0240.473] malloc (_Size=0x23e4) returned 0x1dbea8 [0240.473] free (_Block=0x1da8f0) [0240.473] GetCurrentThreadId () returned 0x1130 [0240.473] GetCurrentThreadId () returned 0x1130 [0240.473] GetCurrentThreadId () returned 0x1130 [0240.473] GetCurrentThreadId () returned 0x1130 [0240.473] GetCurrentThreadId () returned 0x1130 [0240.473] GetCurrentThreadId () returned 0x1130 [0240.473] GetCurrentThreadId () returned 0x1130 [0240.473] GetCurrentThreadId () returned 0x1130 [0240.473] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] free (_Block=0x31e40b0) [0240.474] free (_Block=0x1d14e8) [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.474] GetCurrentThreadId () returned 0x1130 [0240.475] GetCurrentThreadId () returned 0x1130 [0240.475] GetCurrentThreadId () returned 0x1130 [0240.475] GetCurrentThreadId () returned 0x1130 [0240.475] GetCurrentThreadId () returned 0x1130 [0240.475] GetCurrentThreadId () returned 0x1130 [0240.475] GetCurrentThreadId () returned 0x1130 [0240.475] GetCurrentThreadId () returned 0x1130 [0240.475] GetCurrentThreadId () returned 0x1130 [0240.475] GetCurrentThreadId () returned 0x1130 [0240.475] free (_Block=0x1dbea8) [0240.476] free (_Block=0x31e1e68) [0240.476] free (_Block=0x1d7470) [0240.476] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b9308*, nNumberOfBytesToWrite=0x1cb1, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b9308*, lpNumberOfBytesWritten=0x19fbbc*=0x1cb1, lpOverlapped=0x0) returned 1 [0240.477] free (_Block=0x31d7e10) [0240.477] free (_Block=0x1d1338) [0240.477] CloseHandle (hObject=0x2b4) returned 1 [0240.478] CloseHandle (hObject=0x404) returned 1 [0240.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=8) returned 1 [0240.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=4) returned 1 [0240.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=8) returned 1 [0240.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=4) returned 1 [0240.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=8) returned 1 [0240.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=4) returned 1 [0240.478] SetLastError (dwErrCode=0x0) [0240.478] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", lpFilePart=0x19f9f8*="guest.png") returned 0x3c [0240.478] GetLastError () returned 0x0 [0240.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=8) returned 1 [0240.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=4) returned 1 [0240.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=8) returned 1 [0240.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=4) returned 1 [0240.478] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.479] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.png")) returned 1 [0240.480] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x10, wMilliseconds=0x1b8)) [0240.480] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0240.480] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0240.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0240.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.480] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0240.481] CloseHandle (hObject=0x404) returned 1 [0240.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[guest.png]omgp:[ee/\"yNpiTo{JSyEV3@№hIB/tfNyOx~ARA\\D563vAL5_}1]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0240.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[guest.png]omgp:[ee/\"yNpiTo{JSyEV3@№hIB/tfNyOx~ARA\\D563vAL5_}1]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0240.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[guest.png]omgp:[ee/\"yNpiTo{JSyEV3@№hIB/tfNyOx~ARA\\D563vAL5_}1]", cchWideChar=68, lpMultiByteStr=0x2541d78, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[guest.png]omgp:[ee/\"yNpiTo{JSyEV3@?hIB/tfNyOx~ARA\\D563vAL5_}1]", lpUsedDefaultChar=0x0) returned 68 [0240.492] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0240.492] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo=") returned 172 [0240.492] GetCurrentThreadId () returned 0x1130 [0240.492] GetCurrentThreadId () returned 0x1130 [0240.492] GetCurrentThreadId () returned 0x1130 [0240.492] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.492] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.492] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.492] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.492] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.492] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.492] SetLastError (dwErrCode=0x0) [0240.492] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320") returned 0x7e [0240.492] GetLastError () returned 0x0 [0240.492] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.492] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.492] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.492] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.492] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.493] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].wannacash ncov v310320")) returned 0x20 [0240.493] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [194].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.493] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0240.493] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.493] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1cb1 [0240.493] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.493] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0240.493] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.493] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.493] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.494] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.494] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3") returned 197 [0240.494] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.494] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3") returned 197 [0240.494] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1cb1 [0240.494] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.494] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.494] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PhG6w0fmXGwcTAX8ns1aNC14tKDj0BcPWGCYhGxlOaiwQJd4DFdZfxkiZw+w7EGVrq5YPJhfh5iBqUhlg7VdUj+pGkAcIRuz+N/h6umw+3v1MOBVHZ2rrqRxioHO7A+42uTJ2JrkqlQ/vvK8Dp9wgWlzCUUblu/UEQpHJISL0mo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.494] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0240.494] CloseHandle (hObject=0x404) returned 1 [0240.494] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=8) returned 1 [0240.494] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=4) returned 1 [0240.494] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=8) returned 1 [0240.494] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=4) returned 1 [0240.495] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=8) returned 1 [0240.495] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=4) returned 1 [0240.495] SetLastError (dwErrCode=0x0) [0240.495] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", lpFilePart=0x19fa34*="guest.png") returned 0x3c [0240.495] GetLastError () returned 0x0 [0240.495] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=8) returned 1 [0240.495] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=4) returned 1 [0240.495] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=8) returned 1 [0240.495] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png", cchCount2=4) returned 1 [0240.495] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.495] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.png")) returned 0 [0240.495] GetLastError () returned 0x2 [0240.495] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\guest.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\guest.png")) returned 0xffffffff [0240.495] SetLastError (dwErrCode=0x2) [0240.495] GetLastError () returned 0x2 [0240.495] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0240.495] LocalFree (hMem=0x92fe20) returned 0x0 [0240.495] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0240.496] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0240.496] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-192.png")) returned 0x20 [0240.525] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33543148699) returned 1 [0240.525] GetCurrentThreadId () returned 0x1130 [0240.525] GetCurrentThreadId () returned 0x1130 [0240.525] GetCurrentThreadId () returned 0x1130 [0240.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1x*,`kU-u4j!LMzfY+x\"em:Lnh\"?=Hl+2lcQ/VtJt-X4Qd", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0240.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1x*,`kU-u4j!LMzfY+x\"em:Lnh\"?=Hl+2lcQ/VtJt-X4Qd", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0240.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1x*,`kU-u4j!LMzfY+x\"em:Lnh\"?=Hl+2lcQ/VtJt-X4Qd", cchWideChar=46, lpMultiByteStr=0x25337d8, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1x*,`kU-u4j!LMzfY+x\"em:Lnh\"?=Hl+2lcQ/VtJt-X4Qd", lpUsedDefaultChar=0x0) returned 46 [0240.526] GetCurrentThreadId () returned 0x1130 [0240.526] GetCurrentThreadId () returned 0x1130 [0240.526] GetCurrentThreadId () returned 0x1130 [0240.526] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-192.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.526] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0240.527] GetCurrentThreadId () returned 0x1130 [0240.527] GetCurrentThreadId () returned 0x1130 [0240.527] GetCurrentThreadId () returned 0x1130 [0240.527] GetCurrentThreadId () returned 0x1130 [0240.527] GetCurrentThreadId () returned 0x1130 [0240.527] GetCurrentThreadId () returned 0x1130 [0240.527] GetCurrentThreadId () returned 0x1130 [0240.527] GetCurrentThreadId () returned 0x1130 [0240.527] GetCurrentThreadId () returned 0x1130 [0240.527] GetCurrentThreadId () returned 0x1130 [0240.528] GetCurrentThreadId () returned 0x1130 [0240.528] GetCurrentThreadId () returned 0x1130 [0240.528] GetCurrentThreadId () returned 0x1130 [0240.528] malloc (_Size=0x64) returned 0x1d1338 [0240.528] GetCurrentThreadId () returned 0x1130 [0240.528] GetCurrentThreadId () returned 0x1130 [0240.528] GetCurrentThreadId () returned 0x1130 [0240.528] GetCurrentThreadId () returned 0x1130 [0240.528] GetCurrentThreadId () returned 0x1130 [0240.528] GetCurrentThreadId () returned 0x1130 [0240.528] free (_Block=0x1d1338) [0240.528] malloc (_Size=0x60) returned 0x1d1338 [0240.528] free (_Block=0x1d1338) [0240.528] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.528] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x967 [0240.528] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.528] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x967 [0240.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.529] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x967, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x967, lpOverlapped=0x0) returned 1 [0240.530] malloc (_Size=0x8c) returned 0x1d1338 [0240.530] malloc (_Size=0xfc) returned 0x31d71b0 [0240.530] malloc (_Size=0x40) returned 0x1d14e8 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] malloc (_Size=0xa5c) returned 0x31e40b0 [0240.531] malloc (_Size=0x40) returned 0x1d7470 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] GetCurrentThreadId () returned 0x1130 [0240.531] malloc (_Size=0xc) returned 0x31e1ca0 [0240.532] malloc (_Size=0x720) returned 0x31d2860 [0240.532] malloc (_Size=0xe3c) returned 0x1d9aa8 [0240.532] free (_Block=0x31d2860) [0240.536] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] free (_Block=0x31e40b0) [0240.537] free (_Block=0x1d14e8) [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.537] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] GetCurrentThreadId () returned 0x1130 [0240.538] free (_Block=0x1d9aa8) [0240.538] free (_Block=0x31e1ca0) [0240.538] free (_Block=0x1d7470) [0240.538] WriteFile (in: hFile=0x2b4, lpBuffer=0x24362d8*, nNumberOfBytesToWrite=0xcdf, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesWritten=0x19fbbc*=0xcdf, lpOverlapped=0x0) returned 1 [0240.539] free (_Block=0x31d71b0) [0240.539] free (_Block=0x1d1338) [0240.539] CloseHandle (hObject=0x2b4) returned 1 [0240.540] CloseHandle (hObject=0x404) returned 1 [0240.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=8) returned 1 [0240.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=4) returned 1 [0240.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=8) returned 1 [0240.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=4) returned 1 [0240.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=8) returned 1 [0240.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=4) returned 1 [0240.540] SetLastError (dwErrCode=0x0) [0240.540] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", lpFilePart=0x19f9f8*="user-192.png") returned 0x3f [0240.540] GetLastError () returned 0x0 [0240.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=8) returned 1 [0240.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=4) returned 1 [0240.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=8) returned 1 [0240.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=4) returned 1 [0240.541] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.541] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-192.png")) returned 1 [0240.542] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x10, wMilliseconds=0x1f7)) [0240.542] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0240.542] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.542] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0240.542] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.542] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0240.543] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.543] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0240.543] CloseHandle (hObject=0x404) returned 1 [0240.543] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[user-192.png]omgp:[1x*,`kU-u4j!LMzfY+x\"em:Lnh\"?=Hl+2lcQ/VtJt-X4Qd]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0240.543] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[user-192.png]omgp:[1x*,`kU-u4j!LMzfY+x\"em:Lnh\"?=Hl+2lcQ/VtJt-X4Qd]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0240.543] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[user-192.png]omgp:[1x*,`kU-u4j!LMzfY+x\"em:Lnh\"?=Hl+2lcQ/VtJt-X4Qd]", cchWideChar=72, lpMultiByteStr=0x252c6b0, cbMultiByte=72, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[user-192.png]omgp:[1x*,`kU-u4j!LMzfY+x\"em:Lnh\"?=Hl+2lcQ/VtJt-X4Qd]", lpUsedDefaultChar=0x0) returned 72 [0240.552] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0240.552] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw=") returned 172 [0240.552] GetCurrentThreadId () returned 0x1130 [0240.552] GetCurrentThreadId () returned 0x1130 [0240.552] GetCurrentThreadId () returned 0x1130 [0240.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.553] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.553] SetLastError (dwErrCode=0x0) [0240.553] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320") returned 0x7e [0240.553] GetLastError () returned 0x0 [0240.553] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.553] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.553] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.553] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.553] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.553] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].wannacash ncov v310320")) returned 0x20 [0240.553] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [195].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.553] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0240.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xcdf [0240.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.554] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0240.554] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.554] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.554] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.554] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.554] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3") returned 197 [0240.554] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.554] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3") returned 197 [0240.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xcdf [0240.554] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.554] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.554] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:++mM1q+VxLTtQ5+jCrxZoidV9aEO/LeiUDVAc+oi3xS33Cw6bsX59X2ifIgJ8KR4yStbkJRG7S8f2do6+7jwhSeiosi/5jlUqNqpwZTWbX4bJi3WnO34JzX39B4Y9SpNPWLxlm21XhLQDlMacNJFPdopitKhF7KgIeQNiTdUQTw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.554] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0240.555] CloseHandle (hObject=0x404) returned 1 [0240.555] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=8) returned 1 [0240.555] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=4) returned 1 [0240.555] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=8) returned 1 [0240.555] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=4) returned 1 [0240.555] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=8) returned 1 [0240.555] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=4) returned 1 [0240.555] SetLastError (dwErrCode=0x0) [0240.555] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", lpFilePart=0x19fa34*="user-192.png") returned 0x3f [0240.555] GetLastError () returned 0x0 [0240.555] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=8) returned 1 [0240.555] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=4) returned 1 [0240.555] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=8) returned 1 [0240.555] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png", cchCount2=4) returned 1 [0240.555] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.556] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-192.png")) returned 0 [0240.556] GetLastError () returned 0x2 [0240.556] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-192.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-192.png")) returned 0xffffffff [0240.556] SetLastError (dwErrCode=0x2) [0240.556] GetLastError () returned 0x2 [0240.556] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0240.556] LocalFree (hMem=0x92fe20) returned 0x0 [0240.556] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0240.556] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0240.557] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-32.png")) returned 0x20 [0240.557] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33546366495) returned 1 [0240.558] GetCurrentThreadId () returned 0x1130 [0240.558] GetCurrentThreadId () returned 0x1130 [0240.558] GetCurrentThreadId () returned 0x1130 [0240.558] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="esm@F4w+7VRRmBNkd1^.W$`7GHJ;D~f/RM.o", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0240.558] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="esm@F4w+7VRRmBNkd1^.W$`7GHJ;D~f/RM.o", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0240.558] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="esm@F4w+7VRRmBNkd1^.W$`7GHJ;D~f/RM.o", cchWideChar=36, lpMultiByteStr=0x250f7e8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="esm@F4w+7VRRmBNkd1^.W$`7GHJ;D~f/RM.o\x01", lpUsedDefaultChar=0x0) returned 36 [0240.558] GetCurrentThreadId () returned 0x1130 [0240.558] GetCurrentThreadId () returned 0x1130 [0240.558] GetCurrentThreadId () returned 0x1130 [0240.558] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-32.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.558] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0240.558] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] malloc (_Size=0x64) returned 0x1d1338 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] GetCurrentThreadId () returned 0x1130 [0240.559] free (_Block=0x1d1338) [0240.559] malloc (_Size=0x60) returned 0x1d1338 [0240.559] free (_Block=0x1d1338) [0240.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x19f [0240.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x19f [0240.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.560] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x19f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x19f, lpOverlapped=0x0) returned 1 [0240.561] malloc (_Size=0x8c) returned 0x1d1338 [0240.561] malloc (_Size=0xfc) returned 0x31d7e10 [0240.561] malloc (_Size=0x40) returned 0x1d14e8 [0240.561] GetCurrentThreadId () returned 0x1130 [0240.561] GetCurrentThreadId () returned 0x1130 [0240.561] GetCurrentThreadId () returned 0x1130 [0240.561] GetCurrentThreadId () returned 0x1130 [0240.561] GetCurrentThreadId () returned 0x1130 [0240.561] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] malloc (_Size=0xa5c) returned 0x31e40b0 [0240.562] malloc (_Size=0x40) returned 0x1d7470 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] malloc (_Size=0xc) returned 0x31e1dc0 [0240.562] malloc (_Size=0x310) returned 0x31e4b18 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.562] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] free (_Block=0x31e40b0) [0240.563] free (_Block=0x1d14e8) [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.563] GetCurrentThreadId () returned 0x1130 [0240.597] GetCurrentThreadId () returned 0x1130 [0240.597] GetCurrentThreadId () returned 0x1130 [0240.597] GetCurrentThreadId () returned 0x1130 [0240.597] GetCurrentThreadId () returned 0x1130 [0240.597] GetCurrentThreadId () returned 0x1130 [0240.597] GetCurrentThreadId () returned 0x1130 [0240.597] GetCurrentThreadId () returned 0x1130 [0240.598] GetCurrentThreadId () returned 0x1130 [0240.598] GetCurrentThreadId () returned 0x1130 [0240.598] GetCurrentThreadId () returned 0x1130 [0240.598] GetCurrentThreadId () returned 0x1130 [0240.598] GetCurrentThreadId () returned 0x1130 [0240.598] GetCurrentThreadId () returned 0x1130 [0240.598] free (_Block=0x31e4b18) [0240.598] free (_Block=0x31e1dc0) [0240.598] free (_Block=0x1d7470) [0240.598] WriteFile (in: hFile=0x2b4, lpBuffer=0x2413fd8*, nNumberOfBytesToWrite=0x249, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2413fd8*, lpNumberOfBytesWritten=0x19fbbc*=0x249, lpOverlapped=0x0) returned 1 [0240.599] free (_Block=0x31d7e10) [0240.599] free (_Block=0x1d1338) [0240.599] CloseHandle (hObject=0x2b4) returned 1 [0240.600] CloseHandle (hObject=0x404) returned 1 [0240.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=8) returned 1 [0240.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=4) returned 1 [0240.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=8) returned 1 [0240.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=4) returned 1 [0240.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=8) returned 1 [0240.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=4) returned 1 [0240.600] SetLastError (dwErrCode=0x0) [0240.600] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", lpFilePart=0x19f9f8*="user-32.png") returned 0x3e [0240.600] GetLastError () returned 0x0 [0240.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=8) returned 1 [0240.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=4) returned 1 [0240.600] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=8) returned 1 [0240.601] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=4) returned 1 [0240.601] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.601] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-32.png")) returned 1 [0240.602] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x10, wMilliseconds=0x235)) [0240.602] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0240.602] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.602] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0240.603] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.603] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0240.603] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.603] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0240.603] CloseHandle (hObject=0x404) returned 1 [0240.603] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[user-32.png]omgp:[esm@F4w+7VRRmBNkd1^.W$`7GHJ;D~f/RM.o]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0240.603] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[user-32.png]omgp:[esm@F4w+7VRRmBNkd1^.W$`7GHJ;D~f/RM.o]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0240.603] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[user-32.png]omgp:[esm@F4w+7VRRmBNkd1^.W$`7GHJ;D~f/RM.o]", cchWideChar=61, lpMultiByteStr=0x2541d78, cbMultiByte=61, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[user-32.png]omgp:[esm@F4w+7VRRmBNkd1^.W$`7GHJ;D~f/RM.o]", lpUsedDefaultChar=0x0) returned 61 [0240.612] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0240.612] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY=") returned 172 [0240.612] GetCurrentThreadId () returned 0x1130 [0240.612] GetCurrentThreadId () returned 0x1130 [0240.612] GetCurrentThreadId () returned 0x1130 [0240.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.612] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.612] SetLastError (dwErrCode=0x0) [0240.612] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320") returned 0x7e [0240.613] GetLastError () returned 0x0 [0240.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.613] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.613] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].wannacash ncov v310320")) returned 0x20 [0240.613] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [196].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.613] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0240.613] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.614] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x249 [0240.614] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.614] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0240.614] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.614] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.614] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.614] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.614] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.614] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3") returned 197 [0240.614] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.614] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3") returned 197 [0240.614] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x249 [0240.614] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.614] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.614] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Og+Zyx7yzJuSizack9EzMG7aftL9Jw735IrfPKVX4BaRtMETDORCGSt2trGhYgT1JWRxG38bZrsjFU3FQNByt35juyEyihAzlUIy3GPvXKqHz+HQmZ0zBCl333WFazn6c7UfdR519KJQsoL4a7E2hKAVMpYe6yyo/+Cjk2nYikY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.615] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0240.615] CloseHandle (hObject=0x404) returned 1 [0240.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=8) returned 1 [0240.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=4) returned 1 [0240.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=8) returned 1 [0240.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=4) returned 1 [0240.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=8) returned 1 [0240.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=4) returned 1 [0240.615] SetLastError (dwErrCode=0x0) [0240.615] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", lpFilePart=0x19fa34*="user-32.png") returned 0x3e [0240.615] GetLastError () returned 0x0 [0240.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=8) returned 1 [0240.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=4) returned 1 [0240.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=8) returned 1 [0240.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png", cchCount2=4) returned 1 [0240.616] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.616] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-32.png")) returned 0 [0240.616] GetLastError () returned 0x2 [0240.616] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-32.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-32.png")) returned 0xffffffff [0240.616] SetLastError (dwErrCode=0x2) [0240.616] GetLastError () returned 0x2 [0240.616] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0240.616] LocalFree (hMem=0x92fe20) returned 0x0 [0240.616] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0240.616] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0240.617] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-40.png")) returned 0x20 [0240.617] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33552324245) returned 1 [0240.617] GetCurrentThreadId () returned 0x1130 [0240.617] GetCurrentThreadId () returned 0x1130 [0240.617] GetCurrentThreadId () returned 0x1130 [0240.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="d*9s4J>ia>flsz:7b@_@dg:|?;X9AqOLAjM№kGUH>Ugx:", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0240.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="d*9s4J>ia>flsz:7b@_@dg:|?;X9AqOLAjM№kGUH>Ugx:", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0240.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="d*9s4J>ia>flsz:7b@_@dg:|?;X9AqOLAjM№kGUH>Ugx:", cchWideChar=45, lpMultiByteStr=0x25337d8, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="d*9s4J>ia>flsz:7b@_@dg:|?;X9AqOLAjMâ\x84\x96kGUH>Ugx:", lpUsedDefaultChar=0x0) returned 47 [0240.617] GetCurrentThreadId () returned 0x1130 [0240.617] GetCurrentThreadId () returned 0x1130 [0240.617] GetCurrentThreadId () returned 0x1130 [0240.617] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-40.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.618] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0240.618] GetCurrentThreadId () returned 0x1130 [0240.618] GetCurrentThreadId () returned 0x1130 [0240.618] GetCurrentThreadId () returned 0x1130 [0240.618] GetCurrentThreadId () returned 0x1130 [0240.618] GetCurrentThreadId () returned 0x1130 [0240.618] GetCurrentThreadId () returned 0x1130 [0240.618] GetCurrentThreadId () returned 0x1130 [0240.618] GetCurrentThreadId () returned 0x1130 [0240.618] GetCurrentThreadId () returned 0x1130 [0240.618] GetCurrentThreadId () returned 0x1130 [0240.619] GetCurrentThreadId () returned 0x1130 [0240.619] GetCurrentThreadId () returned 0x1130 [0240.619] GetCurrentThreadId () returned 0x1130 [0240.619] malloc (_Size=0x64) returned 0x1d1338 [0240.619] GetCurrentThreadId () returned 0x1130 [0240.619] GetCurrentThreadId () returned 0x1130 [0240.619] GetCurrentThreadId () returned 0x1130 [0240.619] GetCurrentThreadId () returned 0x1130 [0240.619] GetCurrentThreadId () returned 0x1130 [0240.619] GetCurrentThreadId () returned 0x1130 [0240.619] free (_Block=0x1d1338) [0240.619] malloc (_Size=0x60) returned 0x1d1338 [0240.619] free (_Block=0x1d1338) [0240.619] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.619] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1b1 [0240.619] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.620] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.620] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1b1 [0240.620] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0240.620] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x1b1, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x1b1, lpOverlapped=0x0) returned 1 [0240.621] malloc (_Size=0x8c) returned 0x1d1338 [0240.621] malloc (_Size=0xfc) returned 0x31d75d0 [0240.621] malloc (_Size=0x40) returned 0x1d14e8 [0240.621] GetCurrentThreadId () returned 0x1130 [0240.621] GetCurrentThreadId () returned 0x1130 [0240.621] GetCurrentThreadId () returned 0x1130 [0240.621] GetCurrentThreadId () returned 0x1130 [0240.621] GetCurrentThreadId () returned 0x1130 [0240.621] GetCurrentThreadId () returned 0x1130 [0240.621] GetCurrentThreadId () returned 0x1130 [0240.621] GetCurrentThreadId () returned 0x1130 [0240.621] GetCurrentThreadId () returned 0x1130 [0240.621] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] malloc (_Size=0xa5c) returned 0x31e40b0 [0240.622] malloc (_Size=0x40) returned 0x1d7470 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] malloc (_Size=0xc) returned 0x31e1d18 [0240.622] malloc (_Size=0x310) returned 0x31e4b18 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.622] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] free (_Block=0x31e40b0) [0240.623] free (_Block=0x1d14e8) [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.623] GetCurrentThreadId () returned 0x1130 [0240.624] GetCurrentThreadId () returned 0x1130 [0240.624] GetCurrentThreadId () returned 0x1130 [0240.624] GetCurrentThreadId () returned 0x1130 [0240.624] free (_Block=0x31e4b18) [0240.624] free (_Block=0x31e1d18) [0240.624] free (_Block=0x1d7470) [0240.624] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bdaf8*, nNumberOfBytesToWrite=0x276, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bdaf8*, lpNumberOfBytesWritten=0x19fbbc*=0x276, lpOverlapped=0x0) returned 1 [0240.625] free (_Block=0x31d75d0) [0240.625] free (_Block=0x1d1338) [0240.626] CloseHandle (hObject=0x2b4) returned 1 [0240.626] CloseHandle (hObject=0x404) returned 1 [0240.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=8) returned 1 [0240.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=4) returned 1 [0240.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=8) returned 1 [0240.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=4) returned 1 [0240.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=8) returned 1 [0240.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=4) returned 1 [0240.626] SetLastError (dwErrCode=0x0) [0240.626] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", lpFilePart=0x19f9f8*="user-40.png") returned 0x3e [0240.627] GetLastError () returned 0x0 [0240.627] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=8) returned 1 [0240.627] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=4) returned 1 [0240.627] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=8) returned 1 [0240.627] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=4) returned 1 [0240.627] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.627] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-40.png")) returned 1 [0240.628] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x10, wMilliseconds=0x255)) [0240.628] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0240.629] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.629] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0240.629] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.629] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0240.629] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0240.629] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0240.629] CloseHandle (hObject=0x404) returned 1 [0240.629] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[user-40.png]omgp:[d*9s4J>ia>flsz:7b@_@dg:|?;X9AqOLAjM№kGUH>Ugx:]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0240.629] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[user-40.png]omgp:[d*9s4J>ia>flsz:7b@_@dg:|?;X9AqOLAjM№kGUH>Ugx:]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0240.629] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[user-40.png]omgp:[d*9s4J>ia>flsz:7b@_@dg:|?;X9AqOLAjM№kGUH>Ugx:]", cchWideChar=70, lpMultiByteStr=0x252c6b0, cbMultiByte=70, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[user-40.png]omgp:[d*9s4J>ia>flsz:7b@_@dg:|?;X9AqOLAjM?kGUH>Ugx:]", lpUsedDefaultChar=0x0) returned 70 [0240.637] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0240.638] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU=") returned 172 [0240.638] GetCurrentThreadId () returned 0x1130 [0240.638] GetCurrentThreadId () returned 0x1130 [0240.638] GetCurrentThreadId () returned 0x1130 [0240.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.638] SetLastError (dwErrCode=0x0) [0240.638] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320") returned 0x7e [0240.638] GetLastError () returned 0x0 [0240.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0240.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0240.638] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.639] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].wannacash ncov v310320")) returned 0x20 [0240.639] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\Файл зашифрован. Пиши. Почта clubnika@elude.in [197].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0240.639] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0240.639] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.639] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x276 [0240.639] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0240.639] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0240.639] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.640] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.640] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3") returned 197 [0240.640] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0240.640] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3") returned 197 [0240.640] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x276 [0240.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0240.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:yhQifPJGzdzf0HN91pEMyoaKoB+op3CE+CaPfKmC4tgnv9Ed4sIO8WZ/4/vNN1bld9c12rZnUG369an9FEchadN6V3pY1TzzkgBq8DkZl5L4sUgvGHLG5d72aMUoxpW6wv8+XWh3Ec5Vq7gDbf/aDPmlLtCYCO2XW+FX9gWeCjU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0240.640] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0240.640] CloseHandle (hObject=0x404) returned 1 [0240.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=8) returned 1 [0240.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=4) returned 1 [0240.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=8) returned 1 [0240.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=4) returned 1 [0240.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=8) returned 1 [0240.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=4) returned 1 [0240.641] SetLastError (dwErrCode=0x0) [0240.641] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", lpFilePart=0x19fa34*="user-40.png") returned 0x3e [0240.641] GetLastError () returned 0x0 [0240.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=8) returned 1 [0240.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=4) returned 1 [0240.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=8) returned 1 [0240.644] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png", cchCount2=4) returned 1 [0240.645] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures" (normalized: "c:\\users\\all users\\microsoft\\user account pictures")) returned 0x10 [0240.645] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-40.png")) returned 0 [0240.645] GetLastError () returned 0x2 [0240.645] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-40.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-40.png")) returned 0xffffffff [0240.645] SetLastError (dwErrCode=0x2) [0240.645] GetLastError () returned 0x2 [0240.645] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0240.645] LocalFree (hMem=0x92fe20) returned 0x0 [0240.645] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0240.646] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0240.646] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\user-48.png" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\user-48.png")) returned 0x20 [0240.646] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33555208618) returned 1 [0240.646] GetCurrentThreadId () returned 0x1130 [0240.646] GetCurrentThreadId () returned 0x1130 [0240.646] GetCurrentThreadId () returned 0x1130 [0240.646] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Y!>ep^${4*q^2oDt№A#-RBZl/}№{", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0241.141] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="S{\\@j6\"h.u*KiL2-+_2>RBZl/}№{", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0241.141] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="S{\\@j6\"h.u*KiL2-+_2>RBZl/}№{", cchWideChar=28, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="S{\\@j6\"h.u*KiL2-+_2>RBZl/}â\x84\x96{lfZJV", lpUsedDefaultChar=0x0) returned 30 [0241.141] GetCurrentThreadId () returned 0x1130 [0241.141] GetCurrentThreadId () returned 0x1130 [0241.141] GetCurrentThreadId () returned 0x1130 [0241.141] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingnews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.141] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [227].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [227].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.141] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [227].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [227].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [227].WANNACASH NCOV v310320") returned 0x7e [0241.141] GetLastError () returned 0x5 [0241.142] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ೠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.142] LocalFree (hMem=0x950ce0) returned 0x0 [0241.142] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.142] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.142] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.142] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.142] CloseHandle (hObject=0x404) returned 1 [0241.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.143] SetLastError (dwErrCode=0x0) [0241.143] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x6b [0241.143] GetLastError () returned 0x0 [0241.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.143] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.143] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.143] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingnews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.144] GetLastError () returned 0x5 [0241.144] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingnews_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.144] SetLastError (dwErrCode=0x5) [0241.144] GetLastError () returned 0x5 [0241.144] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.144] LocalFree (hMem=0x950b30) returned 0x0 [0241.144] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.145] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.145] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingnews_4.6.169.0_x86__8wekyb3d8bbwe.xml")) returned 0x20 [0241.145] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33605130649) returned 1 [0241.145] GetCurrentThreadId () returned 0x1130 [0241.145] GetCurrentThreadId () returned 0x1130 [0241.145] GetCurrentThreadId () returned 0x1130 [0241.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$G9CHHn-pe\\!-}Ssfhk%(cL{newG!z3op5I.y", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0241.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$G9CHHn-pe\\!-}Ssfhk%(cL{newG!z3op5I.y", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0241.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$G9CHHn-pe\\!-}Ssfhk%(cL{newG!z3op5I.y", cchWideChar=37, lpMultiByteStr=0x2524fd0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$G9CHHn-pe\\!-}Ssfhk%(cL{newG!z3op5I.y", lpUsedDefaultChar=0x0) returned 37 [0241.145] GetCurrentThreadId () returned 0x1130 [0241.145] GetCurrentThreadId () returned 0x1130 [0241.146] GetCurrentThreadId () returned 0x1130 [0241.146] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingnews_4.6.169.0_x86__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.146] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [228].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [228].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.146] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [228].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [228].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [228].WANNACASH NCOV v310320") returned 0x7e [0241.146] GetLastError () returned 0x5 [0241.146] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.146] LocalFree (hMem=0x9508c0) returned 0x0 [0241.146] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.146] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.146] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.147] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.147] CloseHandle (hObject=0x404) returned 1 [0241.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.147] SetLastError (dwErrCode=0x0) [0241.147] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml") returned 0x66 [0241.148] GetLastError () returned 0x0 [0241.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.148] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.148] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingnews_4.6.169.0_x86__8wekyb3d8bbwe.xml")) returned 0 [0241.148] GetLastError () returned 0x5 [0241.148] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingnews_4.6.169.0_x86__8wekyb3d8bbwe.xml")) returned 0x20 [0241.148] SetLastError (dwErrCode=0x5) [0241.148] GetLastError () returned 0x5 [0241.148] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ഐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.148] LocalFree (hMem=0x950d10) returned 0x0 [0241.148] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.149] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.150] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingsports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.150] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33605590604) returned 1 [0241.150] GetCurrentThreadId () returned 0x1130 [0241.150] GetCurrentThreadId () returned 0x1130 [0241.150] GetCurrentThreadId () returned 0x1130 [0241.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\:R)=QL/TSG2d*LFt>mz,JQ)!u=xzl+", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0241.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\:R)=QL/TSG2d*LFt>mz,JQ)!u=xzl+", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0241.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\:R)=QL/TSG2d*LFt>mz,JQ)!u=xzl+", cchWideChar=31, lpMultiByteStr=0x250f7b8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\:R)=QL/TSG2d*LFt>mz,JQ)!u=xzl+fZJV", lpUsedDefaultChar=0x0) returned 31 [0241.150] GetCurrentThreadId () returned 0x1130 [0241.150] GetCurrentThreadId () returned 0x1130 [0241.150] GetCurrentThreadId () returned 0x1130 [0241.150] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingsports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.150] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [229].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [229].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.151] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [229].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [229].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [229].WANNACASH NCOV v310320") returned 0x7e [0241.151] GetLastError () returned 0x5 [0241.151] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ච\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.151] LocalFree (hMem=0x950da0) returned 0x0 [0241.151] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.151] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.151] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.151] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.152] CloseHandle (hObject=0x404) returned 1 [0241.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.152] SetLastError (dwErrCode=0x0) [0241.152] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x6d [0241.152] GetLastError () returned 0x0 [0241.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.152] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.152] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingsports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.153] GetLastError () returned 0x5 [0241.153] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingsports_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.153] SetLastError (dwErrCode=0x5) [0241.153] GetLastError () returned 0x5 [0241.153] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.153] LocalFree (hMem=0x950dd0) returned 0x0 [0241.153] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.154] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.154] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingsports_4.6.169.0_x86__8wekyb3d8bbwe.xml")) returned 0x20 [0241.154] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33606024926) returned 1 [0241.154] GetCurrentThreadId () returned 0x1130 [0241.154] GetCurrentThreadId () returned 0x1130 [0241.154] GetCurrentThreadId () returned 0x1130 [0241.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="f№xNbl~F^?*#\"JQ7KJ+-{4№lbampz.@1{№,uAB?", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0241.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="f№xNbl~F^?*#\"JQ7KJ+-{4№lbampz.@1{№,uAB?", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0241.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="f№xNbl~F^?*#\"JQ7KJ+-{4№lbampz.@1{№,uAB?", cchWideChar=39, lpMultiByteStr=0x25337d8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fâ\x84\x96xNbl~F^?*#\"JQ7KJ+-{4â\x84\x96lbampz.@1{â\x84\x96,uAB?,KmSDJR", lpUsedDefaultChar=0x0) returned 45 [0241.154] GetCurrentThreadId () returned 0x1130 [0241.154] GetCurrentThreadId () returned 0x1130 [0241.154] GetCurrentThreadId () returned 0x1130 [0241.155] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingsports_4.6.169.0_x86__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.155] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [230].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [230].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.155] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [230].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [230].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [230].WANNACASH NCOV v310320") returned 0x7e [0241.155] GetLastError () returned 0x5 [0241.155] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="๠\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.155] LocalFree (hMem=0x950e60) returned 0x0 [0241.155] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.155] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.155] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.156] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.156] CloseHandle (hObject=0x404) returned 1 [0241.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.156] SetLastError (dwErrCode=0x0) [0241.156] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml") returned 0x68 [0241.156] GetLastError () returned 0x0 [0241.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.157] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.157] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingsports_4.6.169.0_x86__8wekyb3d8bbwe.xml")) returned 0 [0241.157] GetLastError () returned 0x5 [0241.157] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingSports_4.6.169.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingsports_4.6.169.0_x86__8wekyb3d8bbwe.xml")) returned 0x20 [0241.157] SetLastError (dwErrCode=0x5) [0241.157] GetLastError () returned 0x5 [0241.157] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.157] LocalFree (hMem=0x9508c0) returned 0x0 [0241.157] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.158] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.158] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.159] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33606476157) returned 1 [0241.159] GetCurrentThreadId () returned 0x1130 [0241.159] GetCurrentThreadId () returned 0x1130 [0241.159] GetCurrentThreadId () returned 0x1130 [0241.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UY\"CvQ}.bkf5!\"\"k^YyxkYa8BI", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0241.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UY\"CvQ}.bkf5!\"\"k^YyxkYa8BI", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0241.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UY\"CvQ}.bkf5!\"\"k^YyxkYa8BI", cchWideChar=26, lpMultiByteStr=0x2508420, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UY\"CvQ}.bkf5!\"\"k^YyxkYa8BI", lpUsedDefaultChar=0x0) returned 26 [0241.159] GetCurrentThreadId () returned 0x1130 [0241.159] GetCurrentThreadId () returned 0x1130 [0241.159] GetCurrentThreadId () returned 0x1130 [0241.159] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.159] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [231].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [231].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.159] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [231].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [231].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [231].WANNACASH NCOV v310320") returned 0x7e [0241.159] GetLastError () returned 0x5 [0241.159] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.159] LocalFree (hMem=0x950dd0) returned 0x0 [0241.160] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.160] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.160] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.160] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.160] CloseHandle (hObject=0x404) returned 1 [0241.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.161] SetLastError (dwErrCode=0x0) [0241.161] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml") returned 0x7c [0241.161] GetLastError () returned 0x0 [0241.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.161] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.161] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.161] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0 [0241.162] GetLastError () returned 0x5 [0241.162] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.162] SetLastError (dwErrCode=0x5) [0241.162] GetLastError () returned 0x5 [0241.162] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ਐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.162] LocalFree (hMem=0x950a10) returned 0x0 [0241.162] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.163] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.163] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml")) returned 0x20 [0241.163] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33606964744) returned 1 [0241.164] GetCurrentThreadId () returned 0x1130 [0241.164] GetCurrentThreadId () returned 0x1130 [0241.164] GetCurrentThreadId () returned 0x1130 [0241.164] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QZ`3ho_BnK7hus#+I/o=;F9{*eBK(pacm1(G3fO}x-|QO", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0241.164] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QZ`3ho_BnK7hus#+I/o=;F9{*eBK(pacm1(G3fO}x-|QO", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0241.164] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="QZ`3ho_BnK7hus#+I/o=;F9{*eBK(pacm1(G3fO}x-|QO", cchWideChar=45, lpMultiByteStr=0x25337d8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QZ`3ho_BnK7hus#+I/o=;F9{*eBK(pacm1(G3fO}x-|QO,KmSDJR", lpUsedDefaultChar=0x0) returned 45 [0241.164] GetCurrentThreadId () returned 0x1130 [0241.164] GetCurrentThreadId () returned 0x1130 [0241.164] GetCurrentThreadId () returned 0x1130 [0241.164] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.164] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [232].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [232].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.164] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [232].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [232].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [232].WANNACASH NCOV v310320") returned 0x7e [0241.164] GetLastError () returned 0x5 [0241.164] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.164] LocalFree (hMem=0x9509e0) returned 0x0 [0241.164] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.164] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.165] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.180] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.180] CloseHandle (hObject=0x404) returned 1 [0241.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.180] SetLastError (dwErrCode=0x0) [0241.181] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml") returned 0x7c [0241.181] GetLastError () returned 0x0 [0241.181] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.181] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.181] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.181] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.181] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.181] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml")) returned 0 [0241.181] GetLastError () returned 0x5 [0241.181] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml")) returned 0x20 [0241.181] SetLastError (dwErrCode=0x5) [0241.182] GetLastError () returned 0x5 [0241.182] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.182] LocalFree (hMem=0x950c50) returned 0x0 [0241.182] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.182] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.183] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.183] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33608897801) returned 1 [0241.183] GetCurrentThreadId () returned 0x1130 [0241.183] GetCurrentThreadId () returned 0x1130 [0241.183] GetCurrentThreadId () returned 0x1130 [0241.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lxft6!k8KX}>Pp>_h,2#qI@b)I^k*31n:,?!)@k", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0241.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lxft6!k8KX}>Pp>_h,2#qI@b)I^k*31n:,?!)@k", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0241.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="lxft6!k8KX}>Pp>_h,2#qI@b)I^k*31n:,?!)@k", cchWideChar=39, lpMultiByteStr=0x2525040, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lxft6!k8KX}>Pp>_h,2#qI@b)I^k*31n:,?!)@k)4V(3©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 39 [0241.183] GetCurrentThreadId () returned 0x1130 [0241.183] GetCurrentThreadId () returned 0x1130 [0241.183] GetCurrentThreadId () returned 0x1130 [0241.183] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.183] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [233].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [233].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [233].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [233].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [233].WANNACASH NCOV v310320") returned 0x7e [0241.184] GetLastError () returned 0x5 [0241.184] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.184] LocalFree (hMem=0x950950) returned 0x0 [0241.184] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.184] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.184] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.185] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.185] CloseHandle (hObject=0x404) returned 1 [0241.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.185] SetLastError (dwErrCode=0x0) [0241.185] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x6e [0241.185] GetLastError () returned 0x0 [0241.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.185] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.186] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.186] GetLastError () returned 0x5 [0241.186] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.186] SetLastError (dwErrCode=0x5) [0241.186] GetLastError () returned 0x5 [0241.186] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.186] LocalFree (hMem=0x950b90) returned 0x0 [0241.186] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.187] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.187] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.187] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33609340726) returned 1 [0241.187] GetCurrentThreadId () returned 0x1130 [0241.187] GetCurrentThreadId () returned 0x1130 [0241.187] GetCurrentThreadId () returned 0x1130 [0241.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="|)S=5TX!Nxt\\Hr;Bms6%5te9v_~#c8t4VD9P&6qOPU", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0241.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="|)S=5TX!Nxt\\Hr;Bms6%5te9v_~#c8t4VD9P&6qOPU", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0241.188] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="|)S=5TX!Nxt\\Hr;Bms6%5te9v_~#c8t4VD9P&6qOPU", cchWideChar=42, lpMultiByteStr=0x2524fd0, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="|)S=5TX!Nxt\\Hr;Bms6%5te9v_~#c8t4VD9P&6qOPU/", lpUsedDefaultChar=0x0) returned 42 [0241.188] GetCurrentThreadId () returned 0x1130 [0241.188] GetCurrentThreadId () returned 0x1130 [0241.188] GetCurrentThreadId () returned 0x1130 [0241.188] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_x64__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.188] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [234].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [234].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.188] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [234].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [234].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [234].WANNACASH NCOV v310320") returned 0x7e [0241.188] GetLastError () returned 0x5 [0241.188] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.188] LocalFree (hMem=0x9509e0) returned 0x0 [0241.188] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.188] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.188] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.189] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.189] CloseHandle (hObject=0x404) returned 1 [0241.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.189] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.190] SetLastError (dwErrCode=0x0) [0241.190] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml") returned 0x69 [0241.190] GetLastError () returned 0x0 [0241.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.190] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.190] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_x64__8wekyb3d8bbwe.xml")) returned 0 [0241.190] GetLastError () returned 0x5 [0241.190] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.18.56.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.190] SetLastError (dwErrCode=0x5) [0241.190] GetLastError () returned 0x5 [0241.190] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.190] LocalFree (hMem=0x950c50) returned 0x0 [0241.190] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.191] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.191] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.192] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33609784033) returned 1 [0241.192] GetCurrentThreadId () returned 0x1130 [0241.192] GetCurrentThreadId () returned 0x1130 [0241.192] GetCurrentThreadId () returned 0x1130 [0241.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":7)rkU5^TCLiNlGL^N(@+a?z%NF;Px1W!pS", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0241.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":7)rkU5^TCLiNlGL^N(@+a?z%NF;Px1W!pS", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0241.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":7)rkU5^TCLiNlGL^N(@+a?z%NF;Px1W!pS", cchWideChar=35, lpMultiByteStr=0x250f7b8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=":7)rkU5^TCLiNlGL^N(@+a?z%NF;Px1W!pS", lpUsedDefaultChar=0x0) returned 35 [0241.192] GetCurrentThreadId () returned 0x1130 [0241.192] GetCurrentThreadId () returned 0x1130 [0241.192] GetCurrentThreadId () returned 0x1130 [0241.192] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.192] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [235].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [235].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.192] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [235].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [235].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [235].WANNACASH NCOV v310320") returned 0x7e [0241.193] GetLastError () returned 0x5 [0241.193] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.193] LocalFree (hMem=0x950c50) returned 0x0 [0241.193] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.193] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.193] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.193] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.194] CloseHandle (hObject=0x404) returned 1 [0241.194] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.194] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.194] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.194] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.194] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.194] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.194] SetLastError (dwErrCode=0x0) [0241.194] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x6e [0241.194] GetLastError () returned 0x0 [0241.194] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.194] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.194] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.194] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.194] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.195] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.195] GetLastError () returned 0x5 [0241.195] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bingweather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.195] SetLastError (dwErrCode=0x5) [0241.195] GetLastError () returned 0x5 [0241.195] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ච\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.195] LocalFree (hMem=0x950da0) returned 0x0 [0241.195] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.196] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.196] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bioenrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml")) returned 0x20 [0241.244] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33614982358) returned 1 [0241.244] GetCurrentThreadId () returned 0x1130 [0241.244] GetCurrentThreadId () returned 0x1130 [0241.244] GetCurrentThreadId () returned 0x1130 [0241.244] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="iY}c}5tkYRG;hauu*3fg`ITl+n9OK%1f", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0241.244] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="iY}c}5tkYRG;hauu*3fg`ITl+n9OK%1f", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0241.244] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="iY}c}5tkYRG;hauu*3fg`ITl+n9OK%1f", cchWideChar=32, lpMultiByteStr=0x250f7b8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="iY}c}5tkYRG;hauu*3fg`ITl+n9OK%1f!pS", lpUsedDefaultChar=0x0) returned 32 [0241.244] GetCurrentThreadId () returned 0x1130 [0241.244] GetCurrentThreadId () returned 0x1130 [0241.244] GetCurrentThreadId () returned 0x1130 [0241.244] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bioenrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.245] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [236].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [236].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.245] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [236].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [236].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [236].WANNACASH NCOV v310320") returned 0x7e [0241.245] GetLastError () returned 0x5 [0241.245] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.245] LocalFree (hMem=0x950b90) returned 0x0 [0241.245] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.245] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.245] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.246] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.246] CloseHandle (hObject=0x404) returned 1 [0241.246] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.247] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.247] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.247] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.247] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.247] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.247] SetLastError (dwErrCode=0x0) [0241.247] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", lpFilePart=0x19e458*="Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml") returned 0x72 [0241.247] GetLastError () returned 0x0 [0241.247] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.247] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.247] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.247] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.247] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.247] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bioenrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml")) returned 0 [0241.248] GetLastError () returned 0x5 [0241.248] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.bioenrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml")) returned 0x20 [0241.248] SetLastError (dwErrCode=0x5) [0241.248] GetLastError () returned 0x5 [0241.248] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ઠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.248] LocalFree (hMem=0x950aa0) returned 0x0 [0241.248] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.249] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.249] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.commsphone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.249] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33615550850) returned 1 [0241.249] GetCurrentThreadId () returned 0x1130 [0241.249] GetCurrentThreadId () returned 0x1130 [0241.250] GetCurrentThreadId () returned 0x1130 [0241.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="*ATPhN!)k8;=2s5yqt;9\\+=)=@|=\\}q6D", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0241.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="*ATPhN!)k8;=2s5yqt;9\\+=)=@|=\\}q6D", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0241.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="*ATPhN!)k8;=2s5yqt;9\\+=)=@|=\\}q6D", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*ATPhN!)k8;=2s5yqt;9\\+=)=@|=\\}q6DpS", lpUsedDefaultChar=0x0) returned 33 [0241.250] GetCurrentThreadId () returned 0x1130 [0241.250] GetCurrentThreadId () returned 0x1130 [0241.250] GetCurrentThreadId () returned 0x1130 [0241.250] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.commsphone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.250] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [237].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [237].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.250] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [237].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [237].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [237].WANNACASH NCOV v310320") returned 0x7e [0241.250] GetLastError () returned 0x5 [0241.250] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ઠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.250] LocalFree (hMem=0x950aa0) returned 0x0 [0241.251] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.251] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.251] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.251] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.252] CloseHandle (hObject=0x404) returned 1 [0241.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.252] SetLastError (dwErrCode=0x0) [0241.252] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml") returned 0x7e [0241.252] GetLastError () returned 0x0 [0241.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.253] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.253] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.commsphone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0 [0241.253] GetLastError () returned 0x5 [0241.253] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.commsphone_1.10.15000.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.253] SetLastError (dwErrCode=0x5) [0241.253] GetLastError () returned 0x5 [0241.253] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="௰\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.253] LocalFree (hMem=0x950bf0) returned 0x0 [0241.253] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.254] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.255] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.commsphone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.255] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33616110479) returned 1 [0241.255] GetCurrentThreadId () returned 0x1130 [0241.255] GetCurrentThreadId () returned 0x1130 [0241.255] GetCurrentThreadId () returned 0x1130 [0241.255] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K/v>KGv,uM>?1,Q№!№Wvc2=_N3№{G\\6mLn_M1*cAe8zVh%hRP", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0241.255] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K/v>KGv,uM>?1,Q№!№Wvc2=_N3№{G\\6mLn_M1*cAe8zVh%hRP", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0241.255] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K/v>KGv,uM>?1,Q№!№Wvc2=_N3№{G\\6mLn_M1*cAe8zVh%hRP", cchWideChar=49, lpMultiByteStr=0x2516890, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="K/v>KGv,uM>?1,Qâ\x84\x96!â\x84\x96Wvc2=_N3â\x84\x96{G\\6mLn_M1*cAe8zVh%hRP", lpUsedDefaultChar=0x0) returned 55 [0241.255] GetCurrentThreadId () returned 0x1130 [0241.255] GetCurrentThreadId () returned 0x1130 [0241.255] GetCurrentThreadId () returned 0x1130 [0241.255] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.commsphone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.255] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [238].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [238].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.256] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [238].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [238].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [238].WANNACASH NCOV v310320") returned 0x7e [0241.256] GetLastError () returned 0x5 [0241.256] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.256] LocalFree (hMem=0x9509e0) returned 0x0 [0241.256] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.256] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.256] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.256] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.256] CloseHandle (hObject=0x404) returned 1 [0241.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.257] SetLastError (dwErrCode=0x0) [0241.257] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x70 [0241.257] GetLastError () returned 0x0 [0241.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.257] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.257] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.257] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.commsphone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.257] GetLastError () returned 0x5 [0241.257] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.commsphone_1.10.15000.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.257] SetLastError (dwErrCode=0x5) [0241.257] GetLastError () returned 0x5 [0241.257] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ච\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.258] LocalFree (hMem=0x950da0) returned 0x0 [0241.258] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.258] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.258] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.258] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33616455824) returned 1 [0241.258] GetCurrentThreadId () returned 0x1130 [0241.258] GetCurrentThreadId () returned 0x1130 [0241.259] GetCurrentThreadId () returned 0x1130 [0241.259] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Y\"uyy`7№r}}y4I;t>ZeQ}iUJ?sEpDbo,}zM\"p=zZeQ}iUJ?sEpDbo,}zM\"p=zZeQ}iUJ?sEpDbo,}zM\"p=zZeQ}iUJ?sEpDbo,}zM\"p=z7№FuR@U?x~7z=o7\\Vzb5S86W^FC", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0241.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Iat-@Lg\"&dC-@>7№FuR@U?x~7z=o7\\Vzb5S86W^FC", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0241.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Iat-@Lg\"&dC-@>7№FuR@U?x~7z=o7\\Vzb5S86W^FC", cchWideChar=41, lpMultiByteStr=0x2525040, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Iat-@Lg\"&dC-@>7â\x84\x96FuR@U?x~7z=o7\\Vzb5S86W^FC3©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 43 [0241.278] GetCurrentThreadId () returned 0x1130 [0241.278] GetCurrentThreadId () returned 0x1130 [0241.278] GetCurrentThreadId () returned 0x1130 [0241.278] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.desktopappinstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.278] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [243].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [243].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.278] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [243].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [243].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [243].WANNACASH NCOV v310320") returned 0x7e [0241.278] GetLastError () returned 0x5 [0241.278] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.278] LocalFree (hMem=0x950b30) returned 0x0 [0241.278] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.278] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.278] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.279] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.279] CloseHandle (hObject=0x404) returned 1 [0241.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.279] SetLastError (dwErrCode=0x0) [0241.279] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml") returned 0x86 [0241.279] GetLastError () returned 0x0 [0241.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.279] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.280] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.desktopappinstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0 [0241.280] GetLastError () returned 0x5 [0241.280] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.desktopappinstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.280] SetLastError (dwErrCode=0x5) [0241.280] GetLastError () returned 0x5 [0241.280] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.280] LocalFree (hMem=0x950950) returned 0x0 [0241.280] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.280] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.281] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.desktopappinstaller_1.0.10252.0_neutral_split.scale-125_8wekyb3d8bbwe.xml")) returned 0x20 [0241.281] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33618702397) returned 1 [0241.281] GetCurrentThreadId () returned 0x1130 [0241.281] GetCurrentThreadId () returned 0x1130 [0241.281] GetCurrentThreadId () returned 0x1130 [0241.281] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8&6%++Ob7aZPDK%,\"GC9(FB8W`\"g)№7v)", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0241.334] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i~Y.9h8~QzW6;1m$!\"=zJRccka*&2mz4t^}Y?OAo>)№7v)", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0241.334] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i~Y.9h8~QzW6;1m$!\"=zJRccka*&2mz4t^}Y?OAo>)№7v)", cchWideChar=46, lpMultiByteStr=0x25337d8, cbMultiByte=48, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="i~Y.9h8~QzW6;1m$!\"=zJRccka*&2mz4t^}Y?OAo>)â\x84\x967v)9DJR", lpUsedDefaultChar=0x0) returned 48 [0241.334] GetCurrentThreadId () returned 0x1130 [0241.334] GetCurrentThreadId () returned 0x1130 [0241.334] GetCurrentThreadId () returned 0x1130 [0241.334] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.334] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [255].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [255].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.335] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [255].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [255].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [255].WANNACASH NCOV v310320") returned 0x7e [0241.335] GetLastError () returned 0x5 [0241.335] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.335] LocalFree (hMem=0x950dd0) returned 0x0 [0241.335] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.335] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.335] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.335] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.335] CloseHandle (hObject=0x404) returned 1 [0241.336] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.336] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.336] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.336] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.336] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.336] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.336] SetLastError (dwErrCode=0x0) [0241.336] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml") returned 0x7d [0241.336] GetLastError () returned 0x0 [0241.336] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.336] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.336] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.336] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.336] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.336] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml")) returned 0 [0241.336] GetLastError () returned 0x5 [0241.336] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml")) returned 0x20 [0241.337] SetLastError (dwErrCode=0x5) [0241.337] GetLastError () returned 0x5 [0241.337] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.337] LocalFree (hMem=0x950c50) returned 0x0 [0241.337] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.337] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.338] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.338] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33624385765) returned 1 [0241.338] GetCurrentThreadId () returned 0x1130 [0241.338] GetCurrentThreadId () returned 0x1130 [0241.338] GetCurrentThreadId () returned 0x1130 [0241.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/T7dB@33@E%z%V?w@MWhHmSWQco;y", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/T7dB@33@E%z%V?w@MWhHmSWQco;y", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/T7dB@33@E%z%V?w@MWhHmSWQco;y", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="/T7dB@33@E%z%V?w@MWhHmSWQco;y246DpS", lpUsedDefaultChar=0x0) returned 29 [0241.338] GetCurrentThreadId () returned 0x1130 [0241.338] GetCurrentThreadId () returned 0x1130 [0241.338] GetCurrentThreadId () returned 0x1130 [0241.338] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.338] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [256].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [256].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.338] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [256].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [256].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [256].WANNACASH NCOV v310320") returned 0x7e [0241.338] GetLastError () returned 0x5 [0241.338] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.338] LocalFree (hMem=0x950950) returned 0x0 [0241.338] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.339] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.339] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.339] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.339] CloseHandle (hObject=0x404) returned 1 [0241.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.340] SetLastError (dwErrCode=0x0) [0241.340] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml") returned 0x6a [0241.340] GetLastError () returned 0x0 [0241.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.340] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.340] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml")) returned 0 [0241.340] GetLastError () returned 0x5 [0241.340] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.340] SetLastError (dwErrCode=0x5) [0241.340] GetLastError () returned 0x5 [0241.340] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="௰\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.340] LocalFree (hMem=0x950bf0) returned 0x0 [0241.340] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.341] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.341] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoft3dviewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.341] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33624740436) returned 1 [0241.341] GetCurrentThreadId () returned 0x1130 [0241.341] GetCurrentThreadId () returned 0x1130 [0241.341] GetCurrentThreadId () returned 0x1130 [0241.341] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TkM,4r:Br3\"?mNWNGEM+)N/*RpX3B-Tg^(,E!/=t=q-_f", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0241.341] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TkM,4r:Br3\"?mNWNGEM+)N/*RpX3B-Tg^(,E!/=t=q-_f", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0241.341] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TkM,4r:Br3\"?mNWNGEM+)N/*RpX3B-Tg^(,E!/=t=q-_f", cchWideChar=45, lpMultiByteStr=0x25337d8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TkM,4r:Br3\"?mNWNGEM+)N/*RpX3B-Tg^(,E!/=t=q-_f7v)9DJR", lpUsedDefaultChar=0x0) returned 45 [0241.341] GetCurrentThreadId () returned 0x1130 [0241.341] GetCurrentThreadId () returned 0x1130 [0241.342] GetCurrentThreadId () returned 0x1130 [0241.342] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoft3dviewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.342] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [257].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [257].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.342] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [257].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [257].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [257].WANNACASH NCOV v310320") returned 0x7e [0241.342] GetLastError () returned 0x5 [0241.342] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="௰\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.342] LocalFree (hMem=0x950bf0) returned 0x0 [0241.342] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.342] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.342] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.343] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.343] CloseHandle (hObject=0x404) returned 1 [0241.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.343] SetLastError (dwErrCode=0x0) [0241.343] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x79 [0241.343] GetLastError () returned 0x0 [0241.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.343] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.344] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoft3dviewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.344] GetLastError () returned 0x5 [0241.344] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoft3dviewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.344] SetLastError (dwErrCode=0x5) [0241.344] GetLastError () returned 0x5 [0241.344] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.344] LocalFree (hMem=0x9508c0) returned 0x0 [0241.344] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.344] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.345] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoft3dviewer_1.1702.21039.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.345] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33625106451) returned 1 [0241.345] GetCurrentThreadId () returned 0x1130 [0241.345] GetCurrentThreadId () returned 0x1130 [0241.345] GetCurrentThreadId () returned 0x1130 [0241.345] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="sG5)`=GrPvb|kMp`-E&YMpFrnH=3/>Tp6PzePM;~2,cYk+h№mk%", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0241.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}u3\"c95p|bra~>>Tp6PzePM;~2,cYk+h№mk%", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0241.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}u3\"c95p|bra~>>Tp6PzePM;~2,cYk+h№mk%", cchWideChar=40, lpMultiByteStr=0x2525040, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="}u3\"c95p|bra~>>Tp6PzePM;~2,cYk+hâ\x84\x96mk%3.©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 42 [0241.417] GetCurrentThreadId () returned 0x1130 [0241.417] GetCurrentThreadId () returned 0x1130 [0241.417] GetCurrentThreadId () returned 0x1130 [0241.417] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftsolitairecollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.417] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [267].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [267].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.418] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [267].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [267].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [267].WANNACASH NCOV v310320") returned 0x7e [0241.418] GetLastError () returned 0x5 [0241.418] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.418] LocalFree (hMem=0x9509e0) returned 0x0 [0241.418] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.418] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.418] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.418] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.418] CloseHandle (hObject=0x404) returned 1 [0241.419] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.419] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.419] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.419] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.419] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.419] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.419] SetLastError (dwErrCode=0x0) [0241.419] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml") returned 0x8e [0241.419] GetLastError () returned 0x0 [0241.419] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.419] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.419] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.419] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.419] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.419] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftsolitairecollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0 [0241.420] GetLastError () returned 0x5 [0241.420] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftsolitairecollection_3.3.9211.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.420] SetLastError (dwErrCode=0x5) [0241.420] GetLastError () returned 0x5 [0241.420] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.420] LocalFree (hMem=0x9508c0) returned 0x0 [0241.420] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.420] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.421] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftsolitairecollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.422] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33632802205) returned 1 [0241.422] GetCurrentThreadId () returned 0x1130 [0241.422] GetCurrentThreadId () returned 0x1130 [0241.422] GetCurrentThreadId () returned 0x1130 [0241.422] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="28QX?VzHL<>_dzUZ2e/,>vC_isF9B", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.422] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="28QX?VzHL<>_dzUZ2e/,>vC_isF9B", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.422] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="28QX?VzHL<>_dzUZ2e/,>vC_isF9B", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="28QX?VzHL<>_dzUZ2e/,>vC_isF9B2k>\\)l", lpUsedDefaultChar=0x0) returned 29 [0241.422] GetCurrentThreadId () returned 0x1130 [0241.422] GetCurrentThreadId () returned 0x1130 [0241.422] GetCurrentThreadId () returned 0x1130 [0241.422] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftsolitairecollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.422] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [268].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [268].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.423] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [268].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [268].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [268].WANNACASH NCOV v310320") returned 0x7e [0241.423] GetLastError () returned 0x5 [0241.423] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.423] LocalFree (hMem=0x9508c0) returned 0x0 [0241.423] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.423] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.423] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.423] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.423] CloseHandle (hObject=0x404) returned 1 [0241.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.424] SetLastError (dwErrCode=0x0) [0241.424] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x80 [0241.424] GetLastError () returned 0x0 [0241.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.424] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.424] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftsolitairecollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.424] GetLastError () returned 0x5 [0241.425] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftsolitairecollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.425] SetLastError (dwErrCode=0x5) [0241.425] GetLastError () returned 0x5 [0241.425] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.425] LocalFree (hMem=0x950a40) returned 0x0 [0241.425] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.425] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.426] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftstickynotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.426] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33633204278) returned 1 [0241.426] GetCurrentThreadId () returned 0x1130 [0241.426] GetCurrentThreadId () returned 0x1130 [0241.426] GetCurrentThreadId () returned 0x1130 [0241.426] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_}I`.aYF>TG\\!}dal|!ci_r3i", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0241.426] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_}I`.aYF>TG\\!}dal|!ci_r3i", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0241.426] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_}I`.aYF>TG\\!}dal|!ci_r3i", cchWideChar=25, lpMultiByteStr=0x2508420, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_}I`.aYF>TG\\!}dal|!ci_r3i", lpUsedDefaultChar=0x0) returned 25 [0241.426] GetCurrentThreadId () returned 0x1130 [0241.426] GetCurrentThreadId () returned 0x1130 [0241.426] GetCurrentThreadId () returned 0x1130 [0241.426] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftstickynotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.426] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [269].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [269].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.427] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [269].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [269].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [269].WANNACASH NCOV v310320") returned 0x7e [0241.427] GetLastError () returned 0x5 [0241.427] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ഐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.427] LocalFree (hMem=0x950d10) returned 0x0 [0241.427] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.427] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.427] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.428] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.428] CloseHandle (hObject=0x404) returned 1 [0241.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.428] SetLastError (dwErrCode=0x0) [0241.428] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml") returned 0x85 [0241.428] GetLastError () returned 0x0 [0241.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.429] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.429] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftstickynotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0 [0241.429] GetLastError () returned 0x5 [0241.429] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftstickynotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.429] SetLastError (dwErrCode=0x5) [0241.429] GetLastError () returned 0x5 [0241.429] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੰ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.429] LocalFree (hMem=0x950a70) returned 0x0 [0241.429] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.430] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.430] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftstickynotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml")) returned 0x20 [0241.430] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33634668783) returned 1 [0241.441] GetCurrentThreadId () returned 0x1130 [0241.441] GetCurrentThreadId () returned 0x1130 [0241.441] GetCurrentThreadId () returned 0x1130 [0241.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="I!H`G6<4tqQQpNoRzwTdGQ)`.\"FC\\", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="I!H`G6<4tqQQpNoRzwTdGQ)`.\"FC\\", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.441] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="I!H`G6<4tqQQpNoRzwTdGQ)`.\"FC\\", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="I!H`G6<4tqQQpNoRzwTdGQ)`.\"FC\\2k>\\)l", lpUsedDefaultChar=0x0) returned 29 [0241.441] GetCurrentThreadId () returned 0x1130 [0241.441] GetCurrentThreadId () returned 0x1130 [0241.441] GetCurrentThreadId () returned 0x1130 [0241.441] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftstickynotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.441] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [270].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [270].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.442] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [270].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [270].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [270].WANNACASH NCOV v310320") returned 0x7e [0241.442] GetLastError () returned 0x5 [0241.442] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੰ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.442] LocalFree (hMem=0x950a70) returned 0x0 [0241.442] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.442] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.442] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.443] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.443] CloseHandle (hObject=0x404) returned 1 [0241.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.444] SetLastError (dwErrCode=0x0) [0241.444] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml") returned 0x85 [0241.444] GetLastError () returned 0x0 [0241.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.444] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.444] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftstickynotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml")) returned 0 [0241.444] GetLastError () returned 0x5 [0241.444] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftstickynotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml")) returned 0x20 [0241.444] SetLastError (dwErrCode=0x5) [0241.444] GetLastError () returned 0x5 [0241.444] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣰ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.444] LocalFree (hMem=0x9508f0) returned 0x0 [0241.444] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.445] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.445] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.microsoftstickynotes_1.4.101.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.445] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33635161677) returned 1 [0241.446] GetCurrentThreadId () returned 0x1130 [0241.446] GetCurrentThreadId () returned 0x1130 [0241.446] GetCurrentThreadId () returned 0x1130 [0241.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="?bK}#l!|nh~!>\\{`Vk-a\"Z3&&&f>(QE$7(QE$7(QE$7(QE$7;pTbJCZk&3R\"z)Be~Lzv.~nnn{KVZdB", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0241.575] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@vp\"E*2\"n;pTbJCZk&3R\"z)Be~Lzv.~nnn{KVZdB", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0241.575] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@vp\"E*2\"n;pTbJCZk&3R\"z)Be~Lzv.~nnn{KVZdB", cchWideChar=44, lpMultiByteStr=0x2524fd0, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="@vp\"E*2\"n;pTbJCZk&3R\"z)Be~Lzv.~nnn{KVZdBqPR\x02\x01", lpUsedDefaultChar=0x0) returned 44 [0241.575] GetCurrentThreadId () returned 0x1130 [0241.575] GetCurrentThreadId () returned 0x1130 [0241.575] GetCurrentThreadId () returned 0x1130 [0241.575] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.office.onenote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.576] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [295].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [295].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.576] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [295].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [295].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [295].WANNACASH NCOV v310320") returned 0x7e [0241.576] GetLastError () returned 0x5 [0241.576] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="௰\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.576] LocalFree (hMem=0x950bf0) returned 0x0 [0241.576] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.576] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.576] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.577] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.577] CloseHandle (hObject=0x404) returned 1 [0241.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.577] SetLastError (dwErrCode=0x0) [0241.577] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x79 [0241.577] GetLastError () returned 0x0 [0241.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.577] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.577] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.office.onenote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.578] GetLastError () returned 0x5 [0241.578] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.office.onenote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.578] SetLastError (dwErrCode=0x5) [0241.578] GetLastError () returned 0x5 [0241.578] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="௰\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.578] LocalFree (hMem=0x950bf0) returned 0x0 [0241.578] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.578] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.579] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.office.sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.580] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33648645062) returned 1 [0241.580] GetCurrentThreadId () returned 0x1130 [0241.580] GetCurrentThreadId () returned 0x1130 [0241.580] GetCurrentThreadId () returned 0x1130 [0241.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P$e.C+GdQX}sa,+|6s!Lv_BW.twd|oN~9", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0241.580] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P$e.C+GdQX}sa,+|6s!Lv_BW.twd|oN~9", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0241.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P$e.C+GdQX}sa,+|6s!Lv_BW.twd|oN~9", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="P$e.C+GdQX}sa,+|6s!Lv_BW.twd|oN~9OOy\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 33 [0241.581] GetCurrentThreadId () returned 0x1130 [0241.581] GetCurrentThreadId () returned 0x1130 [0241.581] GetCurrentThreadId () returned 0x1130 [0241.581] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.office.sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.581] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [296].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [296].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.581] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [296].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [296].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [296].WANNACASH NCOV v310320") returned 0x7e [0241.581] GetLastError () returned 0x5 [0241.581] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.581] LocalFree (hMem=0x9509e0) returned 0x0 [0241.581] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.581] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.581] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.582] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.582] CloseHandle (hObject=0x404) returned 1 [0241.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.582] SetLastError (dwErrCode=0x0) [0241.582] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml") returned 0x6f [0241.582] GetLastError () returned 0x0 [0241.582] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.583] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.583] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.office.sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml")) returned 0 [0241.583] GetLastError () returned 0x5 [0241.583] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.office.sway_17.6216.20251.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.583] SetLastError (dwErrCode=0x5) [0241.583] GetLastError () returned 0x5 [0241.583] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੰ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.583] LocalFree (hMem=0x950a70) returned 0x0 [0241.583] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.584] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.584] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.office.sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.585] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33649085614) returned 1 [0241.585] GetCurrentThreadId () returned 0x1130 [0241.585] GetCurrentThreadId () returned 0x1130 [0241.585] GetCurrentThreadId () returned 0x1130 [0241.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_S&%+C!y}_dTEb7^V-Ny6WYU},LjZUw\"GNHs", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0241.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_S&%+C!y}_dTEb7^V-Ny6WYU},LjZUw\"GNHs", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0241.585] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_S&%+C!y}_dTEb7^V-Ny6WYU},LjZUw\"GNHs", cchWideChar=44, lpMultiByteStr=0x2525040, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_S&%+C!y}_dTEb7^V-Ny6WYU},LjZUw\"GNHs©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 44 [0241.585] GetCurrentThreadId () returned 0x1130 [0241.585] GetCurrentThreadId () returned 0x1130 [0241.585] GetCurrentThreadId () returned 0x1130 [0241.585] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.office.sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.585] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [297].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [297].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.585] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [297].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [297].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [297].WANNACASH NCOV v310320") returned 0x7e [0241.585] GetLastError () returned 0x5 [0241.585] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ୠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.585] LocalFree (hMem=0x950b60) returned 0x0 [0241.585] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.586] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.586] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.586] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.586] CloseHandle (hObject=0x404) returned 1 [0241.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.587] SetLastError (dwErrCode=0x0) [0241.587] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x76 [0241.587] GetLastError () returned 0x0 [0241.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.588] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.588] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.588] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.office.sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.588] GetLastError () returned 0x5 [0241.588] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.office.sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.588] SetLastError (dwErrCode=0x5) [0241.588] GetLastError () returned 0x5 [0241.588] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.588] LocalFree (hMem=0x950a40) returned 0x0 [0241.588] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.589] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.589] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.oneconnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.589] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33649521161) returned 1 [0241.589] GetCurrentThreadId () returned 0x1130 [0241.589] GetCurrentThreadId () returned 0x1130 [0241.589] GetCurrentThreadId () returned 0x1130 [0241.589] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Cb8w=jA", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0241.726] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="csTT*P^k&VM^TCB.R{QK%j&_w\"-bSXR/Eb>8w=jA", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0241.726] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="csTT*P^k&VM^TCB.R{QK%j&_w\"-bSXR/Eb>8w=jA", cchWideChar=40, lpMultiByteStr=0x2525040, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csTT*P^k&VM^TCB.R{QK%j&_w\"-bSXR/Eb>8w=jAl)Gc©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 40 [0241.726] GetCurrentThreadId () returned 0x1130 [0241.726] GetCurrentThreadId () returned 0x1130 [0241.726] GetCurrentThreadId () returned 0x1130 [0241.726] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.726] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [320].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [320].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.726] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [320].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [320].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [320].WANNACASH NCOV v310320") returned 0x7e [0241.726] GetLastError () returned 0x5 [0241.726] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ะ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.727] LocalFree (hMem=0x950e30) returned 0x0 [0241.727] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.727] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.727] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.727] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.728] CloseHandle (hObject=0x404) returned 1 [0241.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.728] SetLastError (dwErrCode=0x0) [0241.728] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml") returned 0x6e [0241.728] GetLastError () returned 0x0 [0241.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.728] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.728] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml")) returned 0 [0241.729] GetLastError () returned 0x5 [0241.729] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.729] SetLastError (dwErrCode=0x5) [0241.729] GetLastError () returned 0x5 [0241.729] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.729] LocalFree (hMem=0x950b30) returned 0x0 [0241.729] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.730] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.730] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.22929.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.vclibs.140.00_14.0.22929.0_x86__8wekyb3d8bbwe.xml")) returned 0x20 [0241.730] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33663638940) returned 1 [0241.730] GetCurrentThreadId () returned 0x1130 [0241.730] GetCurrentThreadId () returned 0x1130 [0241.730] GetCurrentThreadId () returned 0x1130 [0241.730] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=",2Q%", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0241.734] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CCqYRB/)N}On(,j@i(XlSW6XY@k@P*g№dj1yc@kIt>,2Q%", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0241.734] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CCqYRB/)N}On(,j@i(XlSW6XY@k@P*g№dj1yc@kIt>,2Q%", cchWideChar=46, lpMultiByteStr=0x25337d8, cbMultiByte=48, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CCqYRB/)N}On(,j@i(XlSW6XY@k@P*gâ\x84\x96dj1yc@kIt>,2Q%E=^R", lpUsedDefaultChar=0x0) returned 48 [0241.734] GetCurrentThreadId () returned 0x1130 [0241.734] GetCurrentThreadId () returned 0x1130 [0241.734] GetCurrentThreadId () returned 0x1130 [0241.734] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.vclibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.734] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [322].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [322].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.735] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [322].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [322].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [322].WANNACASH NCOV v310320") returned 0x7e [0241.735] GetLastError () returned 0x5 [0241.735] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="฀\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.735] LocalFree (hMem=0x950e00) returned 0x0 [0241.735] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.735] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.735] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.735] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.735] CloseHandle (hObject=0x404) returned 1 [0241.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.736] SetLastError (dwErrCode=0x0) [0241.736] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml") returned 0x6e [0241.736] GetLastError () returned 0x0 [0241.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.736] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.736] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.vclibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml")) returned 0 [0241.736] GetLastError () returned 0x5 [0241.736] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.vclibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.736] SetLastError (dwErrCode=0x5) [0241.736] GetLastError () returned 0x5 [0241.737] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.737] LocalFree (hMem=0x9508c0) returned 0x0 [0241.737] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.737] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.737] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.vclibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml")) returned 0x20 [0241.737] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33664362933) returned 1 [0241.738] GetCurrentThreadId () returned 0x1130 [0241.738] GetCurrentThreadId () returned 0x1130 [0241.738] GetCurrentThreadId () returned 0x1130 [0241.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="l_>u6f1mF:Zf7?V3IL3pC6eLr№E%1I$U$>fVc$eV6a", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0241.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="l_>u6f1mF:Zf7?V3IL3pC6eLr№E%1I$U$>fVc$eV6a", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0241.738] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="l_>u6f1mF:Zf7?V3IL3pC6eLr№E%1I$U$>fVc$eV6a", cchWideChar=42, lpMultiByteStr=0x2524fd0, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="l_>u6f1mF:Zf7?V3IL3pC6eLrâ\x84\x96E%1I$U$>fVc$eV6aqPR\x02\x01", lpUsedDefaultChar=0x0) returned 44 [0241.738] GetCurrentThreadId () returned 0x1130 [0241.738] GetCurrentThreadId () returned 0x1130 [0241.738] GetCurrentThreadId () returned 0x1130 [0241.738] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.vclibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.738] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [323].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [323].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.738] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [323].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [323].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [323].WANNACASH NCOV v310320") returned 0x7e [0241.738] GetLastError () returned 0x5 [0241.738] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੰ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.738] LocalFree (hMem=0x950a70) returned 0x0 [0241.738] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.738] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.739] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.739] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.739] CloseHandle (hObject=0x404) returned 1 [0241.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.739] SetLastError (dwErrCode=0x0) [0241.739] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml") returned 0x6e [0241.740] GetLastError () returned 0x0 [0241.740] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.740] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.740] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.740] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.740] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.740] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.vclibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml")) returned 0 [0241.740] GetLastError () returned 0x5 [0241.740] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.vclibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml")) returned 0x20 [0241.740] SetLastError (dwErrCode=0x5) [0241.740] GetLastError () returned 0x5 [0241.740] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.740] LocalFree (hMem=0x9509e0) returned 0x0 [0241.740] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.741] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.741] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.741] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33664727202) returned 1 [0241.741] GetCurrentThreadId () returned 0x1130 [0241.741] GetCurrentThreadId () returned 0x1130 [0241.741] GetCurrentThreadId () returned 0x1130 [0241.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i~id:6!>KuE6r&Rm@S4Gh?3=i", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0241.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i~id:6!>KuE6r&Rm@S4Gh?3=i", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0241.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i~id:6!>KuE6r&Rm@S4Gh?3=i", cchWideChar=25, lpMultiByteStr=0x2508420, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="i~id:6!>KuE6r&Rm@S4Gh?3=i", lpUsedDefaultChar=0x0) returned 25 [0241.741] GetCurrentThreadId () returned 0x1130 [0241.741] GetCurrentThreadId () returned 0x1130 [0241.741] GetCurrentThreadId () returned 0x1130 [0241.741] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.742] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [324].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [324].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.742] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [324].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [324].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [324].WANNACASH NCOV v310320") returned 0x7e [0241.742] GetLastError () returned 0x5 [0241.742] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.742] LocalFree (hMem=0x9508c0) returned 0x0 [0241.742] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.742] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.742] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.742] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.743] CloseHandle (hObject=0x404) returned 1 [0241.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.743] SetLastError (dwErrCode=0x0) [0241.743] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x6b [0241.743] GetLastError () returned 0x0 [0241.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.743] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.743] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.744] GetLastError () returned 0x5 [0241.744] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.744] SetLastError (dwErrCode=0x5) [0241.744] GetLastError () returned 0x5 [0241.744] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.744] LocalFree (hMem=0x950a40) returned 0x0 [0241.744] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.754] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.754] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.754] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33666054826) returned 1 [0241.754] GetCurrentThreadId () returned 0x1130 [0241.755] GetCurrentThreadId () returned 0x1130 [0241.755] GetCurrentThreadId () returned 0x1130 [0241.755] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!@1.HGbuUDgF;43/!%gF№\\?2nk", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0241.755] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!@1.HGbuUDgF;43/!%gF№\\?2nk", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0241.755] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!@1.HGbuUDgF;43/!%gF№\\?2nk", cchWideChar=26, lpMultiByteStr=0x2508420, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="!@1.HGbuUDgF;43/!%gFâ\x84\x96\\?2nk\x10\x80P\x02¸\x88O", lpUsedDefaultChar=0x0) returned 28 [0241.755] GetCurrentThreadId () returned 0x1130 [0241.755] GetCurrentThreadId () returned 0x1130 [0241.755] GetCurrentThreadId () returned 0x1130 [0241.755] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.755] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [325].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [325].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.755] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [325].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [325].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [325].WANNACASH NCOV v310320") returned 0x7e [0241.755] GetLastError () returned 0x5 [0241.755] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.755] LocalFree (hMem=0x950b30) returned 0x0 [0241.755] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.755] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.756] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.756] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.756] CloseHandle (hObject=0x404) returned 1 [0241.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.757] SetLastError (dwErrCode=0x0) [0241.757] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml") returned 0x66 [0241.757] GetLastError () returned 0x0 [0241.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.757] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.757] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml")) returned 0 [0241.758] GetLastError () returned 0x5 [0241.758] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.758] SetLastError (dwErrCode=0x5) [0241.758] GetLastError () returned 0x5 [0241.758] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ഐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.758] LocalFree (hMem=0x950d10) returned 0x0 [0241.758] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.758] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.759] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.apprep.chxapp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0241.760] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33666585148) returned 1 [0241.760] GetCurrentThreadId () returned 0x1130 [0241.760] GetCurrentThreadId () returned 0x1130 [0241.760] GetCurrentThreadId () returned 0x1130 [0241.760] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}tk6+8JjF.gtJwbn4<-№%>S1}.", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0241.760] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}tk6+8JjF.gtJwbn4<-№%>S1}.", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0241.760] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}tk6+8JjF.gtJwbn4<-№%>S1}.", cchWideChar=26, lpMultiByteStr=0x2508420, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="}tk6+8JjF.gtJwbn4<-â\x84\x96%>S1}.\x10\x80P\x02¸\x88O", lpUsedDefaultChar=0x0) returned 28 [0241.760] GetCurrentThreadId () returned 0x1130 [0241.760] GetCurrentThreadId () returned 0x1130 [0241.760] GetCurrentThreadId () returned 0x1130 [0241.760] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.apprep.chxapp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.760] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [326].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [326].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.761] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [326].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [326].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [326].WANNACASH NCOV v310320") returned 0x7e [0241.761] GetLastError () returned 0x5 [0241.761] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੀ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.761] LocalFree (hMem=0x950a40) returned 0x0 [0241.761] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.761] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.761] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.762] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.762] CloseHandle (hObject=0x404) returned 1 [0241.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.762] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.763] SetLastError (dwErrCode=0x0) [0241.763] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", lpFilePart=0x19e458*="Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml") returned 0x83 [0241.763] GetLastError () returned 0x0 [0241.763] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.763] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.763] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.763] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.763] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.763] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.apprep.chxapp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0 [0241.763] GetLastError () returned 0x5 [0241.763] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.apprep.chxapp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0241.764] SetLastError (dwErrCode=0x5) [0241.764] GetLastError () returned 0x5 [0241.764] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.764] LocalFree (hMem=0x9509e0) returned 0x0 [0241.764] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.765] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.765] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.assignedaccesslockapp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0241.766] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33667174782) returned 1 [0241.766] GetCurrentThreadId () returned 0x1130 [0241.766] GetCurrentThreadId () returned 0x1130 [0241.766] GetCurrentThreadId () returned 0x1130 [0241.766] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!i_\\%;-ejS|IK:+348*-t7l!#JMA77+3QZYu#4N\\O", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0241.766] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!i_\\%;-ejS|IK:+348*-t7l!#JMA77+3QZYu#4N\\O", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0241.766] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!i_\\%;-ejS|IK:+348*-t7l!#JMA77+3QZYu#4N\\O", cchWideChar=41, lpMultiByteStr=0x2525040, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="!i_\\%;-ejS|IK:+348*-t7l!#JMA77+3QZYu#4N\\O)Gc©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 41 [0241.766] GetCurrentThreadId () returned 0x1130 [0241.766] GetCurrentThreadId () returned 0x1130 [0241.766] GetCurrentThreadId () returned 0x1130 [0241.766] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.assignedaccesslockapp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.766] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [327].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [327].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.766] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [327].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [327].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [327].WANNACASH NCOV v310320") returned 0x7e [0241.767] GetLastError () returned 0x5 [0241.767] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੰ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.767] LocalFree (hMem=0x950a70) returned 0x0 [0241.767] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.767] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.767] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.767] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.768] CloseHandle (hObject=0x404) returned 1 [0241.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.768] SetLastError (dwErrCode=0x0) [0241.768] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", lpFilePart=0x19e458*="Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml") returned 0x8b [0241.768] GetLastError () returned 0x0 [0241.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.768] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.769] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.assignedaccesslockapp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0 [0241.769] GetLastError () returned 0x5 [0241.769] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.assignedaccesslockapp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0241.769] SetLastError (dwErrCode=0x5) [0241.769] GetLastError () returned 0x5 [0241.769] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.769] LocalFree (hMem=0x9509e0) returned 0x0 [0241.769] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.770] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.771] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.cloudexperiencehost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0241.771] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33667715435) returned 1 [0241.771] GetCurrentThreadId () returned 0x1130 [0241.771] GetCurrentThreadId () returned 0x1130 [0241.771] GetCurrentThreadId () returned 0x1130 [0241.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#>%sug5%?FT\"~c4V*#}DmRn{_№w", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#>%sug5%?FT\"~c4V*#}DmRn{_№w", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#>%sug5%?FT\"~c4V*#}DmRn{_№w", cchWideChar=27, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="#>%sug5%?FT\"~c4V*#}DmRn{_â\x84\x96wjEp(E4d\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 29 [0241.771] GetCurrentThreadId () returned 0x1130 [0241.771] GetCurrentThreadId () returned 0x1130 [0241.771] GetCurrentThreadId () returned 0x1130 [0241.772] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.cloudexperiencehost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.772] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [328].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [328].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.772] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [328].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [328].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [328].WANNACASH NCOV v310320") returned 0x7e [0241.772] GetLastError () returned 0x5 [0241.772] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੰ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.772] LocalFree (hMem=0x950a70) returned 0x0 [0241.772] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.772] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.772] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.773] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.773] CloseHandle (hObject=0x404) returned 1 [0241.773] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.773] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.773] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.774] SetLastError (dwErrCode=0x0) [0241.774] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", lpFilePart=0x19e458*="Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml") returned 0x87 [0241.774] GetLastError () returned 0x0 [0241.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.774] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.774] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.cloudexperiencehost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0 [0241.776] GetLastError () returned 0x5 [0241.776] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.cloudexperiencehost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0241.776] SetLastError (dwErrCode=0x5) [0241.776] GetLastError () returned 0x5 [0241.776] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.776] LocalFree (hMem=0x9509e0) returned 0x0 [0241.776] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.777] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.777] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.contentdeliverymanager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0241.778] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33668370991) returned 1 [0241.778] GetCurrentThreadId () returned 0x1130 [0241.778] GetCurrentThreadId () returned 0x1130 [0241.778] GetCurrentThreadId () returned 0x1130 [0241.778] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ar|IQ(nd(~er@,3f&wsHw8VSLdc-^6PNeZqta", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0241.778] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ar|IQ(nd(~er@,3f&wsHw8VSLdc-^6PNeZqta", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0241.778] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ar|IQ(nd(~er@,3f&wsHw8VSLdc-^6PNeZqta", cchWideChar=37, lpMultiByteStr=0x2524fd0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ar|IQ(nd(~er@,3f&wsHw8VSLdc-^6PNeZqta", lpUsedDefaultChar=0x0) returned 37 [0241.778] GetCurrentThreadId () returned 0x1130 [0241.778] GetCurrentThreadId () returned 0x1130 [0241.778] GetCurrentThreadId () returned 0x1130 [0241.778] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.contentdeliverymanager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.778] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [329].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [329].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.778] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [329].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [329].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [329].WANNACASH NCOV v310320") returned 0x7e [0241.778] GetLastError () returned 0x5 [0241.778] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.779] LocalFree (hMem=0x950b90) returned 0x0 [0241.779] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.779] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.779] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.779] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.779] CloseHandle (hObject=0x404) returned 1 [0241.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.780] SetLastError (dwErrCode=0x0) [0241.780] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", lpFilePart=0x19e458*="Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml") returned 0x8a [0241.780] GetLastError () returned 0x0 [0241.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.780] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.780] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.contentdeliverymanager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0 [0241.781] GetLastError () returned 0x5 [0241.781] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.contentdeliverymanager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0241.781] SetLastError (dwErrCode=0x5) [0241.781] GetLastError () returned 0x5 [0241.781] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ീ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.781] LocalFree (hMem=0x950d40) returned 0x0 [0241.781] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.782] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.782] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0241.782] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33668832855) returned 1 [0241.782] GetCurrentThreadId () returned 0x1130 [0241.782] GetCurrentThreadId () returned 0x1130 [0241.782] GetCurrentThreadId () returned 0x1130 [0241.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"f5Z/5:ph№4№45B|2DZ5{m6;NF|8FGu-N&6Ps+jt?R4E", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0241.789] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\/)F\"Sql6kEf&=U7kJN!r_N4|lpV5nbk,/WtHq>?R4E", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0241.789] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\/)F\"Sql6kEf&=U7kJN!r_N4|lpV5nbk,/WtHq>?R4E", cchWideChar=43, lpMultiByteStr=0x2525040, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\/)F\"Sql6kEf&=U7kJN!r_N4|lpV5nbk,/WtHq>?R4Ec©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 43 [0241.789] GetCurrentThreadId () returned 0x1130 [0241.789] GetCurrentThreadId () returned 0x1130 [0241.789] GetCurrentThreadId () returned 0x1130 [0241.789] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.holographicfirstrun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.789] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [331].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [331].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.789] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [331].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [331].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [331].WANNACASH NCOV v310320") returned 0x7e [0241.789] GetLastError () returned 0x5 [0241.789] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ਐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.789] LocalFree (hMem=0x950a10) returned 0x0 [0241.789] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.789] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.790] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.800] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.800] CloseHandle (hObject=0x404) returned 1 [0241.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.800] SetLastError (dwErrCode=0x0) [0241.800] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", lpFilePart=0x19e458*="Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml") returned 0x87 [0241.800] GetLastError () returned 0x0 [0241.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.800] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.801] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.801] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.801] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.holographicfirstrun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0 [0241.801] GetLastError () returned 0x5 [0241.801] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.holographicfirstrun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0241.801] SetLastError (dwErrCode=0x5) [0241.801] GetLastError () returned 0x5 [0241.801] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.801] LocalFree (hMem=0x950950) returned 0x0 [0241.801] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.802] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.802] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.modalsharepickerhost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0241.803] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33670873249) returned 1 [0241.803] GetCurrentThreadId () returned 0x1130 [0241.803] GetCurrentThreadId () returned 0x1130 [0241.803] GetCurrentThreadId () returned 0x1130 [0241.803] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="bzsVEvS?=@#;\"&W_JH$ft+.@h\"?*?jb9/+!RjIMn!TdLTL=", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0241.827] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$ft+.@h\"?*?jb9/+!RjIMn!TdLTL=", cchWideChar=44, lpMultiByteStr=0x2524fd0, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$ft+.@h\"?*?jb9/+!RjIMn!TdLTL=qPR\x02\x01", lpUsedDefaultChar=0x0) returned 44 [0241.827] GetCurrentThreadId () returned 0x1130 [0241.827] GetCurrentThreadId () returned 0x1130 [0241.827] GetCurrentThreadId () returned 0x1130 [0241.827] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.828] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [337].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [337].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.828] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [337].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [337].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [337].WANNACASH NCOV v310320") returned 0x7e [0241.828] GetLastError () returned 0x5 [0241.828] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.828] LocalFree (hMem=0x950c50) returned 0x0 [0241.828] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.828] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.828] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.829] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.829] CloseHandle (hObject=0x404) returned 1 [0241.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.829] SetLastError (dwErrCode=0x0) [0241.829] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml") returned 0x83 [0241.829] GetLastError () returned 0x0 [0241.830] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.830] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.830] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.830] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.830] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.830] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0 [0241.830] GetLastError () returned 0x5 [0241.830] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.830] SetLastError (dwErrCode=0x5) [0241.830] GetLastError () returned 0x5 [0241.830] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.830] LocalFree (hMem=0x9509e0) returned 0x0 [0241.830] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.831] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.831] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.831] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33673758577) returned 1 [0241.832] GetCurrentThreadId () returned 0x1130 [0241.832] GetCurrentThreadId () returned 0x1130 [0241.832] GetCurrentThreadId () returned 0x1130 [0241.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TA^puP@+G`RU_l4;^$w)OiV7EviiN", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TA^puP@+G`RU_l4;^$w)OiV7EviiN", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.832] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TA^puP@+G`RU_l4;^$w)OiV7EviiN", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TA^puP@+G`RU_l4;^$w)OiV7EviiNjEp(E4d\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 29 [0241.832] GetCurrentThreadId () returned 0x1130 [0241.832] GetCurrentThreadId () returned 0x1130 [0241.832] GetCurrentThreadId () returned 0x1130 [0241.832] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.832] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [338].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [338].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.832] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [338].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [338].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [338].WANNACASH NCOV v310320") returned 0x7e [0241.832] GetLastError () returned 0x5 [0241.832] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣰ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.832] LocalFree (hMem=0x9508f0) returned 0x0 [0241.832] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.832] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.833] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.833] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.833] CloseHandle (hObject=0x404) returned 1 [0241.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.834] SetLastError (dwErrCode=0x0) [0241.834] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml") returned 0x70 [0241.834] GetLastError () returned 0x0 [0241.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.834] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.834] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml")) returned 0 [0241.834] GetLastError () returned 0x5 [0241.834] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0241.835] SetLastError (dwErrCode=0x5) [0241.835] GetLastError () returned 0x5 [0241.835] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.835] LocalFree (hMem=0x950c50) returned 0x0 [0241.835] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.835] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.836] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.836] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33674200485) returned 1 [0241.836] GetCurrentThreadId () returned 0x1130 [0241.836] GetCurrentThreadId () returned 0x1130 [0241.836] GetCurrentThreadId () returned 0x1130 [0241.836] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rQn.w4{,sr_jLC{6Ag#2-OU>u9$(", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0241.836] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rQn.w4{,sr_jLC{6Ag#2-OU>u9$(", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0241.836] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="rQn.w4{,sr_jLC{6Ag#2-OU>u9$(", cchWideChar=28, lpMultiByteStr=0x2508420, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rQn.w4{,sr_jLC{6Ag#2-OU>u9$(\x10\x80P\x02¸\x88O", lpUsedDefaultChar=0x0) returned 28 [0241.836] GetCurrentThreadId () returned 0x1130 [0241.836] GetCurrentThreadId () returned 0x1130 [0241.836] GetCurrentThreadId () returned 0x1130 [0241.836] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.836] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [339].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [339].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.837] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [339].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [339].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [339].WANNACASH NCOV v310320") returned 0x7e [0241.839] GetLastError () returned 0x5 [0241.839] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.839] LocalFree (hMem=0x950950) returned 0x0 [0241.839] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.839] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.840] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.840] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.840] CloseHandle (hObject=0x404) returned 1 [0241.840] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.841] SetLastError (dwErrCode=0x0) [0241.841] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x79 [0241.841] GetLastError () returned 0x0 [0241.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.841] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.841] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.841] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.841] GetLastError () returned 0x5 [0241.842] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_2015.1001.17200.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.842] SetLastError (dwErrCode=0x5) [0241.842] GetLastError () returned 0x5 [0241.842] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.842] LocalFree (hMem=0x950b90) returned 0x0 [0241.842] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.842] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.843] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.843] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33674906956) returned 1 [0241.843] GetCurrentThreadId () returned 0x1130 [0241.843] GetCurrentThreadId () returned 0x1130 [0241.843] GetCurrentThreadId () returned 0x1130 [0241.843] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="%7GB№S{wwUp;zW6_sH/\"~l``Q,h~EV\"", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0241.843] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="%7GB№S{wwUp;zW6_sH/\"~l``Q,h~EV\"", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0241.843] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="%7GB№S{wwUp;zW6_sH/\"~l``Q,h~EV\"", cchWideChar=31, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="%7GBâ\x84\x96S{wwUp;zW6_sH/\"~l``Q,h~EV\"E4d\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 33 [0241.843] GetCurrentThreadId () returned 0x1130 [0241.843] GetCurrentThreadId () returned 0x1130 [0241.843] GetCurrentThreadId () returned 0x1130 [0241.843] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.844] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [340].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [340].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.844] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [340].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [340].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [340].WANNACASH NCOV v310320") returned 0x7e [0241.844] GetLastError () returned 0x5 [0241.844] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.844] LocalFree (hMem=0x9509e0) returned 0x0 [0241.844] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.844] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.844] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.845] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.845] CloseHandle (hObject=0x404) returned 1 [0241.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.845] SetLastError (dwErrCode=0x0) [0241.845] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x77 [0241.845] GetLastError () returned 0x0 [0241.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.846] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.846] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.846] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.846] GetLastError () returned 0x5 [0241.846] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.846] SetLastError (dwErrCode=0x5) [0241.846] GetLastError () returned 0x5 [0241.846] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.846] LocalFree (hMem=0x950c50) returned 0x0 [0241.846] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.847] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.847] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.sechealthui_10.0.15063.0_neutral__cw5n1h2txyewy.xml")) returned 0x20 [0241.847] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33675363428) returned 1 [0241.848] GetCurrentThreadId () returned 0x1130 [0241.848] GetCurrentThreadId () returned 0x1130 [0241.848] GetCurrentThreadId () returned 0x1130 [0241.848] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2v?u<:DRNYbXk?scUPimc^Iz>d{MY|I*1", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0241.848] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2v?u<:DRNYbXk?scUPimc^Iz>d{MY|I*1", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0241.848] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2v?u<:DRNYbXk?scUPimc^Iz>d{MY|I*1", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="2v?u<:DRNYbXk?scUPimc^Iz>d{MY|I*1E4d\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 33 [0241.848] GetCurrentThreadId () returned 0x1130 [0241.848] GetCurrentThreadId () returned 0x1130 [0241.848] GetCurrentThreadId () returned 0x1130 [0241.848] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.sechealthui_10.0.15063.0_neutral__cw5n1h2txyewy.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.848] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [341].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [341].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.848] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [341].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [341].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [341].WANNACASH NCOV v310320") returned 0x7e [0241.848] GetLastError () returned 0x5 [0241.848] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.848] LocalFree (hMem=0x950c50) returned 0x0 [0241.848] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.848] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.849] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.849] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.849] CloseHandle (hObject=0x404) returned 1 [0241.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.850] SetLastError (dwErrCode=0x0) [0241.850] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", lpFilePart=0x19e458*="Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml") returned 0x78 [0241.850] GetLastError () returned 0x0 [0241.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.850] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.850] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.850] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.sechealthui_10.0.15063.0_neutral__cw5n1h2txyewy.xml")) returned 0 [0241.851] GetLastError () returned 0x5 [0241.851] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.sechealthui_10.0.15063.0_neutral__cw5n1h2txyewy.xml")) returned 0x20 [0241.851] SetLastError (dwErrCode=0x5) [0241.851] GetLastError () returned 0x5 [0241.851] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ච\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.851] LocalFree (hMem=0x950da0) returned 0x0 [0241.851] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.851] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.852] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.SecondaryTileExperience_10.0.0.0_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.secondarytileexperience_10.0.0.0_neutral__cw5n1h2txyewy.xml")) returned 0x20 [0241.852] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33675829883) returned 1 [0241.852] GetCurrentThreadId () returned 0x1130 [0241.852] GetCurrentThreadId () returned 0x1130 [0241.852] GetCurrentThreadId () returned 0x1130 [0241.852] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="S>,)RQz>4dMcv+me#/X~zI№C|-MS*", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0241.867] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\":8TK^^S?2lm*>)RQz>4dMcv+me#/X~zI№C|-MS*", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0241.867] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\":8TK^^S?2lm*>)RQz>4dMcv+me#/X~zI№C|-MS*", cchWideChar=40, lpMultiByteStr=0x2524fd0, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\":8TK^^S?2lm*>)RQz>4dMcv+me#/X~zIâ\x84\x96C|-MS*L=qPR\x02\x01", lpUsedDefaultChar=0x0) returned 42 [0241.867] GetCurrentThreadId () returned 0x1130 [0241.867] GetCurrentThreadId () returned 0x1130 [0241.867] GetCurrentThreadId () returned 0x1130 [0241.867] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.windowpicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.867] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [345].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [345].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.867] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [345].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [345].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [345].WANNACASH NCOV v310320") returned 0x7e [0241.867] GetLastError () returned 0x5 [0241.867] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="௰\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.867] LocalFree (hMem=0x950bf0) returned 0x0 [0241.867] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.867] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.868] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.869] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.869] CloseHandle (hObject=0x404) returned 1 [0241.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.870] SetLastError (dwErrCode=0x0) [0241.870] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", lpFilePart=0x19e458*="Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml") returned 0x7b [0241.870] GetLastError () returned 0x0 [0241.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0241.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0241.870] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.870] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.windowpicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml")) returned 0 [0241.871] GetLastError () returned 0x5 [0241.871] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.Windows.WindowPicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windows.windowpicker_10.0.15063.332_neutral__cw5n1h2txyewy.xml")) returned 0x20 [0241.871] SetLastError (dwErrCode=0x5) [0241.871] GetLastError () returned 0x5 [0241.871] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="฀\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.871] LocalFree (hMem=0x950e00) returned 0x0 [0241.871] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.872] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.872] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsalarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.876] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33678210172) returned 1 [0241.876] GetCurrentThreadId () returned 0x1130 [0241.876] GetCurrentThreadId () returned 0x1130 [0241.876] GetCurrentThreadId () returned 0x1130 [0241.876] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="U<`#N9hxi\"ht9s^^~`swB{j4Cp", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0241.876] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="U<`#N9hxi\"ht9s^^~`swB{j4Cp", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0241.876] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="U<`#N9hxi\"ht9s^^~`swB{j4Cp", cchWideChar=26, lpMultiByteStr=0x2508420, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="U<`#N9hxi\"ht9s^^~`swB{j4Cp", lpUsedDefaultChar=0x0) returned 26 [0241.876] GetCurrentThreadId () returned 0x1130 [0241.876] GetCurrentThreadId () returned 0x1130 [0241.876] GetCurrentThreadId () returned 0x1130 [0241.876] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsalarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.877] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [346].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [346].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.877] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [346].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [346].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [346].WANNACASH NCOV v310320") returned 0x7e [0241.877] GetLastError () returned 0x5 [0241.877] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.877] LocalFree (hMem=0x9509e0) returned 0x0 [0241.877] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.877] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.877] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.878] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.878] CloseHandle (hObject=0x404) returned 1 [0241.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.878] SetLastError (dwErrCode=0x0) [0241.878] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml") returned 0x84 [0241.878] GetLastError () returned 0x0 [0241.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.879] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.879] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsalarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0 [0241.879] GetLastError () returned 0x5 [0241.879] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsalarms_10.1510.12020.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.879] SetLastError (dwErrCode=0x5) [0241.879] GetLastError () returned 0x5 [0241.879] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ീ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.879] LocalFree (hMem=0x950d40) returned 0x0 [0241.879] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.880] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.880] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsalarms_10.1702.333.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.881] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33678676897) returned 1 [0241.881] GetCurrentThreadId () returned 0x1130 [0241.881] GetCurrentThreadId () returned 0x1130 [0241.881] GetCurrentThreadId () returned 0x1130 [0241.881] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="+r;33VBaFu1_#7wIAjJ5C?:$(KE`<", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.881] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="+r;33VBaFu1_#7wIAjJ5C?:$(KE`<", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0241.881] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="+r;33VBaFu1_#7wIAjJ5C?:$(KE`<", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="+r;33VBaFu1_#7wIAjJ5C?:$(KE`j;Q!Kvj", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0241.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4$-lmq($Y\"<j;Q!Kvj", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0241.988] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4$-lmq($Y\"<j;Q!Kvj", cchWideChar=28, lpMultiByteStr=0x2508420, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4$-lmq($Y\"<j;Q!Kvj\x10\x80P\x02¸\x88O", lpUsedDefaultChar=0x0) returned 28 [0241.988] GetCurrentThreadId () returned 0x1130 [0241.988] GetCurrentThreadId () returned 0x1130 [0241.988] GetCurrentThreadId () returned 0x1130 [0241.988] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.988] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [358].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [358].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.989] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [358].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [358].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [358].WANNACASH NCOV v310320") returned 0x7e [0241.989] GetLastError () returned 0x5 [0241.989] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ච\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0241.989] LocalFree (hMem=0x950da0) returned 0x0 [0241.989] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.989] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.989] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.990] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.990] CloseHandle (hObject=0x404) returned 1 [0241.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.990] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.990] SetLastError (dwErrCode=0x0) [0241.990] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml") returned 0x83 [0241.990] GetLastError () returned 0x0 [0241.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.991] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.991] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0 [0241.991] GetLastError () returned 0x5 [0241.991] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2015.1071.40.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0241.992] SetLastError (dwErrCode=0x5) [0241.992] GetLastError () returned 0x5 [0241.992] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ૐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.992] LocalFree (hMem=0x950ad0) returned 0x0 [0241.992] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.992] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.993] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.993] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33689937934) returned 1 [0241.993] GetCurrentThreadId () returned 0x1130 [0241.993] GetCurrentThreadId () returned 0x1130 [0241.993] GetCurrentThreadId () returned 0x1130 [0241.993] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rwd,2p}CC82vP,&3X`+&+}tGsZHFZZ#V", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0241.993] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rwd,2p}CC82vP,&3X`+&+}tGsZHFZZ#V", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0241.993] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Rwd,2p}CC82vP,&3X`+&+}tGsZHFZZ#V", cchWideChar=32, lpMultiByteStr=0x250f7b8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Rwd,2p}CC82vP,&3X`+&+}tGsZHFZZ#V;I?d\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 32 [0241.994] GetCurrentThreadId () returned 0x1130 [0241.994] GetCurrentThreadId () returned 0x1130 [0241.994] GetCurrentThreadId () returned 0x1130 [0241.994] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.994] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [359].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [359].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.994] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [359].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [359].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [359].WANNACASH NCOV v310320") returned 0x7e [0241.994] GetLastError () returned 0x5 [0241.994] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="๠\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0241.994] LocalFree (hMem=0x950e60) returned 0x0 [0241.994] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.994] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0241.995] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.995] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0241.995] CloseHandle (hObject=0x404) returned 1 [0241.996] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.996] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.996] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.996] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.996] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.996] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.996] SetLastError (dwErrCode=0x0) [0241.996] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x75 [0241.996] GetLastError () returned 0x0 [0241.996] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.996] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.996] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0241.996] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0241.996] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0241.996] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0241.996] GetLastError () returned 0x5 [0241.996] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2015.1071.40.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.997] SetLastError (dwErrCode=0x5) [0241.997] GetLastError () returned 0x5 [0241.997] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0241.997] LocalFree (hMem=0x950b90) returned 0x0 [0241.997] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0241.997] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0241.998] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0241.998] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33690432150) returned 1 [0241.998] GetCurrentThreadId () returned 0x1130 [0241.998] GetCurrentThreadId () returned 0x1130 [0241.998] GetCurrentThreadId () returned 0x1130 [0241.998] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(j@L!3SV@5qXQCam!O4;P5>WeL&", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0241.998] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(j@L!3SV@5qXQCam!O4;P5>WeL&", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0241.998] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(j@L!3SV@5qXQCam!O4;P5>WeL&", cchWideChar=27, lpMultiByteStr=0x2508420, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="(j@L!3SV@5qXQCam!O4;P5>WeL&", lpUsedDefaultChar=0x0) returned 27 [0241.998] GetCurrentThreadId () returned 0x1130 [0241.999] GetCurrentThreadId () returned 0x1130 [0241.999] GetCurrentThreadId () returned 0x1130 [0241.999] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0241.999] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [360].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [360].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0241.999] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [360].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [360].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [360].WANNACASH NCOV v310320") returned 0x7e [0241.999] GetLastError () returned 0x5 [0241.999] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ഐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0241.999] LocalFree (hMem=0x950d10) returned 0x0 [0241.999] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0241.999] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.000] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.000] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.000] CloseHandle (hObject=0x404) returned 1 [0242.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.001] SetLastError (dwErrCode=0x0) [0242.001] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x74 [0242.001] GetLastError () returned 0x0 [0242.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.001] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.001] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0242.002] GetLastError () returned 0x5 [0242.002] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.002] SetLastError (dwErrCode=0x5) [0242.002] GetLastError () returned 0x5 [0242.002] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.002] LocalFree (hMem=0x950b30) returned 0x0 [0242.002] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.002] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.003] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0242.003] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33690923364) returned 1 [0242.003] GetCurrentThreadId () returned 0x1130 [0242.003] GetCurrentThreadId () returned 0x1130 [0242.003] GetCurrentThreadId () returned 0x1130 [0242.003] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FHXXg\"Tx#3FRgyXr;oolHl`(=+f", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0242.003] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FHXXg\"Tx#3FRgyXr;oolHl`(=+f", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0242.003] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FHXXg\"Tx#3FRgyXr;oolHl`(=+f", cchWideChar=27, lpMultiByteStr=0x2508420, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FHXXg\"Tx#3FRgyXr;oolHl`(=+f", lpUsedDefaultChar=0x0) returned 27 [0242.003] GetCurrentThreadId () returned 0x1130 [0242.003] GetCurrentThreadId () returned 0x1130 [0242.003] GetCurrentThreadId () returned 0x1130 [0242.004] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.004] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [361].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [361].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.004] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [361].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [361].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [361].WANNACASH NCOV v310320") returned 0x7e [0242.004] GetLastError () returned 0x5 [0242.004] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ೠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.004] LocalFree (hMem=0x950ce0) returned 0x0 [0242.004] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.004] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.004] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.005] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.005] CloseHandle (hObject=0x404) returned 1 [0242.005] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.005] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.005] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.005] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.005] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.006] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.006] SetLastError (dwErrCode=0x0) [0242.006] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml") returned 0x6f [0242.006] GetLastError () returned 0x0 [0242.006] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.006] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.006] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.006] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.006] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.006] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml")) returned 0 [0242.006] GetLastError () returned 0x5 [0242.006] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0242.006] SetLastError (dwErrCode=0x5) [0242.006] GetLastError () returned 0x5 [0242.006] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.007] LocalFree (hMem=0x950dd0) returned 0x0 [0242.007] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.007] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.008] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0242.008] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33691406125) returned 1 [0242.008] GetCurrentThreadId () returned 0x1130 [0242.008] GetCurrentThreadId () returned 0x1130 [0242.008] GetCurrentThreadId () returned 0x1130 [0242.008] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9EFs&cILBW;%eZ&$)*t$6J%_{Q>$`MvG){4cqq+RBs~dw", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0242.008] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9EFs&cILBW;%eZ&$)*t$6J%_{Q>$`MvG){4cqq+RBs~dw", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0242.008] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9EFs&cILBW;%eZ&$)*t$6J%_{Q>$`MvG){4cqq+RBs~dw", cchWideChar=45, lpMultiByteStr=0x25337d8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9EFs&cILBW;%eZ&$)*t$6J%_{Q>$`MvG){4cqq+RBs~dwEKaMw^R", lpUsedDefaultChar=0x0) returned 45 [0242.008] GetCurrentThreadId () returned 0x1130 [0242.008] GetCurrentThreadId () returned 0x1130 [0242.008] GetCurrentThreadId () returned 0x1130 [0242.008] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.009] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [362].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [362].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.009] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [362].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [362].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [362].WANNACASH NCOV v310320") returned 0x7e [0242.009] GetLastError () returned 0x5 [0242.009] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ච\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.009] LocalFree (hMem=0x950da0) returned 0x0 [0242.009] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.009] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.010] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.010] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.010] CloseHandle (hObject=0x404) returned 1 [0242.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.011] SetLastError (dwErrCode=0x0) [0242.011] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml") returned 0x7d [0242.011] GetLastError () returned 0x0 [0242.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.011] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.011] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml")) returned 0 [0242.011] GetLastError () returned 0x5 [0242.012] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0242.012] SetLastError (dwErrCode=0x5) [0242.012] GetLastError () returned 0x5 [0242.012] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.012] LocalFree (hMem=0x950dd0) returned 0x0 [0242.012] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.012] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.013] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\microsoft.windowscommunicationsapps_2015.6308.42271.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowscommunicationsapps_2015.6308.42271.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.013] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33691912073) returned 1 [0242.013] GetCurrentThreadId () returned 0x1130 [0242.013] GetCurrentThreadId () returned 0x1130 [0242.013] GetCurrentThreadId () returned 0x1130 [0242.013] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=",eS9>>1zLOq}\")=u665VqwGN(,w,=u665VqwGN(,w,=u665VqwGN(,w,=u665VqwGN(,w,TFtGK7k;5*d?UCHr}l{n", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0242.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="El^lHA(%`y№w\"|MSD\"(vT>TFtGK7k;5*d?UCHr}l{n", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0242.156] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="El^lHA(%`y№w\"|MSD\"(vT>TFtGK7k;5*d?UCHr}l{n", cchWideChar=42, lpMultiByteStr=0x2525040, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="El^lHA(%`yâ\x84\x96w\"|MSD\"(vT>TFtGK7k;5*d?UCHr}l{n©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 44 [0242.156] GetCurrentThreadId () returned 0x1130 [0242.156] GetCurrentThreadId () returned 0x1130 [0242.157] GetCurrentThreadId () returned 0x1130 [0242.157] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowssoundrecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.157] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [379].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [379].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.157] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [379].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [379].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [379].WANNACASH NCOV v310320") returned 0x7e [0242.157] GetLastError () returned 0x5 [0242.157] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.157] LocalFree (hMem=0x950b30) returned 0x0 [0242.157] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.157] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.157] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.158] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.158] CloseHandle (hObject=0x404) returned 1 [0242.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.158] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.159] SetLastError (dwErrCode=0x0) [0242.159] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml") returned 0x76 [0242.159] GetLastError () returned 0x0 [0242.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.159] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.159] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.159] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowssoundrecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml")) returned 0 [0242.159] GetLastError () returned 0x5 [0242.159] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowssoundrecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0242.159] SetLastError (dwErrCode=0x5) [0242.159] GetLastError () returned 0x5 [0242.159] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.160] LocalFree (hMem=0x9508c0) returned 0x0 [0242.160] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.160] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.160] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowssoundrecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.161] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33706676069) returned 1 [0242.161] GetCurrentThreadId () returned 0x1130 [0242.161] GetCurrentThreadId () returned 0x1130 [0242.161] GetCurrentThreadId () returned 0x1130 [0242.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ll5KV&RXcUFqe8!cc№Uq)Y=_m/`KARJMz-lwD(d9(p8№k", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0242.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ll5KV&RXcUFqe8!cc№Uq)Y=_m/`KARJMz-lwD(d9(p8№k", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0242.161] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Ll5KV&RXcUFqe8!cc№Uq)Y=_m/`KARJMz-lwD(d9(p8№k", cchWideChar=45, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Ll5KV&RXcUFqe8!ccâ\x84\x96Uq)Y=_m/`KARJMz-lwD(d9(p8â\x84\x96kw^R", lpUsedDefaultChar=0x0) returned 49 [0242.161] GetCurrentThreadId () returned 0x1130 [0242.161] GetCurrentThreadId () returned 0x1130 [0242.161] GetCurrentThreadId () returned 0x1130 [0242.161] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowssoundrecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.161] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [380].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [380].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.162] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [380].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [380].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [380].WANNACASH NCOV v310320") returned 0x7e [0242.162] GetLastError () returned 0x5 [0242.162] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.162] LocalFree (hMem=0x9509e0) returned 0x0 [0242.162] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.162] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.162] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.162] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.163] CloseHandle (hObject=0x404) returned 1 [0242.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.163] SetLastError (dwErrCode=0x0) [0242.163] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x7d [0242.163] GetLastError () returned 0x0 [0242.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.163] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.164] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowssoundrecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0242.164] GetLastError () returned 0x5 [0242.164] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowssoundrecorder_2015.1012.110.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.164] SetLastError (dwErrCode=0x5) [0242.164] GetLastError () returned 0x5 [0242.164] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ਐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.164] LocalFree (hMem=0x950a10) returned 0x0 [0242.164] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.165] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.165] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsSoundRecorder_2017.130.1208.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowssoundrecorder_2017.130.1208.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.165] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33707156124) returned 1 [0242.165] GetCurrentThreadId () returned 0x1130 [0242.166] GetCurrentThreadId () returned 0x1130 [0242.166] GetCurrentThreadId () returned 0x1130 [0242.166] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=";j}\"X9@/=ZBHU", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0242.185] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K9IFyize%qbFR+Qk`.o9IKUGGG,\"xlV$Z>;j}\"X9@/=ZBHU", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0242.185] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K9IFyize%qbFR+Qk`.o9IKUGGG,\"xlV$Z>;j}\"X9@/=ZBHU", cchWideChar=47, lpMultiByteStr=0x25337d8, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="K9IFyize%qbFR+Qk`.o9IKUGGG,\"xlV$Z>;j}\"X9@/=ZBHU\x96kw^R", lpUsedDefaultChar=0x0) returned 47 [0242.185] GetCurrentThreadId () returned 0x1130 [0242.185] GetCurrentThreadId () returned 0x1130 [0242.185] GetCurrentThreadId () returned 0x1130 [0242.185] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsstore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.185] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [385].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [385].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.186] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [385].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [385].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [385].WANNACASH NCOV v310320") returned 0x7e [0242.186] GetLastError () returned 0x5 [0242.186] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.186] LocalFree (hMem=0x950950) returned 0x0 [0242.186] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.186] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.186] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.186] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.187] CloseHandle (hObject=0x404) returned 1 [0242.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.187] SetLastError (dwErrCode=0x0) [0242.187] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml") returned 0x80 [0242.187] GetLastError () returned 0x0 [0242.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.187] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.187] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsstore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0 [0242.188] GetLastError () returned 0x5 [0242.188] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsstore_2015.10.13.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0242.188] SetLastError (dwErrCode=0x5) [0242.188] GetLastError () returned 0x5 [0242.188] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.188] LocalFree (hMem=0x950c50) returned 0x0 [0242.188] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.188] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.189] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsstore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.189] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33709519642) returned 1 [0242.189] GetCurrentThreadId () returned 0x1130 [0242.189] GetCurrentThreadId () returned 0x1130 [0242.189] GetCurrentThreadId () returned 0x1130 [0242.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9:kr:\"NvNuP;fkAGPkVWVM>ZKrav?zhrK", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0242.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9:kr:\"NvNuP;fkAGPkVWVM>ZKrav?zhrK", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0242.189] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9:kr:\"NvNuP;fkAGPkVWVM>ZKrav?zhrK", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9:kr:\"NvNuP;fkAGPkVWVM>ZKrav?zhrK3jO\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 33 [0242.189] GetCurrentThreadId () returned 0x1130 [0242.189] GetCurrentThreadId () returned 0x1130 [0242.189] GetCurrentThreadId () returned 0x1130 [0242.190] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsstore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.190] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [386].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [386].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.190] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [386].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [386].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [386].WANNACASH NCOV v310320") returned 0x7e [0242.190] GetLastError () returned 0x5 [0242.190] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.190] LocalFree (hMem=0x950950) returned 0x0 [0242.190] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.190] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.190] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.191] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.191] CloseHandle (hObject=0x404) returned 1 [0242.191] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.191] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.191] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.191] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.191] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.191] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.191] SetLastError (dwErrCode=0x0) [0242.191] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x74 [0242.191] GetLastError () returned 0x0 [0242.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.192] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.192] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsstore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0242.192] GetLastError () returned 0x5 [0242.192] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.WindowsStore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.windowsstore_2015.1013.14.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.195] SetLastError (dwErrCode=0x5) [0242.195] GetLastError () returned 0x5 [0242.195] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.195] LocalFree (hMem=0x950b90) returned 0x0 [0242.195] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.196] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.196] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.196] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33710252127) returned 1 [0242.196] GetCurrentThreadId () returned 0x1130 [0242.196] GetCurrentThreadId () returned 0x1130 [0242.196] GetCurrentThreadId () returned 0x1130 [0242.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"-IL_D=*8&NE7}cqu$bjdQDNZ4g;W`)b%ud", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0242.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"-IL_D=*8&NE7}cqu$bjdQDNZ4g;W`)b%ud", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0242.197] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"-IL_D=*8&NE7}cqu$bjdQDNZ4g;W`)b%ud", cchWideChar=35, lpMultiByteStr=0x250f7b8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"-IL_D=*8&NE7}cqu$bjdQDNZ4g;W`)b%udO\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 35 [0242.197] GetCurrentThreadId () returned 0x1130 [0242.197] GetCurrentThreadId () returned 0x1130 [0242.197] GetCurrentThreadId () returned 0x1130 [0242.197] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.197] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [387].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [387].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.197] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [387].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [387].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [387].WANNACASH NCOV v310320") returned 0x7e [0242.197] GetLastError () returned 0x5 [0242.197] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.197] LocalFree (hMem=0x950950) returned 0x0 [0242.197] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.197] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.198] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.198] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.198] CloseHandle (hObject=0x404) returned 1 [0242.199] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.199] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.199] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.199] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.199] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.199] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.199] SetLastError (dwErrCode=0x0) [0242.199] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x6f [0242.199] GetLastError () returned 0x0 [0242.199] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.199] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.199] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.199] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.199] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.199] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0242.199] GetLastError () returned 0x5 [0242.200] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_2015.930.526.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.200] SetLastError (dwErrCode=0x5) [0242.200] GetLastError () returned 0x5 [0242.200] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.200] LocalFree (hMem=0x9509e0) returned 0x0 [0242.200] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.200] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.201] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.201] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33710708635) returned 1 [0242.201] GetCurrentThreadId () returned 0x1130 [0242.201] GetCurrentThreadId () returned 0x1130 [0242.201] GetCurrentThreadId () returned 0x1130 [0242.201] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcUR(h(e^4c\">q#/~\\>+kyNEI>R(Cpdie6", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0242.201] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcUR(h(e^4c\">q#/~\\>+kyNEI>R(Cpdie6", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0242.201] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AcUR(h(e^4c\">q#/~\\>+kyNEI>R(Cpdie6", cchWideChar=34, lpMultiByteStr=0x250f7b8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AcUR(h(e^4c\">q#/~\\>+kyNEI>R(Cpdie6dO\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 34 [0242.201] GetCurrentThreadId () returned 0x1130 [0242.201] GetCurrentThreadId () returned 0x1130 [0242.201] GetCurrentThreadId () returned 0x1130 [0242.201] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.202] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [388].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [388].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.202] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [388].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [388].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [388].WANNACASH NCOV v310320") returned 0x7e [0242.202] GetLastError () returned 0x5 [0242.202] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.202] LocalFree (hMem=0x950b90) returned 0x0 [0242.202] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.202] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.202] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.203] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.203] CloseHandle (hObject=0x404) returned 1 [0242.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.203] SetLastError (dwErrCode=0x0) [0242.203] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x70 [0242.203] GetLastError () returned 0x0 [0242.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.204] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.204] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.204] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0242.204] GetLastError () returned 0x5 [0242.204] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.204] SetLastError (dwErrCode=0x5) [0242.204] GetLastError () returned 0x5 [0242.204] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ೠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.204] LocalFree (hMem=0x950ce0) returned 0x0 [0242.204] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.205] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.205] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml")) returned 0x20 [0242.205] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33711143854) returned 1 [0242.205] GetCurrentThreadId () returned 0x1130 [0242.205] GetCurrentThreadId () returned 0x1130 [0242.205] GetCurrentThreadId () returned 0x1130 [0242.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cQ~KgD^|eG+#VH>6!n6re\"Ry+unWmgm(=JhKZP2hIChl)P>7", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0242.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cQ~KgD^|eG+#VH>6!n6re\"Ry+unWmgm(=JhKZP2hIChl)P>7", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0242.206] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cQ~KgD^|eG+#VH>6!n6re\"Ry+unWmgm(=JhKZP2hIChl)P>7", cchWideChar=48, lpMultiByteStr=0x25337d8, cbMultiByte=48, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cQ~KgD^|eG+#VH>6!n6re\"Ry+unWmgm(=JhKZP2hIChl)P>7kw^R", lpUsedDefaultChar=0x0) returned 48 [0242.206] GetCurrentThreadId () returned 0x1130 [0242.206] GetCurrentThreadId () returned 0x1130 [0242.206] GetCurrentThreadId () returned 0x1130 [0242.206] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.206] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [389].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [389].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.206] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [389].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [389].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [389].WANNACASH NCOV v310320") returned 0x7e [0242.206] GetLastError () returned 0x5 [0242.206] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣰ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.206] LocalFree (hMem=0x9508f0) returned 0x0 [0242.206] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.206] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.207] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.207] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.207] CloseHandle (hObject=0x404) returned 1 [0242.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.208] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.208] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.208] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.208] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.208] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.208] SetLastError (dwErrCode=0x0) [0242.208] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml") returned 0x7c [0242.208] GetLastError () returned 0x0 [0242.208] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.209] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.209] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.209] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.209] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.209] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml")) returned 0 [0242.209] GetLastError () returned 0x5 [0242.209] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml")) returned 0x20 [0242.209] SetLastError (dwErrCode=0x5) [0242.209] GetLastError () returned 0x5 [0242.209] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.209] LocalFree (hMem=0x950b30) returned 0x0 [0242.209] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.210] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.210] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml")) returned 0x20 [0242.211] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33711671005) returned 1 [0242.211] GetCurrentThreadId () returned 0x1130 [0242.211] GetCurrentThreadId () returned 0x1130 [0242.211] GetCurrentThreadId () returned 0x1130 [0242.211] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P6t!mS9DbNN4%%*f^`№u9I5zB155>w@)dFQX5@xQMi;", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0242.211] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P6t!mS9DbNN4%%*f^`№u9I5zB155>w@)dFQX5@xQMi;", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0242.211] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P6t!mS9DbNN4%%*f^`№u9I5zB155>w@)dFQX5@xQMi;", cchWideChar=43, lpMultiByteStr=0x25337d8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="P6t!mS9DbNN4%%*f^`â\x84\x96u9I5zB155>w@)dFQX5@xQMi;P>7kw^R", lpUsedDefaultChar=0x0) returned 45 [0242.211] GetCurrentThreadId () returned 0x1130 [0242.211] GetCurrentThreadId () returned 0x1130 [0242.211] GetCurrentThreadId () returned 0x1130 [0242.211] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.211] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [390].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [390].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.211] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [390].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [390].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [390].WANNACASH NCOV v310320") returned 0x7e [0242.211] GetLastError () returned 0x5 [0242.211] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.212] LocalFree (hMem=0x9508c0) returned 0x0 [0242.212] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.212] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.212] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.212] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.212] CloseHandle (hObject=0x404) returned 1 [0242.213] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.213] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.213] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.213] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.213] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.213] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.213] SetLastError (dwErrCode=0x0) [0242.213] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml") returned 0x7c [0242.213] GetLastError () returned 0x0 [0242.213] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.213] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.213] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.213] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.213] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.213] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml")) returned 0 [0242.214] GetLastError () returned 0x5 [0242.214] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml")) returned 0x20 [0242.214] SetLastError (dwErrCode=0x5) [0242.214] GetLastError () returned 0x5 [0242.214] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ഐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.214] LocalFree (hMem=0x950d10) returned 0x0 [0242.214] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.214] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.214] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0242.215] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33712083735) returned 1 [0242.215] GetCurrentThreadId () returned 0x1130 [0242.215] GetCurrentThreadId () returned 0x1130 [0242.215] GetCurrentThreadId () returned 0x1130 [0242.215] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7\"VQBI@ECh8aIVNxlO&,qOt6K}\\*LIhuJ/|,", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0242.215] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7\"VQBI@ECh8aIVNxlO&,qOt6K}\\*LIhuJ/|,", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0242.215] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7\"VQBI@ECh8aIVNxlO&,qOt6K}\\*LIhuJ/|,", cchWideChar=36, lpMultiByteStr=0x250f7b8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7\"VQBI@ECh8aIVNxlO&,qOt6K}\\*LIhuJ/|,\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 36 [0242.215] GetCurrentThreadId () returned 0x1130 [0242.215] GetCurrentThreadId () returned 0x1130 [0242.215] GetCurrentThreadId () returned 0x1130 [0242.215] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_x64__8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.215] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [391].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [391].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.215] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [391].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [391].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [391].WANNACASH NCOV v310320") returned 0x7e [0242.216] GetLastError () returned 0x5 [0242.216] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.216] LocalFree (hMem=0x950dd0) returned 0x0 [0242.216] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.216] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.216] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.216] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.216] CloseHandle (hObject=0x404) returned 1 [0242.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.217] SetLastError (dwErrCode=0x0) [0242.217] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml") returned 0x69 [0242.217] GetLastError () returned 0x0 [0242.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.217] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.217] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_x64__8wekyb3d8bbwe.xml")) returned 0 [0242.218] GetLastError () returned 0x5 [0242.218] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxapp_25.25.13009.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0242.218] SetLastError (dwErrCode=0x5) [0242.218] GetLastError () returned 0x5 [0242.218] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.218] LocalFree (hMem=0x950c50) returned 0x0 [0242.218] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.218] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.219] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgamecallableui_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0242.219] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33712531419) returned 1 [0242.219] GetCurrentThreadId () returned 0x1130 [0242.219] GetCurrentThreadId () returned 0x1130 [0242.219] GetCurrentThreadId () returned 0x1130 [0242.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8dC3x8DHV&KnKtwS,bodDEbK_-(#|", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0242.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8dC3x8DHV&KnKtwS,bodDEbK_-(#|", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0242.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8dC3x8DHV&KnKtwS,bodDEbK_-(#|", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8dC3x8DHV&KnKtwS,bodDEbK_-(#|IhuJ/|,\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 29 [0242.219] GetCurrentThreadId () returned 0x1130 [0242.219] GetCurrentThreadId () returned 0x1130 [0242.220] GetCurrentThreadId () returned 0x1130 [0242.220] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgamecallableui_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.220] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [392].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [392].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.220] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [392].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [392].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [392].WANNACASH NCOV v310320") returned 0x7e [0242.220] GetLastError () returned 0x5 [0242.220] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.220] LocalFree (hMem=0x950b30) returned 0x0 [0242.220] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.220] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.220] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.221] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.221] CloseHandle (hObject=0x404) returned 1 [0242.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0242.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0242.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0242.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0242.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0242.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0242.222] SetLastError (dwErrCode=0x0) [0242.222] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", lpFilePart=0x19e458*="Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml") returned 0x80 [0242.222] GetLastError () returned 0x0 [0242.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0242.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0242.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=8) returned 1 [0242.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml", cchCount2=4) returned 1 [0242.222] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.222] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgamecallableui_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0 [0242.222] GetLastError () returned 0x5 [0242.222] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgamecallableui_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml")) returned 0x20 [0242.222] SetLastError (dwErrCode=0x5) [0242.222] GetLastError () returned 0x5 [0242.222] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.222] LocalFree (hMem=0x9508c0) returned 0x0 [0242.222] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.223] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.224] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgameoverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0242.224] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33713010690) returned 1 [0242.224] GetCurrentThreadId () returned 0x1130 [0242.224] GetCurrentThreadId () returned 0x1130 [0242.224] GetCurrentThreadId () returned 0x1130 [0242.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DYT)fW~\\>+>_%~L@V.N\\M*;j!Y)gmVvy,*dmt9g:lGM|M", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0242.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DYT)fW~\\>+>_%~L@V.N\\M*;j!Y)gmVvy,*dmt9g:lGM|M", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0242.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DYT)fW~\\>+>_%~L@V.N\\M*;j!Y)gmVvy,*dmt9g:lGM|M", cchWideChar=45, lpMultiByteStr=0x25337d8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DYT)fW~\\>+>_%~L@V.N\\M*;j!Y)gmVvy,*dmt9g:lGM|MP>7kw^R", lpUsedDefaultChar=0x0) returned 45 [0242.224] GetCurrentThreadId () returned 0x1130 [0242.224] GetCurrentThreadId () returned 0x1130 [0242.224] GetCurrentThreadId () returned 0x1130 [0242.224] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgameoverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.225] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [393].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [393].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.225] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [393].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [393].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [393].WANNACASH NCOV v310320") returned 0x7e [0242.225] GetLastError () returned 0x5 [0242.225] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.225] LocalFree (hMem=0x950dd0) returned 0x0 [0242.225] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.225] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.225] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.226] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.226] CloseHandle (hObject=0x404) returned 1 [0242.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.226] SetLastError (dwErrCode=0x0) [0242.226] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml") returned 0x82 [0242.226] GetLastError () returned 0x0 [0242.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.226] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.227] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.227] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgameoverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0 [0242.227] GetLastError () returned 0x5 [0242.227] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgameoverlay_1.15.2003.0_neutral_split.scale-100_8wekyb3d8bbwe.xml")) returned 0x20 [0242.227] SetLastError (dwErrCode=0x5) [0242.227] GetLastError () returned 0x5 [0242.227] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ਐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.227] LocalFree (hMem=0x950a10) returned 0x0 [0242.227] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.228] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.228] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgameoverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.228] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33713461286) returned 1 [0242.229] GetCurrentThreadId () returned 0x1130 [0242.229] GetCurrentThreadId () returned 0x1130 [0242.229] GetCurrentThreadId () returned 0x1130 [0242.229] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tn/&VO6mvi/~bDA}xh/TTq\"?hO\\h=9G((#axZo8j>pE?", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0242.229] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tn/&VO6mvi/~bDA}xh/TTq\"?hO\\h=9G((#axZo8j>pE?", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0242.229] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="tn/&VO6mvi/~bDA}xh/TTq\"?hO\\h=9G((#axZo8j>pE?", cchWideChar=44, lpMultiByteStr=0x2524fd0, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="tn/&VO6mvi/~bDA}xh/TTq\"?hO\\h=9G((#axZo8j>pE?qPR\x02\x01", lpUsedDefaultChar=0x0) returned 44 [0242.229] GetCurrentThreadId () returned 0x1130 [0242.229] GetCurrentThreadId () returned 0x1130 [0242.229] GetCurrentThreadId () returned 0x1130 [0242.229] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgameoverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.229] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [394].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [394].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.229] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [394].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [394].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [394].WANNACASH NCOV v310320") returned 0x7e [0242.229] GetLastError () returned 0x5 [0242.229] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.229] LocalFree (hMem=0x950c50) returned 0x0 [0242.229] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.229] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.230] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.230] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.230] CloseHandle (hObject=0x404) returned 1 [0242.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.231] SetLastError (dwErrCode=0x0) [0242.231] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml") returned 0x74 [0242.231] GetLastError () returned 0x0 [0242.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.231] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.231] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgameoverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0 [0242.231] GetLastError () returned 0x5 [0242.231] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgameoverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml")) returned 0x20 [0242.232] SetLastError (dwErrCode=0x5) [0242.232] GetLastError () returned 0x5 [0242.232] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ഐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.232] LocalFree (hMem=0x950d10) returned 0x0 [0242.232] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.232] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.233] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.xboxgameoverlay_1.15.2003.0_x64__8wekyb3d8bbwe.xml")) returned 0x20 [0242.233] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33713896392) returned 1 [0242.233] GetCurrentThreadId () returned 0x1130 [0242.233] GetCurrentThreadId () returned 0x1130 [0242.233] GetCurrentThreadId () returned 0x1130 [0242.233] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fPHiQV\\LH@S~E(yfkN6+h+(7kw^R", lpUsedDefaultChar=0x0) returned 45 [0242.279] GetCurrentThreadId () returned 0x1130 [0242.279] GetCurrentThreadId () returned 0x1130 [0242.279] GetCurrentThreadId () returned 0x1130 [0242.279] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.zunemusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.279] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [402].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [402].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.279] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [402].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Файл зашифрован. Пиши. Почта clubnika@elude.in [402].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [402].WANNACASH NCOV v310320") returned 0x7e [0242.279] GetLastError () returned 0x5 [0242.279] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.279] LocalFree (hMem=0x950c50) returned 0x0 [0242.279] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.279] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.279] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.280] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.280] CloseHandle (hObject=0x404) returned 1 [0242.280] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.280] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.280] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.280] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.280] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.280] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.280] SetLastError (dwErrCode=0x0) [0242.280] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", lpFilePart=0x19e458*="Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml") returned 0x85 [0242.281] GetLastError () returned 0x0 [0242.281] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.281] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.281] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", cchCount2=8) returned 1 [0242.281] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml", cchCount2=4) returned 1 [0242.281] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository")) returned 0x10 [0242.281] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.zunemusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml")) returned 0 [0242.281] GetLastError () returned 0x5 [0242.281] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.zunemusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe.xml")) returned 0x20 [0242.281] SetLastError (dwErrCode=0x5) [0242.281] GetLastError () returned 0x5 [0242.281] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.281] LocalFree (hMem=0x950b90) returned 0x0 [0242.281] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.282] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.282] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-200_8wekyb3d8bbwe.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\microsoft.zunemusic_10.16112.11621.0_neutral_resources.scale-200_8wekyb3d8bbwe.xml")) returned 0x20 [0242.282] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33718848055) returned 1 [0242.282] GetCurrentThreadId () returned 0x1130 [0242.282] GetCurrentThreadId () returned 0x1130 [0242.282] GetCurrentThreadId () returned 0x1130 [0242.282] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"SOUBi5QIn1CU\"XDfa.1f=^Xw=W?|C/7/Nj*x^#+yS1", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0242.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TAX}t?wHbl(y1N\"9M}R~j^ffKd1OtIx~>/Nj*x^#+yS1", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0242.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TAX}t?wHbl(y1N\"9M}R~j^ffKd1OtIx~>/Nj*x^#+yS1", cchWideChar=44, lpMultiByteStr=0x2525040, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TAX}t?wHbl(y1N\"9M}R~j^ffKd1OtIx~>/Nj*x^#+yS1©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 44 [0242.367] GetCurrentThreadId () returned 0x1130 [0242.367] GetCurrentThreadId () returned 0x1130 [0242.367] GetCurrentThreadId () returned 0x1130 [0242.367] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\desktopview_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.368] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [420].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\desktopview_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [420].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.368] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [420].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [420].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [420].WANNACASH NCOV v310320") returned 0xc0 [0242.368] GetLastError () returned 0x5 [0242.368] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.368] LocalFree (hMem=0x950950) returned 0x0 [0242.368] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.368] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.368] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.368] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.369] CloseHandle (hObject=0x404) returned 1 [0242.369] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.369] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.369] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.369] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.369] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.369] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.369] SetLastError (dwErrCode=0x0) [0242.369] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x88 [0242.369] GetLastError () returned 0x0 [0242.369] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.369] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.369] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.369] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.369] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\desktopview_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy")) returned 0x10 [0242.369] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\desktopview_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.370] GetLastError () returned 0x5 [0242.370] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\desktopview_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.370] SetLastError (dwErrCode=0x5) [0242.370] GetLastError () returned 0x5 [0242.370] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.370] LocalFree (hMem=0x950950) returned 0x0 [0242.370] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.372] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.372] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\e2a4f912-2574-4a75-9bb0-0d023378592b_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.374] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33727971936) returned 1 [0242.374] GetCurrentThreadId () returned 0x1130 [0242.374] GetCurrentThreadId () returned 0x1130 [0242.374] GetCurrentThreadId () returned 0x1130 [0242.374] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}/K{zQ-1yQDFr#V<7vh||)vYYi55`CV.5NO6/4?UcBf+#`^+@", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0242.374] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}/K{zQ-1yQDFr#V<7vh||)vYYi55`CV.5NO6/4?UcBf+#`^+@", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0242.374] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}/K{zQ-1yQDFr#V<7vh||)vYYi55`CV.5NO6/4?UcBf+#`^+@", cchWideChar=49, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="}/K{zQ-1yQDFr#V<7vh||)vYYi55`CV.5NO6/4?UcBf+#`^+@w^R", lpUsedDefaultChar=0x0) returned 49 [0242.374] GetCurrentThreadId () returned 0x1130 [0242.374] GetCurrentThreadId () returned 0x1130 [0242.374] GetCurrentThreadId () returned 0x1130 [0242.374] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\e2a4f912-2574-4a75-9bb0-0d023378592b_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.374] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [421].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\e2a4f912-2574-4a75-9bb0-0d023378592b_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [421].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.374] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [421].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [421].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [421].WANNACASH NCOV v310320") returned 0xd9 [0242.374] GetLastError () returned 0x5 [0242.374] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.374] LocalFree (hMem=0x950c50) returned 0x0 [0242.374] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.374] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.375] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.375] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.375] CloseHandle (hObject=0x404) returned 1 [0242.375] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.375] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.375] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.376] SetLastError (dwErrCode=0x0) [0242.376] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0xa1 [0242.376] GetLastError () returned 0x0 [0242.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.376] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\e2a4f912-2574-4a75-9bb0-0d023378592b_10.0.15063.332_neutral_neutral_cw5n1h2txyewy")) returned 0x10 [0242.376] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\e2a4f912-2574-4a75-9bb0-0d023378592b_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.376] GetLastError () returned 0x5 [0242.376] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\e2a4f912-2574-4a75-9bb0-0d023378592b_10.0.15063.332_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.376] SetLastError (dwErrCode=0x5) [0242.376] GetLastError () returned 0x5 [0242.376] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ಀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.376] LocalFree (hMem=0x950c80) returned 0x0 [0242.376] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.377] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.377] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\environmentsapp_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.433] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33733960155) returned 1 [0242.434] GetCurrentThreadId () returned 0x1130 [0242.434] GetCurrentThreadId () returned 0x1130 [0242.434] GetCurrentThreadId () returned 0x1130 [0242.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="oHjo№J|nXzT{i|9QUQ4X5hulu7QH}BjsF>jV№", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0242.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="oHjo№J|nXzT{i|9QUQ4X5hulu7QH}BjsF>jV№", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0242.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="oHjo№J|nXzT{i|9QUQ4X5hulu7QH}BjsF>jV№", cchWideChar=37, lpMultiByteStr=0x2524fd0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="oHjoâ\x84\x96J|nXzT{i|9QUQ4X5hulu7QH}BjsF>jVâ\x84\x96pE?qPR\x02\x01", lpUsedDefaultChar=0x0) returned 41 [0242.434] GetCurrentThreadId () returned 0x1130 [0242.434] GetCurrentThreadId () returned 0x1130 [0242.434] GetCurrentThreadId () returned 0x1130 [0242.434] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\environmentsapp_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.434] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [422].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\environmentsapp_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [422].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.434] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [422].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [422].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [422].WANNACASH NCOV v310320") returned 0xbb [0242.434] GetLastError () returned 0x5 [0242.434] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.434] LocalFree (hMem=0x950b30) returned 0x0 [0242.435] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.435] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.435] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.435] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.435] CloseHandle (hObject=0x404) returned 1 [0242.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.436] SetLastError (dwErrCode=0x0) [0242.436] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x83 [0242.436] GetLastError () returned 0x0 [0242.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.436] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\environmentsapp_10.0.15063.0_neutral__cw5n1h2txyewy")) returned 0x10 [0242.436] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\environmentsapp_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.437] GetLastError () returned 0x5 [0242.437] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\environmentsapp_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.437] SetLastError (dwErrCode=0x5) [0242.437] GetLastError () returned 0x5 [0242.437] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.437] LocalFree (hMem=0x950dd0) returned 0x0 [0242.437] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.437] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.438] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holocamera_1.0.0.5_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.440] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33734569637) returned 1 [0242.440] GetCurrentThreadId () returned 0x1130 [0242.440] GetCurrentThreadId () returned 0x1130 [0242.440] GetCurrentThreadId () returned 0x1130 [0242.440] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DB<;.)_W12Kg9.>:;X>(u/R23gx,_,(l=>teV=z@D=G5/5>4h", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0242.440] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DB<;.)_W12Kg9.>:;X>(u/R23gx,_,(l=>teV=z@D=G5/5>4h", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0242.440] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DB<;.)_W12Kg9.>:;X>(u/R23gx,_,(l=>teV=z@D=G5/5>4h", cchWideChar=49, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DB<;.)_W12Kg9.>:;X>(u/R23gx,_,(l=>teV=z@D=G5/5>4hw^R", lpUsedDefaultChar=0x0) returned 49 [0242.440] GetCurrentThreadId () returned 0x1130 [0242.440] GetCurrentThreadId () returned 0x1130 [0242.440] GetCurrentThreadId () returned 0x1130 [0242.440] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holocamera_1.0.0.5_neutral__cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.440] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [423].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holocamera_1.0.0.5_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [423].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.440] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [423].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [423].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [423].WANNACASH NCOV v310320") returned 0xb1 [0242.440] GetLastError () returned 0x5 [0242.440] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ච\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.440] LocalFree (hMem=0x950da0) returned 0x0 [0242.440] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.440] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.441] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.441] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.441] CloseHandle (hObject=0x404) returned 1 [0242.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.442] SetLastError (dwErrCode=0x0) [0242.442] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x79 [0242.442] GetLastError () returned 0x0 [0242.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.442] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.442] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holocamera_1.0.0.5_neutral__cw5n1h2txyewy")) returned 0x10 [0242.442] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holocamera_1.0.0.5_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.442] GetLastError () returned 0x5 [0242.442] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holocamera_1.0.0.5_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.442] SetLastError (dwErrCode=0x5) [0242.442] GetLastError () returned 0x5 [0242.442] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.443] LocalFree (hMem=0x950b30) returned 0x0 [0242.443] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.443] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.443] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoitemplayerapp_1.0.0.2_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.445] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33735164872) returned 1 [0242.446] GetCurrentThreadId () returned 0x1130 [0242.446] GetCurrentThreadId () returned 0x1130 [0242.446] GetCurrentThreadId () returned 0x1130 [0242.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qV7zk|u-GY\"H*5+Xm`{m;?2$=№|q", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0242.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qV7zk|u-GY\"H*5+Xm`{m;?2$=№|q", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0242.446] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="qV7zk|u-GY\"H*5+Xm`{m;?2$=№|q", cchWideChar=28, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="qV7zk|u-GY\"H*5+Xm`{m;?2$=â\x84\x96|qYOsG3C\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 30 [0242.446] GetCurrentThreadId () returned 0x1130 [0242.446] GetCurrentThreadId () returned 0x1130 [0242.446] GetCurrentThreadId () returned 0x1130 [0242.446] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoitemplayerapp_1.0.0.2_neutral__cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.446] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [424].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoitemplayerapp_1.0.0.2_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [424].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.446] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [424].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [424].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [424].WANNACASH NCOV v310320") returned 0xb8 [0242.446] GetLastError () returned 0x5 [0242.446] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.446] LocalFree (hMem=0x950dd0) returned 0x0 [0242.446] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.446] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.447] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.447] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.447] CloseHandle (hObject=0x404) returned 1 [0242.448] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.448] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.448] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.448] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.448] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.448] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.448] SetLastError (dwErrCode=0x0) [0242.448] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x80 [0242.448] GetLastError () returned 0x0 [0242.448] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.448] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.448] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.448] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.448] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoitemplayerapp_1.0.0.2_neutral__cw5n1h2txyewy")) returned 0x10 [0242.448] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoitemplayerapp_1.0.0.2_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.448] GetLastError () returned 0x5 [0242.448] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoitemplayerapp_1.0.0.2_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.448] SetLastError (dwErrCode=0x5) [0242.448] GetLastError () returned 0x5 [0242.449] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.449] LocalFree (hMem=0x9509e0) returned 0x0 [0242.449] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.449] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.449] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoshell_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.451] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33735708809) returned 1 [0242.451] GetCurrentThreadId () returned 0x1130 [0242.451] GetCurrentThreadId () returned 0x1130 [0242.451] GetCurrentThreadId () returned 0x1130 [0242.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fyL*CCXX$mm2T1ouT;m@KZ}6+*2eC\\", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0242.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fyL*CCXX$mm2T1ouT;m@KZ}6+*2eC\\", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0242.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fyL*CCXX$mm2T1ouT;m@KZ}6+*2eC\\", cchWideChar=30, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fyL*CCXX$mm2T1ouT;m@KZ}6+*2eC\\YOsG3C\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 30 [0242.451] GetCurrentThreadId () returned 0x1130 [0242.451] GetCurrentThreadId () returned 0x1130 [0242.451] GetCurrentThreadId () returned 0x1130 [0242.463] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoshell_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.464] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [425].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoshell_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [425].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.465] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [425].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [425].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [425].WANNACASH NCOV v310320") returned 0xb5 [0242.465] GetLastError () returned 0x5 [0242.465] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="௰\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.465] LocalFree (hMem=0x950bf0) returned 0x0 [0242.465] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.465] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.465] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.466] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.466] CloseHandle (hObject=0x404) returned 1 [0242.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.466] SetLastError (dwErrCode=0x0) [0242.466] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x7d [0242.466] GetLastError () returned 0x0 [0242.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.467] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoshell_10.0.15063.0_neutral__cw5n1h2txyewy")) returned 0x10 [0242.467] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoshell_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.467] GetLastError () returned 0x5 [0242.467] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\holoshell_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.467] SetLastError (dwErrCode=0x5) [0242.467] GetLastError () returned 0x5 [0242.467] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="฀\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.467] LocalFree (hMem=0x950e00) returned 0x0 [0242.467] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.468] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.468] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.3dbuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.470] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33737578223) returned 1 [0242.470] GetCurrentThreadId () returned 0x1130 [0242.470] GetCurrentThreadId () returned 0x1130 [0242.470] GetCurrentThreadId () returned 0x1130 [0242.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="NR&}aUqER|/B*g8TO.\\u+mWf^(d(}H?:i", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0242.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="NR&}aUqER|/B*g8TO.\\u+mWf^(d(}H?:i", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0242.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="NR&}aUqER|/B*g8TO.\\u+mWf^(d(}H?:i", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NR&}aUqER|/B*g8TO.\\u+mWf^(d(}H?:iG3C\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 33 [0242.470] GetCurrentThreadId () returned 0x1130 [0242.470] GetCurrentThreadId () returned 0x1130 [0242.470] GetCurrentThreadId () returned 0x1130 [0242.470] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.3dbuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.470] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [426].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.3dbuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [426].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.470] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [426].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [426].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [426].WANNACASH NCOV v310320") returned 0xbb [0242.470] GetLastError () returned 0x5 [0242.470] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.470] LocalFree (hMem=0x950950) returned 0x0 [0242.471] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.471] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.471] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.472] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.472] CloseHandle (hObject=0x404) returned 1 [0242.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.473] SetLastError (dwErrCode=0x0) [0242.473] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x83 [0242.473] GetLastError () returned 0x0 [0242.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.473] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.3dbuilder_13.0.10349.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.473] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.3dbuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.473] GetLastError () returned 0x5 [0242.473] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.3dbuilder_13.0.10349.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.473] SetLastError (dwErrCode=0x5) [0242.473] GetLastError () returned 0x5 [0242.473] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="๠\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.473] LocalFree (hMem=0x950e60) returned 0x0 [0242.473] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.474] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.474] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.aad.brokerplugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.478] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33738411456) returned 1 [0242.478] GetCurrentThreadId () returned 0x1130 [0242.478] GetCurrentThreadId () returned 0x1130 [0242.478] GetCurrentThreadId () returned 0x1130 [0242.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vqF{+$)PkM@k*td)_MQF8/s_6.QZaoq@3)/F|{%_", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0242.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vqF{+$)PkM@k*td)_MQF8/s_6.QZaoq@3)/F|{%_", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0242.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vqF{+$)PkM@k*td)_MQF8/s_6.QZaoq@3)/F|{%_", cchWideChar=40, lpMultiByteStr=0x2525040, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vqF{+$)PkM@k*td)_MQF8/s_6.QZaoq@3)/F|{%_+yS1©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 40 [0242.478] GetCurrentThreadId () returned 0x1130 [0242.478] GetCurrentThreadId () returned 0x1130 [0242.478] GetCurrentThreadId () returned 0x1130 [0242.478] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.aad.brokerplugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.479] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [427].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.aad.brokerplugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [427].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.479] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [427].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [427].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [427].WANNACASH NCOV v310320") returned 0xcf [0242.479] GetLastError () returned 0x5 [0242.479] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ಀ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.479] LocalFree (hMem=0x950c80) returned 0x0 [0242.479] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.479] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.479] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.480] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.480] CloseHandle (hObject=0x404) returned 1 [0242.480] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.481] SetLastError (dwErrCode=0x0) [0242.481] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x97 [0242.481] GetLastError () returned 0x0 [0242.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.481] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.aad.brokerplugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy")) returned 0x10 [0242.481] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.aad.brokerplugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.481] GetLastError () returned 0x5 [0242.482] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.aad.brokerplugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.482] SetLastError (dwErrCode=0x5) [0242.482] GetLastError () returned 0x5 [0242.482] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ච\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.482] LocalFree (hMem=0x950da0) returned 0x0 [0242.482] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.482] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.483] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.accountscontrol_10.0.15063.447_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.484] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33739062837) returned 1 [0242.485] GetCurrentThreadId () returned 0x1130 [0242.485] GetCurrentThreadId () returned 0x1130 [0242.485] GetCurrentThreadId () returned 0x1130 [0242.485] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="U5P4!K{8:l>R=&~b|&8g5&=iJgN4", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0242.485] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="U5P4!K{8:l>R=&~b|&8g5&=iJgN4", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0242.485] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="U5P4!K{8:l>R=&~b|&8g5&=iJgN4", cchWideChar=28, lpMultiByteStr=0x2508420, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="U5P4!K{8:l>R=&~b|&8g5&=iJgN4\x10\x80P\x02¸\x88O", lpUsedDefaultChar=0x0) returned 28 [0242.485] GetCurrentThreadId () returned 0x1130 [0242.485] GetCurrentThreadId () returned 0x1130 [0242.485] GetCurrentThreadId () returned 0x1130 [0242.485] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.accountscontrol_10.0.15063.447_neutral__cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.485] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [428].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.accountscontrol_10.0.15063.447_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [428].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.485] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [428].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [428].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [428].WANNACASH NCOV v310320") returned 0xc7 [0242.485] GetLastError () returned 0x5 [0242.485] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.486] LocalFree (hMem=0x9509e0) returned 0x0 [0242.486] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.486] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.486] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.486] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.486] CloseHandle (hObject=0x404) returned 1 [0242.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.487] SetLastError (dwErrCode=0x0) [0242.487] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x8f [0242.487] GetLastError () returned 0x0 [0242.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.487] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.accountscontrol_10.0.15063.447_neutral__cw5n1h2txyewy")) returned 0x10 [0242.488] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.accountscontrol_10.0.15063.447_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.488] GetLastError () returned 0x5 [0242.488] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.AccountsControl_10.0.15063.447_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.accountscontrol_10.0.15063.447_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.488] SetLastError (dwErrCode=0x5) [0242.488] GetLastError () returned 0x5 [0242.488] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.488] LocalFree (hMem=0x950b30) returned 0x0 [0242.488] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.489] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.489] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.490] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33739658867) returned 1 [0242.491] GetCurrentThreadId () returned 0x1130 [0242.491] GetCurrentThreadId () returned 0x1130 [0242.491] GetCurrentThreadId () returned 0x1130 [0242.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":kGKcea/}UWCC-l9;5rm4Zv@dYFVbLhxgnKyt#Oy~e", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0242.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":kGKcea/}UWCC-l9;5rm4Zv@dYFVbLhxgnKyt#Oy~e", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0242.491] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":kGKcea/}UWCC-l9;5rm4Zv@dYFVbLhxgnKyt#Oy~e", cchWideChar=42, lpMultiByteStr=0x2524fd0, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=":kGKcea/}UWCC-l9;5rm4Zv@dYFVbLhxgnKyt#Oy~eE?qPR\x02\x01", lpUsedDefaultChar=0x0) returned 42 [0242.491] GetCurrentThreadId () returned 0x1130 [0242.491] GetCurrentThreadId () returned 0x1130 [0242.491] GetCurrentThreadId () returned 0x1130 [0242.491] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.491] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [429].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [429].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.491] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [429].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [429].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [429].WANNACASH NCOV v310320") returned 0xc1 [0242.491] GetLastError () returned 0x5 [0242.491] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.491] LocalFree (hMem=0x950b30) returned 0x0 [0242.491] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.492] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.492] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.492] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.492] CloseHandle (hObject=0x404) returned 1 [0242.493] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.493] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.493] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.493] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.493] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.493] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.493] SetLastError (dwErrCode=0x0) [0242.493] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x89 [0242.493] GetLastError () returned 0x0 [0242.493] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.493] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.493] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.493] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.493] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.493] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.494] GetLastError () returned 0x5 [0242.494] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.494] SetLastError (dwErrCode=0x5) [0242.494] GetLastError () returned 0x5 [0242.494] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.494] LocalFree (hMem=0x9509e0) returned 0x0 [0242.494] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.495] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.495] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.497] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33740311993) returned 1 [0242.497] GetCurrentThreadId () returned 0x1130 [0242.497] GetCurrentThreadId () returned 0x1130 [0242.497] GetCurrentThreadId () returned 0x1130 [0242.497] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AL9№bidc$A%ujAV{qLn~81kJumE.Q4mz+", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0242.497] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AL9№bidc$A%ujAV{qLn~81kJumE.Q4mz+", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0242.497] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AL9№bidc$A%ujAV{qLn~81kJumE.Q4mz+", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AL9â\x84\x96bidc$A%ujAV{qLn~81kJumE.Q4mz+C\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 35 [0242.497] GetCurrentThreadId () returned 0x1130 [0242.497] GetCurrentThreadId () returned 0x1130 [0242.497] GetCurrentThreadId () returned 0x1130 [0242.497] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.498] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [430].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [430].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.498] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [430].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [430].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [430].WANNACASH NCOV v310320") returned 0xc1 [0242.498] GetLastError () returned 0x5 [0242.498] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ะ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.498] LocalFree (hMem=0x950e30) returned 0x0 [0242.498] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.498] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.498] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.499] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.499] CloseHandle (hObject=0x404) returned 1 [0242.499] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.499] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.499] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.499] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.499] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.499] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.499] SetLastError (dwErrCode=0x0) [0242.500] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x89 [0242.500] GetLastError () returned 0x0 [0242.500] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.500] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.500] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.500] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.500] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x86__8wekyb3d8bbwe")) returned 0x10 [0242.500] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.500] GetLastError () returned 0x5 [0242.500] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.advertising.xaml_10.0.1605.0_x86__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.500] SetLastError (dwErrCode=0x5) [0242.500] GetLastError () returned 0x5 [0242.500] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.501] LocalFree (hMem=0x950b30) returned 0x0 [0242.501] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.501] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.501] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.503] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33740891111) returned 1 [0242.503] GetCurrentThreadId () returned 0x1130 [0242.503] GetCurrentThreadId () returned 0x1130 [0242.503] GetCurrentThreadId () returned 0x1130 [0242.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="f№ZA3\"Zx/6n1P8YrB`%o4Kx51RX}uO$qD№)As6e№mKkGG", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0242.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="f№ZA3\"Zx/6n1P8YrB`%o4Kx51RX}uO$qD№)As6e№mKkGG", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0242.503] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="f№ZA3\"Zx/6n1P8YrB`%o4Kx51RX}uO$qD№)As6e№mKkGG", cchWideChar=48, lpMultiByteStr=0x2516890, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fâ\x84\x96ZA3\"Zx/6n1P8YrB`%o4Kx51RX}uO$qDâ\x84\x96)As6eâ\x84\x96mKkGG%", lpUsedDefaultChar=0x0) returned 54 [0242.503] GetCurrentThreadId () returned 0x1130 [0242.503] GetCurrentThreadId () returned 0x1130 [0242.503] GetCurrentThreadId () returned 0x1130 [0242.503] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.504] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [431].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [431].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.504] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [431].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [431].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [431].WANNACASH NCOV v310320") returned 0xbd [0242.504] GetLastError () returned 0x5 [0242.504] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ೠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.504] LocalFree (hMem=0x950ce0) returned 0x0 [0242.504] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.504] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.504] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.505] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.505] CloseHandle (hObject=0x404) returned 1 [0242.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.506] SetLastError (dwErrCode=0x0) [0242.506] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x85 [0242.506] GetLastError () returned 0x0 [0242.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.506] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe")) returned 0x10 [0242.506] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.506] GetLastError () returned 0x5 [0242.506] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.507] SetLastError (dwErrCode=0x5) [0242.507] GetLastError () returned 0x5 [0242.507] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੰ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.507] LocalFree (hMem=0x950a70) returned 0x0 [0242.507] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.507] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.508] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.bingfinance_4.6.169.0_x86__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.509] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33741505499) returned 1 [0242.509] GetCurrentThreadId () returned 0x1130 [0242.509] GetCurrentThreadId () returned 0x1130 [0242.509] GetCurrentThreadId () returned 0x1130 [0242.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"Si=ZRe_q_efk?r3qv№#sq}oE3e&?`S~&", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0242.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"Si=ZRe_q_efk?r3qv№#sq}oE3e&?`S~&", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0242.509] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"Si=ZRe_q_efk?r3qv№#sq}oE3e&?`S~&", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"Si=ZRe_q_efk?r3qvâ\x84\x96#sq}oE3e&?`S~&C\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 35 [0242.509] GetCurrentThreadId () returned 0x1130 [0242.509] GetCurrentThreadId () returned 0x1130 [0242.509] GetCurrentThreadId () returned 0x1130 [0242.509] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.bingfinance_4.6.169.0_x86__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.510] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [432].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.bingfinance_4.6.169.0_x86__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [432].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.510] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [432].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [432].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [432].WANNACASH NCOV v310320") returned 0xba [0242.510] GetLastError () returned 0x5 [0242.510] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ീ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.510] LocalFree (hMem=0x950d40) returned 0x0 [0242.510] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.510] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.510] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.521] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.521] CloseHandle (hObject=0x404) returned 1 [0242.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.521] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.522] SetLastError (dwErrCode=0x0) [0242.522] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x82 [0242.522] GetLastError () returned 0x0 [0242.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.522] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.bingfinance_4.6.169.0_x86__8wekyb3d8bbwe")) returned 0x10 [0242.524] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.bingfinance_4.6.169.0_x86__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.524] GetLastError () returned 0x5 [0242.524] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingFinance_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.bingfinance_4.6.169.0_x86__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.524] SetLastError (dwErrCode=0x5) [0242.524] GetLastError () returned 0x5 [0242.524] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.524] LocalFree (hMem=0x9509e0) returned 0x0 [0242.524] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.525] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.525] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.BingNews_4.6.169.0_x86__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.bingnews_4.6.169.0_x86__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.527] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33743288082) returned 1 [0242.527] GetCurrentThreadId () returned 0x1130 [0242.527] GetCurrentThreadId () returned 0x1130 [0242.527] GetCurrentThreadId () returned 0x1130 [0242.527] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="k8j)i4\"{)/o.?5iz@9t(", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0242.557] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"_Fz$#(1##q_\\!R;4r^MMWpE.?5iz@9t(", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0242.557] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"_Fz$#(1##q_\\!R;4r^MMWpE.?5iz@9t(", cchWideChar=49, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"_Fz$#(1##q_\\!R;4r^MMWpE.?5iz@9t(w^R", lpUsedDefaultChar=0x0) returned 49 [0242.558] GetCurrentThreadId () returned 0x1130 [0242.559] GetCurrentThreadId () returned 0x1130 [0242.559] GetCurrentThreadId () returned 0x1130 [0242.560] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.connectivitystore_1.1509.1.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.560] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [438].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.connectivitystore_1.1509.1.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [438].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.560] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [438].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [438].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [438].WANNACASH NCOV v310320") returned 0xc1 [0242.560] GetLastError () returned 0x5 [0242.560] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.560] LocalFree (hMem=0x950b90) returned 0x0 [0242.560] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.560] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.561] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.561] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.561] CloseHandle (hObject=0x404) returned 1 [0242.561] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.562] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.562] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.562] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.562] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.562] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.562] SetLastError (dwErrCode=0x0) [0242.562] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x89 [0242.562] GetLastError () returned 0x0 [0242.562] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.562] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.562] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.562] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.562] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.connectivitystore_1.1509.1.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.562] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.connectivitystore_1.1509.1.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.562] GetLastError () returned 0x5 [0242.563] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ConnectivityStore_1.1509.1.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.connectivitystore_1.1509.1.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.563] SetLastError (dwErrCode=0x5) [0242.563] GetLastError () returned 0x5 [0242.563] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ീ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.563] LocalFree (hMem=0x950d40) returned 0x0 [0242.563] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.563] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.564] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.creddialoghost_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.565] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33747155195) returned 1 [0242.565] GetCurrentThreadId () returned 0x1130 [0242.566] GetCurrentThreadId () returned 0x1130 [0242.566] GetCurrentThreadId () returned 0x1130 [0242.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1_{nK1Y|{Anzz}@XayRFCMuJ5N5_2ZSH;FUBh", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0242.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1_{nK1Y|{Anzz}@XayRFCMuJ5N5_2ZSH;FUBh", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0242.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1_{nK1Y|{Anzz}@XayRFCMuJ5N5_2ZSH;FUBh", cchWideChar=37, lpMultiByteStr=0x2525040, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1_{nK1Y|{Anzz}@XayRFCMuJ5N5_2ZSH;FUBh", lpUsedDefaultChar=0x0) returned 37 [0242.566] GetCurrentThreadId () returned 0x1130 [0242.566] GetCurrentThreadId () returned 0x1130 [0242.566] GetCurrentThreadId () returned 0x1130 [0242.566] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.creddialoghost_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.566] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [439].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.creddialoghost_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [439].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.567] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [439].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [439].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [439].WANNACASH NCOV v310320") returned 0xc4 [0242.567] GetLastError () returned 0x5 [0242.567] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="௰\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.567] LocalFree (hMem=0x950bf0) returned 0x0 [0242.567] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.567] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.567] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.568] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.568] CloseHandle (hObject=0x404) returned 1 [0242.568] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.568] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.568] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.568] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.568] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.568] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.568] SetLastError (dwErrCode=0x0) [0242.569] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x8c [0242.569] GetLastError () returned 0x0 [0242.569] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.569] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.569] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.569] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.569] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.creddialoghost_10.0.15063.0_neutral__cw5n1h2txyewy")) returned 0x10 [0242.569] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.creddialoghost_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.569] GetLastError () returned 0x5 [0242.569] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.creddialoghost_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.570] SetLastError (dwErrCode=0x5) [0242.570] GetLastError () returned 0x5 [0242.570] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ਐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.570] LocalFree (hMem=0x950a10) returned 0x0 [0242.570] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.570] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.571] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.desktopappinstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.573] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33747881242) returned 1 [0242.573] GetCurrentThreadId () returned 0x1130 [0242.573] GetCurrentThreadId () returned 0x1130 [0242.573] GetCurrentThreadId () returned 0x1130 [0242.573] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="T|)Uk|:AY-HI-Q9PN7dobqsy`zt#WKFy(DxfbFR2", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0242.573] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="T|)Uk|:AY-HI-Q9PN7dobqsy`zt#WKFy(DxfbFR2", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0242.573] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="T|)Uk|:AY-HI-Q9PN7dobqsy`zt#WKFy(DxfbFR2", cchWideChar=40, lpMultiByteStr=0x2524fd0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="T|)Uk|:AY-HI-Q9PN7dobqsy`zt#WKFy(DxfbFR2-=E?qPR\x02\x01", lpUsedDefaultChar=0x0) returned 40 [0242.573] GetCurrentThreadId () returned 0x1130 [0242.574] GetCurrentThreadId () returned 0x1130 [0242.574] GetCurrentThreadId () returned 0x1130 [0242.574] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.desktopappinstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.574] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [440].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.desktopappinstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [440].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.575] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [440].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [440].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [440].WANNACASH NCOV v310320") returned 0xc4 [0242.575] GetLastError () returned 0x5 [0242.575] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ഐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.575] LocalFree (hMem=0x950d10) returned 0x0 [0242.575] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.575] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.575] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.576] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.576] CloseHandle (hObject=0x404) returned 1 [0242.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.577] SetLastError (dwErrCode=0x0) [0242.577] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x8c [0242.577] GetLastError () returned 0x0 [0242.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.577] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.desktopappinstaller_1.0.10252.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.577] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.desktopappinstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.577] GetLastError () returned 0x5 [0242.578] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.desktopappinstaller_1.0.10252.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.578] SetLastError (dwErrCode=0x5) [0242.578] GetLastError () returned 0x5 [0242.578] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.578] LocalFree (hMem=0x950a40) returned 0x0 [0242.578] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.578] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.579] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.580] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33748658911) returned 1 [0242.581] GetCurrentThreadId () returned 0x1130 [0242.581] GetCurrentThreadId () returned 0x1130 [0242.581] GetCurrentThreadId () returned 0x1130 [0242.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sta:2H5+kF^-2_^bX\"Ln1RslJo7dU`gax+%s", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0242.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sta:2H5+kF^-2_^bX\"Ln1RslJo7dU`gax+%s", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0242.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Sta:2H5+kF^-2_^bX\"Ln1RslJo7dU`gax+%s", cchWideChar=36, lpMultiByteStr=0x250f7b8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sta:2H5+kF^-2_^bX\"Ln1RslJo7dU`gax+%s\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 36 [0242.581] GetCurrentThreadId () returned 0x1130 [0242.581] GetCurrentThreadId () returned 0x1130 [0242.581] GetCurrentThreadId () returned 0x1130 [0242.581] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.581] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [441].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [441].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.581] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [441].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [441].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [441].WANNACASH NCOV v310320") returned 0xb7 [0242.581] GetLastError () returned 0x5 [0242.581] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.581] LocalFree (hMem=0x9509e0) returned 0x0 [0242.581] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.581] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.582] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.583] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.583] CloseHandle (hObject=0x404) returned 1 [0242.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.583] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.583] SetLastError (dwErrCode=0x0) [0242.583] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x7f [0242.584] GetLastError () returned 0x0 [0242.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.584] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.584] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.getstarted_4.5.6.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.584] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.584] GetLastError () returned 0x5 [0242.584] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.getstarted_4.5.6.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.584] SetLastError (dwErrCode=0x5) [0242.584] GetLastError () returned 0x5 [0242.584] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.584] LocalFree (hMem=0x950b90) returned 0x0 [0242.584] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.585] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.585] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.LockApp_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.lockapp_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.587] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33749333937) returned 1 [0242.587] GetCurrentThreadId () returned 0x1130 [0242.587] GetCurrentThreadId () returned 0x1130 [0242.587] GetCurrentThreadId () returned 0x1130 [0242.587] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="e{8(ruHm1)*&UDMn9g=№{)4o;c\\Z}m2,N;TrdK\"a>№uq:EK43~EZ~BRv~uRV}AztQb.\":", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0242.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"dMw4>>№uq:EK43~EZ~BRv~uRV}AztQb.\":", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0242.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"dMw4>>№uq:EK43~EZ~BRv~uRV}AztQb.\":", cchWideChar=35, lpMultiByteStr=0x2524fd0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"dMw4>>â\x84\x96uq:EK43~EZ~BRv~uRV}AztQb.\":", lpUsedDefaultChar=0x0) returned 37 [0242.782] GetCurrentThreadId () returned 0x1130 [0242.782] GetCurrentThreadId () returned 0x1130 [0242.782] GetCurrentThreadId () returned 0x1130 [0242.782] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.holographicfirstrun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.782] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [465].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.holographicfirstrun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [465].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.783] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [465].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [465].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [465].WANNACASH NCOV v310320") returned 0xd8 [0242.783] GetLastError () returned 0x5 [0242.783] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.783] LocalFree (hMem=0x9509e0) returned 0x0 [0242.783] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.783] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.783] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.783] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.784] CloseHandle (hObject=0x404) returned 1 [0242.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.784] SetLastError (dwErrCode=0x0) [0242.784] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0xa0 [0242.784] GetLastError () returned 0x0 [0242.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.784] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.785] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.holographicfirstrun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy")) returned 0x10 [0242.785] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.holographicfirstrun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.785] GetLastError () returned 0x5 [0242.785] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.holographicfirstrun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.785] SetLastError (dwErrCode=0x5) [0242.785] GetLastError () returned 0x5 [0242.785] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੰ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.785] LocalFree (hMem=0x950a70) returned 0x0 [0242.785] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.786] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.786] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.modalsharepickerhost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.787] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33769353299) returned 1 [0242.787] GetCurrentThreadId () returned 0x1130 [0242.787] GetCurrentThreadId () returned 0x1130 [0242.788] GetCurrentThreadId () returned 0x1130 [0242.788] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vCP)&snhQg4ejHIq*u#j8,fU{#}wo\"SB`,7/8xP_", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0242.788] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vCP)&snhQg4ejHIq*u#j8,fU{#}wo\"SB`,7/8xP_", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0242.788] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vCP)&snhQg4ejHIq*u#j8,fU{#}wo\"SB`,7/8xP_", cchWideChar=40, lpMultiByteStr=0x2525040, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vCP)&snhQg4ejHIq*u#j8,fU{#}wo\"SB`,7/8xP_gBO%©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 40 [0242.788] GetCurrentThreadId () returned 0x1130 [0242.788] GetCurrentThreadId () returned 0x1130 [0242.788] GetCurrentThreadId () returned 0x1130 [0242.788] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.modalsharepickerhost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.788] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [466].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.modalsharepickerhost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [466].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.788] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [466].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [466].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [466].WANNACASH NCOV v310320") returned 0xdb [0242.788] GetLastError () returned 0x5 [0242.788] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="฀\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.788] LocalFree (hMem=0x950e00) returned 0x0 [0242.788] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.788] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.789] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.789] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.789] CloseHandle (hObject=0x404) returned 1 [0242.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.790] SetLastError (dwErrCode=0x0) [0242.790] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0xa3 [0242.790] GetLastError () returned 0x0 [0242.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.790] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.790] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.modalsharepickerhost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy")) returned 0x10 [0242.790] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.modalsharepickerhost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.791] GetLastError () returned 0x5 [0242.791] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.modalsharepickerhost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.791] SetLastError (dwErrCode=0x5) [0242.791] GetLastError () returned 0x5 [0242.791] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="฀\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.791] LocalFree (hMem=0x950e00) returned 0x0 [0242.791] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.791] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.792] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkcaptiveportal_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.794] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33770017724) returned 1 [0242.794] GetCurrentThreadId () returned 0x1130 [0242.794] GetCurrentThreadId () returned 0x1130 [0242.794] GetCurrentThreadId () returned 0x1130 [0242.794] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=")LA`mS|B@zWm.vX-hN\\5ArA|K", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0242.794] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=")LA`mS|B@zWm.vX-hN\\5ArA|K", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0242.794] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=")LA`mS|B@zWm.vX-hN\\5ArA|K", cchWideChar=25, lpMultiByteStr=0x2508420, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=")LA`mS|B@zWm.vX-hN\\5ArA|K", lpUsedDefaultChar=0x0) returned 25 [0242.794] GetCurrentThreadId () returned 0x1130 [0242.794] GetCurrentThreadId () returned 0x1130 [0242.794] GetCurrentThreadId () returned 0x1130 [0242.794] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkcaptiveportal_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.795] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [467].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkcaptiveportal_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [467].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.795] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [467].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [467].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [467].WANNACASH NCOV v310320") returned 0xd6 [0242.795] GetLastError () returned 0x5 [0242.795] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.795] LocalFree (hMem=0x950c50) returned 0x0 [0242.795] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.795] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.795] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.796] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.796] CloseHandle (hObject=0x404) returned 1 [0242.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.796] SetLastError (dwErrCode=0x0) [0242.796] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x9e [0242.796] GetLastError () returned 0x0 [0242.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.797] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.797] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkcaptiveportal_10.0.15063.0_neutral__cw5n1h2txyewy")) returned 0x10 [0242.797] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkcaptiveportal_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.797] GetLastError () returned 0x5 [0242.797] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkcaptiveportal_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.797] SetLastError (dwErrCode=0x5) [0242.797] GetLastError () returned 0x5 [0242.797] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.797] LocalFree (hMem=0x950b30) returned 0x0 [0242.797] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.797] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.798] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkconnectionflow_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.799] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33770565653) returned 1 [0242.800] GetCurrentThreadId () returned 0x1130 [0242.800] GetCurrentThreadId () returned 0x1130 [0242.800] GetCurrentThreadId () returned 0x1130 [0242.800] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="aP~;\"CEIg\"{;?u*PD@?N(8№yaTY@(AQ>a#(", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0242.800] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="aP~;\"CEIg\"{;?u*PD@?N(8№yaTY@(AQ>a#(", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0242.800] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="aP~;\"CEIg\"{;?u*PD@?N(8№yaTY@(AQ>a#(", cchWideChar=35, lpMultiByteStr=0x2524fd0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aP~;\"CEIg\"{;?u*PD@?N(8â\x84\x96yaTY@(AQ>a#(", lpUsedDefaultChar=0x0) returned 37 [0242.800] GetCurrentThreadId () returned 0x1130 [0242.800] GetCurrentThreadId () returned 0x1130 [0242.800] GetCurrentThreadId () returned 0x1130 [0242.800] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkconnectionflow_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.800] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [468].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkconnectionflow_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [468].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.800] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [468].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [468].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [468].WANNACASH NCOV v310320") returned 0xd7 [0242.800] GetLastError () returned 0x5 [0242.800] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੀ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.800] LocalFree (hMem=0x950a40) returned 0x0 [0242.801] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.801] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.801] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.801] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.801] CloseHandle (hObject=0x404) returned 1 [0242.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.802] SetLastError (dwErrCode=0x0) [0242.802] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x9f [0242.802] GetLastError () returned 0x0 [0242.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.802] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.802] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkconnectionflow_10.0.15063.0_neutral__cw5n1h2txyewy")) returned 0x10 [0242.802] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkconnectionflow_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.803] GetLastError () returned 0x5 [0242.803] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.oobenetworkconnectionflow_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.803] SetLastError (dwErrCode=0x5) [0242.803] GetLastError () returned 0x5 [0242.803] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ೠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.803] LocalFree (hMem=0x950ce0) returned 0x0 [0242.803] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.803] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.804] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.parentalcontrols_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.816] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33772205368) returned 1 [0242.816] GetCurrentThreadId () returned 0x1130 [0242.816] GetCurrentThreadId () returned 0x1130 [0242.816] GetCurrentThreadId () returned 0x1130 [0242.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1}bYp№1№98rUAEey79D~GkEVCnW5o5F+", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0242.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1}bYp№1№98rUAEey79D~GkEVCnW5o5F+", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0242.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1}bYp№1№98rUAEey79D~GkEVCnW5o5F+", cchWideChar=32, lpMultiByteStr=0x250f7b8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1}bYpâ\x84\x961â\x84\x9698rUAEey79D~GkEVCnW5o5F+\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 36 [0242.816] GetCurrentThreadId () returned 0x1130 [0242.816] GetCurrentThreadId () returned 0x1130 [0242.816] GetCurrentThreadId () returned 0x1130 [0242.816] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.parentalcontrols_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.817] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [469].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.parentalcontrols_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [469].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.817] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [469].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [469].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [469].WANNACASH NCOV v310320") returned 0xd7 [0242.817] GetLastError () returned 0x5 [0242.817] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="๠\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.817] LocalFree (hMem=0x950e60) returned 0x0 [0242.817] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.817] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.817] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.818] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.818] CloseHandle (hObject=0x404) returned 1 [0242.818] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.818] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.818] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.818] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.818] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.818] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.819] SetLastError (dwErrCode=0x0) [0242.819] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x9f [0242.819] GetLastError () returned 0x0 [0242.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.819] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.parentalcontrols_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy")) returned 0x10 [0242.819] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.parentalcontrols_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.819] GetLastError () returned 0x5 [0242.819] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.parentalcontrols_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.819] SetLastError (dwErrCode=0x5) [0242.819] GetLastError () returned 0x5 [0242.819] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.820] LocalFree (hMem=0x950c50) returned 0x0 [0242.820] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.820] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.820] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.photos_16.511.8780.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.822] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33772840644) returned 1 [0242.822] GetCurrentThreadId () returned 0x1130 [0242.822] GetCurrentThreadId () returned 0x1130 [0242.822] GetCurrentThreadId () returned 0x1130 [0242.822] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="er=N^\"r3\"ObU6pR&6uU$seC^fM^/-^s7.+<\"lk", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0242.822] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="er=N^\"r3\"ObU6pR&6uU$seC^fM^/-^s7.+<\"lk", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0242.823] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="er=N^\"r3\"ObU6pR&6uU$seC^fM^/-^s7.+<\"lk", cchWideChar=38, lpMultiByteStr=0x2525040, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="er=N^\"r3\"ObU6pR&6uU$seC^fM^/-^s7.+<\"lkP_gBO%©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 38 [0242.823] GetCurrentThreadId () returned 0x1130 [0242.823] GetCurrentThreadId () returned 0x1130 [0242.823] GetCurrentThreadId () returned 0x1130 [0242.823] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.photos_16.511.8780.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.823] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [470].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.photos_16.511.8780.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [470].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.823] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [470].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [470].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [470].WANNACASH NCOV v310320") returned 0xc1 [0242.824] GetLastError () returned 0x5 [0242.824] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="௰\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.824] LocalFree (hMem=0x950bf0) returned 0x0 [0242.824] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.824] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.824] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.825] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.825] CloseHandle (hObject=0x404) returned 1 [0242.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.825] SetLastError (dwErrCode=0x0) [0242.825] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x89 [0242.825] GetLastError () returned 0x0 [0242.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.825] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.825] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.photos_16.511.8780.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.826] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.photos_16.511.8780.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.826] GetLastError () returned 0x5 [0242.826] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.photos_16.511.8780.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.826] SetLastError (dwErrCode=0x5) [0242.826] GetLastError () returned 0x5 [0242.826] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.826] LocalFree (hMem=0x9509e0) returned 0x0 [0242.826] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.827] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.827] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.sechealthui_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.829] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33773560819) returned 1 [0242.830] GetCurrentThreadId () returned 0x1130 [0242.830] GetCurrentThreadId () returned 0x1130 [0242.830] GetCurrentThreadId () returned 0x1130 [0242.830] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_>7f7D8z4O%}rm{.Wg-№rGXr@,v", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0242.830] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_>7f7D8z4O%}rm{.Wg-№rGXr@,v", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0242.830] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_>7f7D8z4O%}rm{.Wg-№rGXr@,v", cchWideChar=27, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="_>7f7D8z4O%}rm{.Wg-â\x84\x96rGXr@,vnW5o5F+\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 29 [0242.830] GetCurrentThreadId () returned 0x1130 [0242.830] GetCurrentThreadId () returned 0x1130 [0242.830] GetCurrentThreadId () returned 0x1130 [0242.830] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.sechealthui_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.830] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [471].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.sechealthui_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [471].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.830] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [471].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [471].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [471].WANNACASH NCOV v310320") returned 0xc9 [0242.830] GetLastError () returned 0x5 [0242.830] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ഐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.830] LocalFree (hMem=0x950d10) returned 0x0 [0242.830] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.830] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.831] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.831] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.831] CloseHandle (hObject=0x404) returned 1 [0242.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.832] SetLastError (dwErrCode=0x0) [0242.832] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x91 [0242.832] GetLastError () returned 0x0 [0242.833] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.833] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.833] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.833] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.833] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.sechealthui_10.0.15063.0_neutral__cw5n1h2txyewy")) returned 0x10 [0242.833] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.sechealthui_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.833] GetLastError () returned 0x5 [0242.833] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.sechealthui_10.0.15063.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.833] SetLastError (dwErrCode=0x5) [0242.833] GetLastError () returned 0x5 [0242.833] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.833] LocalFree (hMem=0x950b30) returned 0x0 [0242.833] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.834] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.834] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.SecondaryTileExperience_10.0.0.0_neutral__cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.secondarytileexperience_10.0.0.0_neutral__cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.836] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33774215351) returned 1 [0242.836] GetCurrentThreadId () returned 0x1130 [0242.836] GetCurrentThreadId () returned 0x1130 [0242.836] GetCurrentThreadId () returned 0x1130 [0242.836] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CD№m\"8xI}BsQ5Vj;Pb8eU`=1s3Uqo3SpTCax|E№#{iaB(lasJ}", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0242.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="56,e5jiA=k2wu@+OaLu\".>s3Uqo3SpTCax|E№#{iaB(lasJ}", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0242.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="56,e5jiA=k2wu@+OaLu\".>s3Uqo3SpTCax|E№#{iaB(lasJ}", cchWideChar=48, lpMultiByteStr=0x25337d8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="56,e5jiA=k2wu@+OaLu\".>s3Uqo3SpTCax|Eâ\x84\x96#{iaB(lasJ}^R", lpUsedDefaultChar=0x0) returned 50 [0242.858] GetCurrentThreadId () returned 0x1130 [0242.858] GetCurrentThreadId () returned 0x1130 [0242.858] GetCurrentThreadId () returned 0x1130 [0242.858] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsalarms_10.1702.333.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.859] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [476].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsalarms_10.1702.333.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [476].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.859] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [476].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [476].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [476].WANNACASH NCOV v310320") returned 0xc0 [0242.859] GetLastError () returned 0x5 [0242.859] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.859] LocalFree (hMem=0x9508c0) returned 0x0 [0242.859] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.859] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.859] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.860] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.860] CloseHandle (hObject=0x404) returned 1 [0242.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.860] SetLastError (dwErrCode=0x0) [0242.860] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x88 [0242.860] GetLastError () returned 0x0 [0242.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.861] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.861] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.861] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.861] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsalarms_10.1702.333.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.861] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsalarms_10.1702.333.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.861] GetLastError () returned 0x5 [0242.861] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsalarms_10.1702.333.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.861] SetLastError (dwErrCode=0x5) [0242.861] GetLastError () returned 0x5 [0242.861] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.861] LocalFree (hMem=0x950dd0) returned 0x0 [0242.861] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.862] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.862] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.864] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33776996810) returned 1 [0242.864] GetCurrentThreadId () returned 0x1130 [0242.864] GetCurrentThreadId () returned 0x1130 [0242.864] GetCurrentThreadId () returned 0x1130 [0242.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BzX<;)vuygcTla\"so3:-blC2fh$Rb:5Oy1;U2aN>z", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0242.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BzX<;)vuygcTla\"so3:-blC2fh$Rb:5Oy1;U2aN>z", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0242.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="BzX<;)vuygcTla\"so3:-blC2fh$Rb:5Oy1;U2aN>z", cchWideChar=41, lpMultiByteStr=0x2524fd0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BzX<;)vuygcTla\"so3:-blC2fh$Rb:5Oy1;U2aN>z$JpqPR\x02\x01", lpUsedDefaultChar=0x0) returned 41 [0242.864] GetCurrentThreadId () returned 0x1130 [0242.864] GetCurrentThreadId () returned 0x1130 [0242.864] GetCurrentThreadId () returned 0x1130 [0242.864] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.864] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [477].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [477].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.865] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [477].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [477].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [477].WANNACASH NCOV v310320") returned 0xc4 [0242.865] GetLastError () returned 0x5 [0242.865] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.865] LocalFree (hMem=0x9509e0) returned 0x0 [0242.865] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.865] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.865] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.866] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.866] CloseHandle (hObject=0x404) returned 1 [0242.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.866] SetLastError (dwErrCode=0x0) [0242.866] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x8c [0242.866] GetLastError () returned 0x0 [0242.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.866] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscalculator_10.1702.312.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.867] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.867] GetLastError () returned 0x5 [0242.867] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscalculator_10.1702.312.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.867] SetLastError (dwErrCode=0x5) [0242.867] GetLastError () returned 0x5 [0242.867] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ஐ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.867] LocalFree (hMem=0x950b90) returned 0x0 [0242.867] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.868] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.868] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscamera_2017.125.40.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.870] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33777657749) returned 1 [0242.870] GetCurrentThreadId () returned 0x1130 [0242.871] GetCurrentThreadId () returned 0x1130 [0242.871] GetCurrentThreadId () returned 0x1130 [0242.871] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="obwJd@exx:2L5lfynG+a.VFgz&#d+T3w:Ga", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0242.871] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="obwJd@exx:2L5lfynG+a.VFgz&#d+T3w:Ga", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0242.871] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="obwJd@exx:2L5lfynG+a.VFgz&#d+T3w:Ga", cchWideChar=35, lpMultiByteStr=0x250f7b8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="obwJd@exx:2L5lfynG+a.VFgz&#d+T3w:Ga+\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 35 [0242.871] GetCurrentThreadId () returned 0x1130 [0242.871] GetCurrentThreadId () returned 0x1130 [0242.871] GetCurrentThreadId () returned 0x1130 [0242.871] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscamera_2017.125.40.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.871] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [478].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscamera_2017.125.40.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [478].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.871] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [478].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [478].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [478].WANNACASH NCOV v310320") returned 0xc0 [0242.871] GetLastError () returned 0x5 [0242.871] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.871] LocalFree (hMem=0x9508c0) returned 0x0 [0242.871] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.871] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.872] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.873] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.873] CloseHandle (hObject=0x404) returned 1 [0242.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.873] SetLastError (dwErrCode=0x0) [0242.873] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x88 [0242.873] GetLastError () returned 0x0 [0242.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.873] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.874] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscamera_2017.125.40.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.874] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscamera_2017.125.40.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.874] GetLastError () returned 0x5 [0242.874] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscamera_2017.125.40.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.874] SetLastError (dwErrCode=0x5) [0242.874] GetLastError () returned 0x5 [0242.874] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="௰\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.874] LocalFree (hMem=0x950bf0) returned 0x0 [0242.874] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.875] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.875] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.875] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33778149014) returned 1 [0242.875] GetCurrentThreadId () returned 0x1130 [0242.875] GetCurrentThreadId () returned 0x1130 [0242.875] GetCurrentThreadId () returned 0x1130 [0242.876] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@h,GY(q!S=UBi%>YM#dzYskrX>{/B", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0242.876] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@h,GY(q!S=UBi%>YM#dzYskrX>{/B", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0242.876] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@h,GY(q!S=UBi%>YM#dzYskrX>{/B", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="@h,GY(q!S=UBi%>YM#dzYskrX>{/BT3w:Ga+\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 29 [0242.876] GetCurrentThreadId () returned 0x1130 [0242.876] GetCurrentThreadId () returned 0x1130 [0242.876] GetCurrentThreadId () returned 0x1130 [0242.876] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.876] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [479].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [479].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.876] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [479].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [479].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [479].WANNACASH NCOV v310320") returned 0xce [0242.876] GetLastError () returned 0x5 [0242.876] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.876] LocalFree (hMem=0x9509e0) returned 0x0 [0242.876] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.876] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.877] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.877] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.877] CloseHandle (hObject=0x404) returned 1 [0242.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.878] SetLastError (dwErrCode=0x0) [0242.878] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x96 [0242.878] GetLastError () returned 0x0 [0242.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.878] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.878] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.879] GetLastError () returned 0x5 [0242.879] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.879] SetLastError (dwErrCode=0x5) [0242.879] GetLastError () returned 0x5 [0242.879] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.879] LocalFree (hMem=0x9508c0) returned 0x0 [0242.879] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.879] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.880] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsfeedbackhub_1.1612.10312.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.881] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33778730312) returned 1 [0242.881] GetCurrentThreadId () returned 0x1130 [0242.881] GetCurrentThreadId () returned 0x1130 [0242.881] GetCurrentThreadId () returned 0x1130 [0242.881] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=";@6YI~=(({}Fp!m+#{zi\"5WU:VTdn&S*mW", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0242.881] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=";@6YI~=(({}Fp!m+#{zi\"5WU:VTdn&S*mW", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0242.881] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=";@6YI~=(({}Fp!m+#{zi\"5WU:VTdn&S*mW", cchWideChar=34, lpMultiByteStr=0x250f7b8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=";@6YI~=(({}Fp!m+#{zi\"5WU:VTdn&S*mWa+\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 34 [0242.881] GetCurrentThreadId () returned 0x1130 [0242.881] GetCurrentThreadId () returned 0x1130 [0242.882] GetCurrentThreadId () returned 0x1130 [0242.882] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsfeedbackhub_1.1612.10312.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.882] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [480].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsfeedbackhub_1.1612.10312.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [480].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.882] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [480].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [480].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [480].WANNACASH NCOV v310320") returned 0xc6 [0242.882] GetLastError () returned 0x5 [0242.882] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ॐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.882] LocalFree (hMem=0x950950) returned 0x0 [0242.882] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.882] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.882] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.883] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.883] CloseHandle (hObject=0x404) returned 1 [0242.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.883] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.884] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.884] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.884] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.884] SetLastError (dwErrCode=0x0) [0242.884] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x8e [0242.884] GetLastError () returned 0x0 [0242.884] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.884] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.884] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.884] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.884] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsfeedbackhub_1.1612.10312.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.884] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsfeedbackhub_1.1612.10312.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.884] GetLastError () returned 0x5 [0242.884] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsfeedbackhub_1.1612.10312.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.885] SetLastError (dwErrCode=0x5) [0242.885] GetLastError () returned 0x5 [0242.885] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.885] LocalFree (hMem=0x950c50) returned 0x0 [0242.885] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.885] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.886] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsmaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.921] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33782672739) returned 1 [0242.921] GetCurrentThreadId () returned 0x1130 [0242.921] GetCurrentThreadId () returned 0x1130 [0242.921] GetCurrentThreadId () returned 0x1130 [0242.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WC|f(9.EzSuI:z=IHdlMxn;\\5EB/q\\*#r\"+(4+p", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0242.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WC|f(9.EzSuI:z=IHdlMxn;\\5EB/q\\*#r\"+(4+p", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0242.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="WC|f(9.EzSuI:z=IHdlMxn;\\5EB/q\\*#r\"+(4+p", cchWideChar=39, lpMultiByteStr=0x2525040, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WC|f(9.EzSuI:z=IHdlMxn;\\5EB/q\\*#r\"+(4+p_gBO%©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 39 [0242.921] GetCurrentThreadId () returned 0x1130 [0242.921] GetCurrentThreadId () returned 0x1130 [0242.921] GetCurrentThreadId () returned 0x1130 [0242.921] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsmaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.921] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [481].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsmaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [481].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.922] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [481].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [481].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [481].WANNACASH NCOV v310320") returned 0xbf [0242.922] GetLastError () returned 0x5 [0242.922] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.922] LocalFree (hMem=0x950dd0) returned 0x0 [0242.922] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.922] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.922] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.923] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.923] CloseHandle (hObject=0x404) returned 1 [0242.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.923] SetLastError (dwErrCode=0x0) [0242.923] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x87 [0242.923] GetLastError () returned 0x0 [0242.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.924] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.924] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsmaps_5.1611.10393.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.924] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsmaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.924] GetLastError () returned 0x5 [0242.924] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsmaps_5.1611.10393.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.924] SetLastError (dwErrCode=0x5) [0242.924] GetLastError () returned 0x5 [0242.924] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ැ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.924] LocalFree (hMem=0x950dd0) returned 0x0 [0242.924] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.925] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.925] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.WindowsPhone_10.1510.9010.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.windowsphone_10.1510.9010.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.927] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33783300761) returned 1 [0242.927] GetCurrentThreadId () returned 0x1130 [0242.927] GetCurrentThreadId () returned 0x1130 [0242.927] GetCurrentThreadId () returned 0x1130 [0242.927] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\1D*w$k^g^#bR#KWg\\?a{kr/CI4r9`M9PtH`c?Dbh:-EUev.Yd", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0242.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=">.S4\"%Lkf&|k{as2oB>I4r9`M9PtH`c?Dbh:-EUev.Yd", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0242.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=">.S4\"%Lkf&|k{as2oB>I4r9`M9PtH`c?Dbh:-EUev.Yd", cchWideChar=44, lpMultiByteStr=0x2524fd0, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=">.S4\"%Lkf&|k{as2oB>I4r9`M9PtH`c?Dbh:-EUev.YdqPR\x02\x01", lpUsedDefaultChar=0x0) returned 44 [0242.948] GetCurrentThreadId () returned 0x1130 [0242.948] GetCurrentThreadId () returned 0x1130 [0242.948] GetCurrentThreadId () returned 0x1130 [0242.948] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxapp_25.25.13009.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.949] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [485].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxapp_25.25.13009.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [485].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.949] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [485].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [485].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [485].WANNACASH NCOV v310320") returned 0xba [0242.949] GetLastError () returned 0x5 [0242.949] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ࣀ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.949] LocalFree (hMem=0x9508c0) returned 0x0 [0242.949] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.949] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.949] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.950] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.950] CloseHandle (hObject=0x404) returned 1 [0242.950] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.950] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.950] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.950] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.950] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.950] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.950] SetLastError (dwErrCode=0x0) [0242.950] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x82 [0242.950] GetLastError () returned 0x0 [0242.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.951] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxapp_25.25.13009.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.951] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxapp_25.25.13009.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.951] GetLastError () returned 0x5 [0242.951] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxapp_25.25.13009.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.951] SetLastError (dwErrCode=0x5) [0242.951] GetLastError () returned 0x5 [0242.951] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.951] LocalFree (hMem=0x9509e0) returned 0x0 [0242.951] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.952] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.952] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgamecallableui_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.954] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33786013387) returned 1 [0242.954] GetCurrentThreadId () returned 0x1130 [0242.954] GetCurrentThreadId () returned 0x1130 [0242.954] GetCurrentThreadId () returned 0x1130 [0242.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&mr;Iijvwixdm\"rM%v~iRx49c8W", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0242.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&mr;Iijvwixdm\"rM%v~iRx49c8W", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0242.954] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&mr;Iijvwixdm\"rM%v~iRx49c8W", cchWideChar=27, lpMultiByteStr=0x2508420, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="&mr;Iijvwixdm\"rM%v~iRx49c8W", lpUsedDefaultChar=0x0) returned 27 [0242.954] GetCurrentThreadId () returned 0x1130 [0242.954] GetCurrentThreadId () returned 0x1130 [0242.954] GetCurrentThreadId () returned 0x1130 [0242.954] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgamecallableui_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.955] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [486].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgamecallableui_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [486].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.955] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [486].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [486].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [486].WANNACASH NCOV v310320") returned 0xd1 [0242.955] GetLastError () returned 0x5 [0242.955] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="౐\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㬨ɏᰁI") returned 0x13 [0242.955] LocalFree (hMem=0x950c50) returned 0x0 [0242.955] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.955] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.955] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.956] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.956] CloseHandle (hObject=0x404) returned 1 [0242.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.956] SetLastError (dwErrCode=0x0) [0242.956] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x99 [0242.956] GetLastError () returned 0x0 [0242.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=8) returned 1 [0242.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat", cchCount2=4) returned 1 [0242.957] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgamecallableui_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy")) returned 0x10 [0242.957] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgamecallableui_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0 [0242.957] GetLastError () returned 0x5 [0242.957] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgamecallableui_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\\activationstore.dat")) returned 0x20 [0242.957] SetLastError (dwErrCode=0x5) [0242.957] GetLastError () returned 0x5 [0242.957] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.957] LocalFree (hMem=0x9509e0) returned 0x0 [0242.957] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.958] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.958] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgameoverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.959] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33786557174) returned 1 [0242.959] GetCurrentThreadId () returned 0x1130 [0242.960] GetCurrentThreadId () returned 0x1130 [0242.960] GetCurrentThreadId () returned 0x1130 [0242.960] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HF`7,fHt)d~kC89\\6ttrpUvO*y№69>1``1lV", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0242.960] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HF`7,fHt)d~kC89\\6ttrpUvO*y№69>1``1lV", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0242.960] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HF`7,fHt)d~kC89\\6ttrpUvO*y№69>1``1lV", cchWideChar=36, lpMultiByteStr=0x2525040, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HF`7,fHt)d~kC89\\6ttrpUvO*yâ\x84\x9669>1``1lV_)WgO%©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 38 [0242.960] GetCurrentThreadId () returned 0x1130 [0242.960] GetCurrentThreadId () returned 0x1130 [0242.960] GetCurrentThreadId () returned 0x1130 [0242.960] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgameoverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.960] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [487].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgameoverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [487].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.960] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [487].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [487].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [487].WANNACASH NCOV v310320") returned 0xc0 [0242.960] GetLastError () returned 0x5 [0242.960] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ะ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.960] LocalFree (hMem=0x950e30) returned 0x0 [0242.960] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.960] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.961] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.961] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.961] CloseHandle (hObject=0x404) returned 1 [0242.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.962] SetLastError (dwErrCode=0x0) [0242.962] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x88 [0242.962] GetLastError () returned 0x0 [0242.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.962] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.962] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgameoverlay_1.15.2003.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.962] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgameoverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.962] GetLastError () returned 0x5 [0242.962] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxgameoverlay_1.15.2003.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.963] SetLastError (dwErrCode=0x5) [0242.963] GetLastError () returned 0x5 [0242.963] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ର\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.963] LocalFree (hMem=0x950b30) returned 0x0 [0242.963] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.963] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.964] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.966] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33787248739) returned 1 [0242.966] GetCurrentThreadId () returned 0x1130 [0242.966] GetCurrentThreadId () returned 0x1130 [0242.966] GetCurrentThreadId () returned 0x1130 [0242.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8b^@,y9~\\w:|H^\"C>nXJ}B/nWhL1nh~.R", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0242.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8b^@,y9~\\w:|H^\"C>nXJ}B/nWhL1nh~.R", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0242.967] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8b^@,y9~\\w:|H^\"C>nXJ}B/nWhL1nh~.R", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8b^@,y9~\\w:|H^\"C>nXJ}B/nWhL1nh~.RWa+\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 33 [0242.967] GetCurrentThreadId () returned 0x1130 [0242.967] GetCurrentThreadId () returned 0x1130 [0242.967] GetCurrentThreadId () returned 0x1130 [0242.967] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.967] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [488].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [488].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.967] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [488].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [488].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [488].WANNACASH NCOV v310320") returned 0xc7 [0242.967] GetLastError () returned 0x5 [0242.967] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="฀\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭰ɏᰁI") returned 0x13 [0242.967] LocalFree (hMem=0x950e00) returned 0x0 [0242.967] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.967] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.968] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.968] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.968] CloseHandle (hObject=0x404) returned 1 [0242.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.969] SetLastError (dwErrCode=0x0) [0242.969] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x8f [0242.969] GetLastError () returned 0x0 [0242.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.969] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.969] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.969] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.970] GetLastError () returned 0x5 [0242.970] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.970] SetLastError (dwErrCode=0x5) [0242.970] GetLastError () returned 0x5 [0242.970] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ੰ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.970] LocalFree (hMem=0x950a70) returned 0x0 [0242.970] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.971] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.971] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxspeechtotextoverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.985] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33789086127) returned 1 [0242.985] GetCurrentThreadId () returned 0x1130 [0242.985] GetCurrentThreadId () returned 0x1130 [0242.985] GetCurrentThreadId () returned 0x1130 [0242.985] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="u.UTn5O*\\y#uCK_y~h/<.fF?(3bX-nRU\"kNJ№N$Qz\\?u-.F-", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0242.985] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="u.UTn5O*\\y#uCK_y~h/<.fF?(3bX-nRU\"kNJ№N$Qz\\?u-.F-", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0242.985] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="u.UTn5O*\\y#uCK_y~h/<.fF?(3bX-nRU\"kNJ№N$Qz\\?u-.F-", cchWideChar=48, lpMultiByteStr=0x25337d8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="u.UTn5O*\\y#uCK_y~h/<.fF?(3bX-nRU\"kNJâ\x84\x96N$Qz\\?u-.F-~R", lpUsedDefaultChar=0x0) returned 50 [0242.985] GetCurrentThreadId () returned 0x1130 [0242.985] GetCurrentThreadId () returned 0x1130 [0242.985] GetCurrentThreadId () returned 0x1130 [0242.985] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxspeechtotextoverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\activationstore.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0242.985] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [489].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxspeechtotextoverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [489].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0242.986] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [489].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9c4, lpFilePart=0x19f9c0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\Файл зашифрован. Пиши. Почта clubnika@elude.in [489].WANNACASH NCOV v310320", lpFilePart=0x19f9c0*="Файл зашифрован. Пиши. Почта clubnika@elude.in [489].WANNACASH NCOV v310320") returned 0xc8 [0242.986] GetLastError () returned 0x5 [0242.986] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19fbd4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ഐ\x95ﰜ\x19念Kﰬ\x19您Kﰜ\x19ﲸ\x19㭘ɏᰁI") returned 0x13 [0242.986] LocalFree (hMem=0x950d10) returned 0x0 [0242.986] LoadStringW (in: hInstance=0x400000, uID=0xff8e, lpBuffer=0x19db90, cchBufferMax=4096 | out: lpBuffer="Cannot create file \"%s\". %s") returned 0x1b [0242.986] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fbc4) [0242.986] RtlUnwind (TargetFrame=0x19fc2c, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.987] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19efe0, ReturnValue=0x0) [0242.987] CloseHandle (hObject=0x404) returned 1 [0242.987] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.987] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.987] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.987] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.987] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.987] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.987] SetLastError (dwErrCode=0x0) [0242.987] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", nBufferLength=0x104, lpBuffer=0x19e45c, lpFilePart=0x19e458 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", lpFilePart=0x19e458*="ActivationStore.dat") returned 0x90 [0242.987] GetLastError () returned 0x0 [0242.987] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.988] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.988] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=8) returned 1 [0242.988] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat", cchCount2=4) returned 1 [0242.988] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxspeechtotextoverlay_1.14.2002.0_x64__8wekyb3d8bbwe")) returned 0x10 [0242.988] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxspeechtotextoverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0 [0242.988] GetLastError () returned 0x5 [0242.988] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.xboxspeechtotextoverlay_1.14.2002.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.988] SetLastError (dwErrCode=0x5) [0242.988] GetLastError () returned 0x5 [0242.988] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x19e6b4, nSize=0x0, Arguments=0x0 | out: lpBuffer="ৠ\x95\x19充O\x19兯O\x19\x19") returned 0x13 [0242.988] LocalFree (hMem=0x9509e0) returned 0x0 [0242.988] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19e6a4) [0242.989] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19dac0, ReturnValue=0x0) [0242.989] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\\ActivationStore.dat" (normalized: "c:\\users\\all users\\microsoft\\windows\\apprepository\\packages\\microsoft.zunemusic_10.16112.11621.0_x64__8wekyb3d8bbwe\\activationstore.dat")) returned 0x20 [0242.990] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33789663359) returned 1 [0242.991] GetCurrentThreadId () returned 0x1130 [0242.991] GetCurrentThreadId () returned 0x1130 [0242.991] GetCurrentThreadId () returned 0x1130 [0242.991] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="^^4\\t@lAeP", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0243.166] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EMMfyBd\"+zt9mioxM@_p!_@s4-D,X+l@>\\t@lAeP", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0243.166] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="EMMfyBd\"+zt9mioxM@_p!_@s4-D,X+l@>\\t@lAeP", cchWideChar=40, lpMultiByteStr=0x2525040, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EMMfyBd\"+zt9mioxM@_p!_@s4-D,X+l@>\\t@lAeP", lpUsedDefaultChar=0x0) returned 40 [0243.166] GetCurrentThreadId () returned 0x1130 [0243.166] GetCurrentThreadId () returned 0x1130 [0243.166] GetCurrentThreadId () returned 0x1130 [0243.166] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.166] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0243.166] GetCurrentThreadId () returned 0x1130 [0243.166] GetCurrentThreadId () returned 0x1130 [0243.166] GetCurrentThreadId () returned 0x1130 [0243.166] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] malloc (_Size=0x64) returned 0x1d1338 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] GetCurrentThreadId () returned 0x1130 [0243.167] free (_Block=0x1d1338) [0243.167] malloc (_Size=0x60) returned 0x1d1338 [0243.168] free (_Block=0x1d1338) [0243.168] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.168] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc97 [0243.168] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.168] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.168] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc97 [0243.168] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.168] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc97, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc97, lpOverlapped=0x0) returned 1 [0243.208] malloc (_Size=0x8c) returned 0x1d1338 [0243.209] malloc (_Size=0xfc) returned 0x31d74c8 [0243.209] malloc (_Size=0x40) returned 0x1d14e8 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] malloc (_Size=0xa5c) returned 0x31e40b0 [0243.209] malloc (_Size=0x40) returned 0x1d7470 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.209] GetCurrentThreadId () returned 0x1130 [0243.210] GetCurrentThreadId () returned 0x1130 [0243.210] GetCurrentThreadId () returned 0x1130 [0243.210] GetCurrentThreadId () returned 0x1130 [0243.210] GetCurrentThreadId () returned 0x1130 [0243.210] malloc (_Size=0xc) returned 0x31e1e20 [0243.210] malloc (_Size=0x720) returned 0x31d2860 [0243.210] malloc (_Size=0xe3c) returned 0x1d9aa8 [0243.210] free (_Block=0x31d2860) [0243.210] malloc (_Size=0x15ac) returned 0x1da8f0 [0243.211] free (_Block=0x1d9aa8) [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] free (_Block=0x31e40b0) [0243.211] free (_Block=0x1d14e8) [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.211] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] GetCurrentThreadId () returned 0x1130 [0243.212] free (_Block=0x1da8f0) [0243.212] free (_Block=0x31e1e20) [0243.212] free (_Block=0x1d7470) [0243.213] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x1130, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1130, lpOverlapped=0x0) returned 1 [0243.214] free (_Block=0x31d74c8) [0243.215] free (_Block=0x1d1338) [0243.215] CloseHandle (hObject=0x2b4) returned 1 [0243.215] CloseHandle (hObject=0x404) returned 1 [0243.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0243.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0243.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0243.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0243.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0243.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0243.216] SetLastError (dwErrCode=0x0) [0243.216] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", lpFilePart=0x19f9f8*="03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml") returned 0x62 [0243.216] GetLastError () returned 0x0 [0243.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0243.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0243.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0243.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0243.216] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.216] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml")) returned 1 [0243.218] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x13, wMilliseconds=0xb9)) [0243.218] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0243.218] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.218] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0243.218] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.218] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0243.218] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.218] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0243.218] CloseHandle (hObject=0x404) returned 1 [0243.218] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml]omgp:[EMMfyBd\"+zt9mioxM@_p!_@s4-D,X+l@>\\t@lAeP]", cchWideChar=94, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 94 [0243.218] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml]omgp:[EMMfyBd\"+zt9mioxM@_p!_@s4-D,X+l@>\\t@lAeP]", cchWideChar=94, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 94 [0243.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml]omgp:[EMMfyBd\"+zt9mioxM@_p!_@s4-D,X+l@>\\t@lAeP]", cchWideChar=94, lpMultiByteStr=0x24203a8, cbMultiByte=94, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml]omgp:[EMMfyBd\"+zt9mioxM@_p!_@s4-D,X+l@>\\t@lAeP]", lpUsedDefaultChar=0x0) returned 94 [0243.230] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0243.230] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA=") returned 172 [0243.230] GetCurrentThreadId () returned 0x1130 [0243.230] GetCurrentThreadId () returned 0x1130 [0243.230] GetCurrentThreadId () returned 0x1130 [0243.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.230] SetLastError (dwErrCode=0x0) [0243.230] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320") returned 0x85 [0243.230] GetLastError () returned 0x0 [0243.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.230] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.230] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.231] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].wannacash ncov v310320")) returned 0x20 [0243.231] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [503].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.231] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0243.231] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.231] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1130 [0243.231] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.231] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0243.231] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.232] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.232] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.232] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.232] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.232] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.232] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.232] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3") returned 197 [0243.232] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.232] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3") returned 197 [0243.232] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1130 [0243.232] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.232] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.232] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YtO0hXrKiKV+v0Y0z3S6JuU30wOnCC+q9LXyecWfqRKz11qqlmtsXl8CGhlB050atXR9Swayjmr9JytNkFuSAyZr4enaWPbZIzQ8AmzlE0aVnynVqQUeadonmgrR+XwNlAYomieJS/95YhzZB0JWO14YSVI0QYaP5L8E3yjZQoA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.232] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0243.232] CloseHandle (hObject=0x404) returned 1 [0243.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0243.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0243.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0243.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0243.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0243.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0243.233] SetLastError (dwErrCode=0x0) [0243.233] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", lpFilePart=0x19fa34*="03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml") returned 0x62 [0243.233] GetLastError () returned 0x0 [0243.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0243.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0243.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=8) returned 1 [0243.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml", cchCount2=4) returned 1 [0243.233] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.233] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml")) returned 0 [0243.233] GetLastError () returned 0x2 [0243.233] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml")) returned 0xffffffff [0243.234] SetLastError (dwErrCode=0x2) [0243.234] GetLastError () returned 0x2 [0243.234] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0243.234] LocalFree (hMem=0x92fe20) returned 0x0 [0243.234] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0243.234] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0243.234] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml")) returned 0x20 [0243.234] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33814064470) returned 1 [0243.235] GetCurrentThreadId () returned 0x1130 [0243.235] GetCurrentThreadId () returned 0x1130 [0243.235] GetCurrentThreadId () returned 0x1130 [0243.235] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gn?P>U%pS/lPQX^MOWgq$\"9ivtRw:UHa", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0243.235] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gn?P>U%pS/lPQX^MOWgq$\"9ivtRw:UHa", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0243.235] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Gn?P>U%pS/lPQX^MOWgq$\"9ivtRw:UHa", cchWideChar=32, lpMultiByteStr=0x250f7b8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Gn?P>U%pS/lPQX^MOWgq$\"9ivtRw:UHa", lpUsedDefaultChar=0x0) returned 32 [0243.235] GetCurrentThreadId () returned 0x1130 [0243.235] GetCurrentThreadId () returned 0x1130 [0243.235] GetCurrentThreadId () returned 0x1130 [0243.235] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.235] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0243.235] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] malloc (_Size=0x64) returned 0x1d1338 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] GetCurrentThreadId () returned 0x1130 [0243.236] free (_Block=0x1d1338) [0243.236] malloc (_Size=0x60) returned 0x1d1338 [0243.237] free (_Block=0x1d1338) [0243.237] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.237] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc81 [0243.237] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.237] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.237] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc81 [0243.237] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.237] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc81, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc81, lpOverlapped=0x0) returned 1 [0243.288] malloc (_Size=0x8c) returned 0x1d1338 [0243.289] malloc (_Size=0xfc) returned 0x31d73c0 [0243.289] malloc (_Size=0x40) returned 0x1d14e8 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] malloc (_Size=0xa5c) returned 0x31e40b0 [0243.289] malloc (_Size=0x40) returned 0x1d7470 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.289] GetCurrentThreadId () returned 0x1130 [0243.290] GetCurrentThreadId () returned 0x1130 [0243.290] GetCurrentThreadId () returned 0x1130 [0243.290] GetCurrentThreadId () returned 0x1130 [0243.290] GetCurrentThreadId () returned 0x1130 [0243.290] GetCurrentThreadId () returned 0x1130 [0243.290] malloc (_Size=0xc) returned 0x31e1d18 [0243.290] malloc (_Size=0x720) returned 0x31d2860 [0243.290] malloc (_Size=0xe3c) returned 0x1d9aa8 [0243.290] free (_Block=0x31d2860) [0243.290] malloc (_Size=0x15ac) returned 0x1da8f0 [0243.291] free (_Block=0x1d9aa8) [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] free (_Block=0x31e40b0) [0243.291] free (_Block=0x1d14e8) [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.291] GetCurrentThreadId () returned 0x1130 [0243.292] GetCurrentThreadId () returned 0x1130 [0243.292] GetCurrentThreadId () returned 0x1130 [0243.292] GetCurrentThreadId () returned 0x1130 [0243.292] GetCurrentThreadId () returned 0x1130 [0243.292] GetCurrentThreadId () returned 0x1130 [0243.292] GetCurrentThreadId () returned 0x1130 [0243.292] GetCurrentThreadId () returned 0x1130 [0243.292] GetCurrentThreadId () returned 0x1130 [0243.292] GetCurrentThreadId () returned 0x1130 [0243.293] GetCurrentThreadId () returned 0x1130 [0243.293] GetCurrentThreadId () returned 0x1130 [0243.293] GetCurrentThreadId () returned 0x1130 [0243.293] GetCurrentThreadId () returned 0x1130 [0243.293] GetCurrentThreadId () returned 0x1130 [0243.293] free (_Block=0x1da8f0) [0243.294] free (_Block=0x31e1d18) [0243.294] free (_Block=0x1d7470) [0243.294] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x111c, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x111c, lpOverlapped=0x0) returned 1 [0243.295] free (_Block=0x31d73c0) [0243.295] free (_Block=0x1d1338) [0243.295] CloseHandle (hObject=0x2b4) returned 1 [0243.296] CloseHandle (hObject=0x404) returned 1 [0243.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0243.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0243.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0243.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0243.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0243.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0243.296] SetLastError (dwErrCode=0x0) [0243.296] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", lpFilePart=0x19f9f8*="0890ad2f-b74f-c384-f684-9c33f8f67924.xml") returned 0x62 [0243.296] GetLastError () returned 0x0 [0243.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0243.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0243.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0243.297] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0243.297] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.297] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml")) returned 1 [0243.298] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x13, wMilliseconds=0x107)) [0243.298] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0243.298] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.298] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0243.299] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.299] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0243.299] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.309] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0243.309] CloseHandle (hObject=0x404) returned 1 [0243.309] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0890ad2f-b74f-c384-f684-9c33f8f67924.xml]omgp:[Gn?P>U%pS/lPQX^MOWgq$\"9ivtRw:UHa]", cchWideChar=86, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 86 [0243.309] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0890ad2f-b74f-c384-f684-9c33f8f67924.xml]omgp:[Gn?P>U%pS/lPQX^MOWgq$\"9ivtRw:UHa]", cchWideChar=86, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 86 [0243.309] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0890ad2f-b74f-c384-f684-9c33f8f67924.xml]omgp:[Gn?P>U%pS/lPQX^MOWgq$\"9ivtRw:UHa]", cchWideChar=86, lpMultiByteStr=0x253b0b0, cbMultiByte=86, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[0890ad2f-b74f-c384-f684-9c33f8f67924.xml]omgp:[Gn?P>U%pS/lPQX^MOWgq$\"9ivtRw:UHa]", lpUsedDefaultChar=0x0) returned 86 [0243.317] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0243.317] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0=") returned 172 [0243.317] GetCurrentThreadId () returned 0x1130 [0243.317] GetCurrentThreadId () returned 0x1130 [0243.317] GetCurrentThreadId () returned 0x1130 [0243.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.318] SetLastError (dwErrCode=0x0) [0243.318] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320") returned 0x85 [0243.318] GetLastError () returned 0x0 [0243.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.318] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.318] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].wannacash ncov v310320")) returned 0x20 [0243.318] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [504].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.318] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0243.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x111c [0243.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.319] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0243.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.319] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.319] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3") returned 197 [0243.319] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.319] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3") returned 197 [0243.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x111c [0243.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:sAbSI5Ozea81CSV3uJ9B6iqBjsPx1AHa/5XQtmrmQ3sm5PwaHgjYQSxf15V0+Fm4nrKI1HOrryYpVqHRani9179W9M4hmvGk4fvtiJ6wPgE1DthOaVx8e63kjB2wEB5gRkotX9PpRGPWSmRG0NoKcfZ8LuxNe8nkYedkEX67IB0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.319] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0243.320] CloseHandle (hObject=0x404) returned 1 [0243.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0243.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0243.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0243.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0243.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0243.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0243.320] SetLastError (dwErrCode=0x0) [0243.320] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", lpFilePart=0x19fa34*="0890ad2f-b74f-c384-f684-9c33f8f67924.xml") returned 0x62 [0243.320] GetLastError () returned 0x0 [0243.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0243.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0243.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=8) returned 1 [0243.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml", cchCount2=4) returned 1 [0243.320] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.320] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml")) returned 0 [0243.320] GetLastError () returned 0x2 [0243.320] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\0890ad2f-b74f-c384-f684-9c33f8f67924.xml")) returned 0xffffffff [0243.321] SetLastError (dwErrCode=0x2) [0243.321] GetLastError () returned 0x2 [0243.321] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0243.321] LocalFree (hMem=0x92fe20) returned 0x0 [0243.321] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0243.321] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0243.321] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml")) returned 0x20 [0243.321] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33822745069) returned 1 [0243.321] GetCurrentThreadId () returned 0x1130 [0243.321] GetCurrentThreadId () returned 0x1130 [0243.321] GetCurrentThreadId () returned 0x1130 [0243.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"&Q=;4)v3Mvu%PlRWmuI~w+q=!wYc", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0243.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"&Q=;4)v3Mvu%PlRWmuI~w+q=!wYc", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0243.322] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"&Q=;4)v3Mvu%PlRWmuI~w+q=!wYc", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"&Q=;4)v3Mvu%PlRWmuI~w+q=!wYc", lpUsedDefaultChar=0x0) returned 29 [0243.322] GetCurrentThreadId () returned 0x1130 [0243.322] GetCurrentThreadId () returned 0x1130 [0243.322] GetCurrentThreadId () returned 0x1130 [0243.322] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.322] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0243.326] GetCurrentThreadId () returned 0x1130 [0243.326] GetCurrentThreadId () returned 0x1130 [0243.326] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] malloc (_Size=0x64) returned 0x1d1338 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] GetCurrentThreadId () returned 0x1130 [0243.327] free (_Block=0x1d1338) [0243.327] malloc (_Size=0x60) returned 0x1d1338 [0243.327] free (_Block=0x1d1338) [0243.327] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.327] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xaea [0243.327] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.328] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.328] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xaea [0243.328] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.328] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xaea, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xaea, lpOverlapped=0x0) returned 1 [0243.329] malloc (_Size=0x8c) returned 0x1d1338 [0243.330] malloc (_Size=0xfc) returned 0x31d71b0 [0243.330] malloc (_Size=0x40) returned 0x1d14e8 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] malloc (_Size=0xa5c) returned 0x31e40b0 [0243.330] malloc (_Size=0x40) returned 0x1d7470 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] GetCurrentThreadId () returned 0x1130 [0243.330] malloc (_Size=0xc) returned 0x31e1ca0 [0243.330] malloc (_Size=0x720) returned 0x31d2860 [0243.330] malloc (_Size=0xe3c) returned 0x1d9aa8 [0243.331] free (_Block=0x31d2860) [0243.331] malloc (_Size=0x13a4) returned 0x1da8f0 [0243.331] free (_Block=0x1d9aa8) [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.331] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] free (_Block=0x31e40b0) [0243.332] free (_Block=0x1d14e8) [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] GetCurrentThreadId () returned 0x1130 [0243.332] free (_Block=0x1da8f0) [0243.333] free (_Block=0x31e1ca0) [0243.333] free (_Block=0x1d7470) [0243.333] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xee7, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xee7, lpOverlapped=0x0) returned 1 [0243.352] free (_Block=0x31d71b0) [0243.352] free (_Block=0x1d1338) [0243.352] CloseHandle (hObject=0x2b4) returned 1 [0243.353] CloseHandle (hObject=0x404) returned 1 [0243.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0243.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0243.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0243.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0243.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0243.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0243.353] SetLastError (dwErrCode=0x0) [0243.353] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", lpFilePart=0x19f9f8*="08961e67-fd90-a888-a0c1-ffdc19a3386f.xml") returned 0x62 [0243.353] GetLastError () returned 0x0 [0243.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0243.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0243.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0243.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0243.353] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.353] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml")) returned 1 [0243.355] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x13, wMilliseconds=0x145)) [0243.355] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0243.355] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0243.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0243.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.355] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0243.356] CloseHandle (hObject=0x404) returned 1 [0243.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[08961e67-fd90-a888-a0c1-ffdc19a3386f.xml]omgp:[\"&Q=;4)v3Mvu%PlRWmuI~w+q=!wYc]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0243.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[08961e67-fd90-a888-a0c1-ffdc19a3386f.xml]omgp:[\"&Q=;4)v3Mvu%PlRWmuI~w+q=!wYc]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0243.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[08961e67-fd90-a888-a0c1-ffdc19a3386f.xml]omgp:[\"&Q=;4)v3Mvu%PlRWmuI~w+q=!wYc]", cchWideChar=83, lpMultiByteStr=0x251e0e8, cbMultiByte=83, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[08961e67-fd90-a888-a0c1-ffdc19a3386f.xml]omgp:[\"&Q=;4)v3Mvu%PlRWmuI~w+q=!wYc]", lpUsedDefaultChar=0x0) returned 83 [0243.362] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0243.362] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8=") returned 172 [0243.362] GetCurrentThreadId () returned 0x1130 [0243.362] GetCurrentThreadId () returned 0x1130 [0243.362] GetCurrentThreadId () returned 0x1130 [0243.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.363] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.363] SetLastError (dwErrCode=0x0) [0243.363] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320") returned 0x85 [0243.363] GetLastError () returned 0x0 [0243.363] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.363] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.363] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.363] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.363] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.363] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].wannacash ncov v310320")) returned 0x20 [0243.363] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [505].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.363] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0243.363] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.363] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xee7 [0243.363] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.363] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0243.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.364] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.364] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.364] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.364] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.364] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3") returned 197 [0243.364] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.364] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3") returned 197 [0243.364] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xee7 [0243.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:9e0KstNOJmnEThIBjwkpjfWwsgtmaXwSrQqc279MJPy78pbdhKOJXv3KITsm4sGUho6KH5dTTMM5uEISGuXOYnNjrNrwTm9lj/cuO0JEocMe4wO1epmLTsaOu2ChLpkOYuwdED32fXaIqpg+NGNQup5XKV1D+6I8H2Sb371/Ky8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.364] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0243.364] CloseHandle (hObject=0x404) returned 1 [0243.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0243.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0243.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0243.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0243.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0243.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0243.365] SetLastError (dwErrCode=0x0) [0243.365] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", lpFilePart=0x19fa34*="08961e67-fd90-a888-a0c1-ffdc19a3386f.xml") returned 0x62 [0243.365] GetLastError () returned 0x0 [0243.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0243.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0243.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=8) returned 1 [0243.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml", cchCount2=4) returned 1 [0243.365] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.365] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml")) returned 0 [0243.365] GetLastError () returned 0x2 [0243.365] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\08961e67-fd90-a888-a0c1-ffdc19a3386f.xml")) returned 0xffffffff [0243.365] SetLastError (dwErrCode=0x2) [0243.365] GetLastError () returned 0x2 [0243.365] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0243.365] LocalFree (hMem=0x92fe20) returned 0x0 [0243.365] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0243.366] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0243.366] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml")) returned 0x20 [0243.366] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33827208576) returned 1 [0243.366] GetCurrentThreadId () returned 0x1130 [0243.366] GetCurrentThreadId () returned 0x1130 [0243.366] GetCurrentThreadId () returned 0x1130 [0243.366] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&xDpQQ<;U", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0243.366] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&xDpQQ<;U", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0243.366] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&xDpQQ<;U", cchWideChar=26, lpMultiByteStr=0x2508f38, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="&xDpQQ<;U\x01", lpUsedDefaultChar=0x0) returned 28 [0243.366] GetCurrentThreadId () returned 0x1130 [0243.366] GetCurrentThreadId () returned 0x1130 [0243.366] GetCurrentThreadId () returned 0x1130 [0243.366] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.366] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] malloc (_Size=0x64) returned 0x1d1338 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] GetCurrentThreadId () returned 0x1130 [0243.367] free (_Block=0x1d1338) [0243.368] malloc (_Size=0x60) returned 0x1d1338 [0243.368] free (_Block=0x1d1338) [0243.368] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.368] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa46 [0243.368] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.368] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.368] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa46 [0243.368] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.368] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xa46, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xa46, lpOverlapped=0x0) returned 1 [0243.371] malloc (_Size=0x8c) returned 0x1d1338 [0243.371] malloc (_Size=0xfc) returned 0x31d75d0 [0243.372] malloc (_Size=0x40) returned 0x1d14e8 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] malloc (_Size=0xa5c) returned 0x31e40b0 [0243.372] malloc (_Size=0x40) returned 0x1d7470 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] GetCurrentThreadId () returned 0x1130 [0243.372] malloc (_Size=0xc) returned 0x31e1ca0 [0243.373] malloc (_Size=0x720) returned 0x31d2860 [0243.373] malloc (_Size=0xe3c) returned 0x1d9aa8 [0243.373] free (_Block=0x31d2860) [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.373] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] free (_Block=0x31e40b0) [0243.374] free (_Block=0x1d14e8) [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] GetCurrentThreadId () returned 0x1130 [0243.374] free (_Block=0x1d9aa8) [0243.374] free (_Block=0x31e1ca0) [0243.374] free (_Block=0x1d7470) [0243.374] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xe10, lpOverlapped=0x0) returned 1 [0243.375] free (_Block=0x31d75d0) [0243.375] free (_Block=0x1d1338) [0243.375] CloseHandle (hObject=0x2b4) returned 1 [0243.376] CloseHandle (hObject=0x404) returned 1 [0243.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0243.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0243.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0243.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0243.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0243.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0243.376] SetLastError (dwErrCode=0x0) [0243.376] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", lpFilePart=0x19f9f8*="0a8c1492-65ca-6a01-de25-0e183559d10d.xml") returned 0x62 [0243.376] GetLastError () returned 0x0 [0243.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0243.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0243.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0243.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0243.376] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.376] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml")) returned 1 [0243.378] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x13, wMilliseconds=0x155)) [0243.378] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0243.378] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.378] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0243.378] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.378] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0243.378] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.378] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0243.378] CloseHandle (hObject=0x404) returned 1 [0243.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0a8c1492-65ca-6a01-de25-0e183559d10d.xml]omgp:[&xDpQQ<;U]", cchWideChar=80, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 80 [0243.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0a8c1492-65ca-6a01-de25-0e183559d10d.xml]omgp:[&xDpQQ<;U]", cchWideChar=80, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 80 [0243.378] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0a8c1492-65ca-6a01-de25-0e183559d10d.xml]omgp:[&xDpQQ<;U]", cchWideChar=80, lpMultiByteStr=0x251e148, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[0a8c1492-65ca-6a01-de25-0e183559d10d.xml]omgp:[&xDpQQ<;U]", lpUsedDefaultChar=0x0) returned 80 [0243.384] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0243.384] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs=") returned 172 [0243.384] GetCurrentThreadId () returned 0x1130 [0243.384] GetCurrentThreadId () returned 0x1130 [0243.384] GetCurrentThreadId () returned 0x1130 [0243.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.385] SetLastError (dwErrCode=0x0) [0243.385] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320") returned 0x85 [0243.385] GetLastError () returned 0x0 [0243.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.385] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.385] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].wannacash ncov v310320")) returned 0x20 [0243.385] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [506].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.385] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0243.385] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.385] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xe10 [0243.385] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.385] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0243.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.386] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.386] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.386] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.395] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.395] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3") returned 197 [0243.395] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.395] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3") returned 197 [0243.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xe10 [0243.395] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.395] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.395] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:KjBn4G9bPSn4GtJLVKD+39n73M8orJhkN5S6Go0uzRapGqnCGHaeDo6DUW/eS50e3UhSrJsO+gnYmL2PBBshJgxWxfrCMTiFdk5pSM2aXgP8A504pEO8oz94kAmZdat8qpoNlwpmkaMl/fFCpG9dMJStpWii3UGjqQ4p1k5smRs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.396] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0243.396] CloseHandle (hObject=0x404) returned 1 [0243.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0243.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0243.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0243.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0243.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0243.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0243.396] SetLastError (dwErrCode=0x0) [0243.396] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", lpFilePart=0x19fa34*="0a8c1492-65ca-6a01-de25-0e183559d10d.xml") returned 0x62 [0243.396] GetLastError () returned 0x0 [0243.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0243.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0243.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=8) returned 1 [0243.396] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml", cchCount2=4) returned 1 [0243.396] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.396] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml")) returned 0 [0243.397] GetLastError () returned 0x2 [0243.397] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\0a8c1492-65ca-6a01-de25-0e183559d10d.xml")) returned 0xffffffff [0243.397] SetLastError (dwErrCode=0x2) [0243.397] GetLastError () returned 0x2 [0243.397] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0243.397] LocalFree (hMem=0x92fe20) returned 0x0 [0243.397] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0243.397] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0243.397] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\0cb4ef12-226b-0a51-6930-2dbfb63f3e7d.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\0cb4ef12-226b-0a51-6930-2dbfb63f3e7d.xml")) returned 0x20 [0243.397] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33830351884) returned 1 [0243.397] GetCurrentThreadId () returned 0x1130 [0243.397] GetCurrentThreadId () returned 0x1130 [0243.397] GetCurrentThreadId () returned 0x1130 [0243.398] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9O%375xp}8uH2sN/?r-XRfxadlE%E!5X", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0243.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nU7\"`$2№X,(SHe,uV;p>2sN/?r-XRfxadlE%E!5X", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0243.459] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nU7\"`$2№X,(SHe,uV;p>2sN/?r-XRfxadlE%E!5X", cchWideChar=40, lpMultiByteStr=0x2525040, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nU7\"`$2â\x84\x96X,(SHe,uV;p>2sN/?r-XRfxadlE%E!5X", lpUsedDefaultChar=0x0) returned 42 [0243.459] GetCurrentThreadId () returned 0x1130 [0243.459] GetCurrentThreadId () returned 0x1130 [0243.459] GetCurrentThreadId () returned 0x1130 [0243.459] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.459] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] malloc (_Size=0x64) returned 0x1d1338 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] GetCurrentThreadId () returned 0x1130 [0243.461] free (_Block=0x1d1338) [0243.461] malloc (_Size=0x60) returned 0x1d1338 [0243.461] free (_Block=0x1d1338) [0243.461] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.462] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xdd8 [0243.462] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.462] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.462] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xdd8 [0243.462] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.462] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xdd8, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xdd8, lpOverlapped=0x0) returned 1 [0243.463] malloc (_Size=0x8c) returned 0x1d1338 [0243.464] malloc (_Size=0xfc) returned 0x31d77e0 [0243.464] malloc (_Size=0x40) returned 0x1d14e8 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] malloc (_Size=0xa5c) returned 0x31e40b0 [0243.464] malloc (_Size=0x40) returned 0x1d7470 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.464] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] malloc (_Size=0xc) returned 0x31e1dc0 [0243.465] malloc (_Size=0x720) returned 0x31d2860 [0243.465] malloc (_Size=0xe3c) returned 0x1d9aa8 [0243.465] free (_Block=0x31d2860) [0243.465] malloc (_Size=0x15ac) returned 0x1da8f0 [0243.465] free (_Block=0x1d9aa8) [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] GetCurrentThreadId () returned 0x1130 [0243.465] free (_Block=0x31e40b0) [0243.465] free (_Block=0x1d14e8) [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] GetCurrentThreadId () returned 0x1130 [0243.466] free (_Block=0x1da8f0) [0243.466] free (_Block=0x31e1dc0) [0243.466] free (_Block=0x1d7470) [0243.466] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b75d8*, nNumberOfBytesToWrite=0x12e3, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b75d8*, lpNumberOfBytesWritten=0x19fbbc*=0x12e3, lpOverlapped=0x0) returned 1 [0243.467] free (_Block=0x31d77e0) [0243.467] free (_Block=0x1d1338) [0243.467] CloseHandle (hObject=0x2b4) returned 1 [0243.467] CloseHandle (hObject=0x404) returned 1 [0243.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0243.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0243.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0243.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0243.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0243.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0243.467] SetLastError (dwErrCode=0x0) [0243.467] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", lpFilePart=0x19f9f8*="1659a225-428e-84f0-ba52-5fb2b85d55b3.xml") returned 0x62 [0243.467] GetLastError () returned 0x0 [0243.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0243.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0243.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0243.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0243.467] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.468] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml")) returned 1 [0243.469] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x13, wMilliseconds=0x1b3)) [0243.469] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0243.469] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.469] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0243.469] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.469] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0243.469] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.469] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0243.469] CloseHandle (hObject=0x404) returned 1 [0243.469] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1659a225-428e-84f0-ba52-5fb2b85d55b3.xml]omgp:[nU7\"`$2№X,(SHe,uV;p>2sN/?r-XRfxadlE%E!5X]", cchWideChar=94, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 94 [0243.469] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1659a225-428e-84f0-ba52-5fb2b85d55b3.xml]omgp:[nU7\"`$2№X,(SHe,uV;p>2sN/?r-XRfxadlE%E!5X]", cchWideChar=94, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 94 [0243.469] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1659a225-428e-84f0-ba52-5fb2b85d55b3.xml]omgp:[nU7\"`$2№X,(SHe,uV;p>2sN/?r-XRfxadlE%E!5X]", cchWideChar=94, lpMultiByteStr=0x24203a8, cbMultiByte=94, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[1659a225-428e-84f0-ba52-5fb2b85d55b3.xml]omgp:[nU7\"`$2?X,(SHe,uV;p>2sN/?r-XRfxadlE%E!5X]", lpUsedDefaultChar=0x0) returned 94 [0243.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0243.476] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs=") returned 172 [0243.476] GetCurrentThreadId () returned 0x1130 [0243.476] GetCurrentThreadId () returned 0x1130 [0243.476] GetCurrentThreadId () returned 0x1130 [0243.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.476] SetLastError (dwErrCode=0x0) [0243.476] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320") returned 0x85 [0243.476] GetLastError () returned 0x0 [0243.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.476] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.476] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].wannacash ncov v310320")) returned 0x20 [0243.477] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [509].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.477] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0243.477] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.477] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x12e3 [0243.477] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.477] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0243.477] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.477] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.477] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.477] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.477] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.477] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.477] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.477] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3") returned 197 [0243.477] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.477] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3") returned 197 [0243.477] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x12e3 [0243.477] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.477] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.477] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ARjhMYW+r3DKmg3TM3MW5phNHz0i/6xiGOkxtQUO12MA0HjvZnYtxQfJJESUeD9KRPPF6PGvnq28aiT6W4KeZ1CkqoBF+kV0Hz3UUx/zej8zlQ69Y59XF0/EFydyFCn5deT3RK4xAzeZ0xEvnBnXgiQFsqm/LtmRVCDVg9wmnjs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.477] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0243.478] CloseHandle (hObject=0x404) returned 1 [0243.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0243.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0243.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0243.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0243.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0243.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0243.478] SetLastError (dwErrCode=0x0) [0243.478] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", lpFilePart=0x19fa34*="1659a225-428e-84f0-ba52-5fb2b85d55b3.xml") returned 0x62 [0243.478] GetLastError () returned 0x0 [0243.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0243.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0243.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=8) returned 1 [0243.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml", cchCount2=4) returned 1 [0243.478] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.478] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml")) returned 0 [0243.478] GetLastError () returned 0x2 [0243.478] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1659a225-428e-84f0-ba52-5fb2b85d55b3.xml")) returned 0xffffffff [0243.478] SetLastError (dwErrCode=0x2) [0243.478] GetLastError () returned 0x2 [0243.479] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0243.479] LocalFree (hMem=0x92fe20) returned 0x0 [0243.479] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0243.479] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0243.479] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml")) returned 0x20 [0243.479] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33838530438) returned 1 [0243.479] GetCurrentThreadId () returned 0x1130 [0243.479] GetCurrentThreadId () returned 0x1130 [0243.479] GetCurrentThreadId () returned 0x1130 [0243.479] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9hi\\U,|(r,pLL9u!YcpZZweqAVJ+n", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0243.479] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9hi\\U,|(r,pLL9u!YcpZZweqAVJ+n", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0243.479] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9hi\\U,|(r,pLL9u!YcpZZweqAVJ+n", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9hi\\U,|(r,pLL9u!YcpZZweqAVJ+n", lpUsedDefaultChar=0x0) returned 29 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.480] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.480] GetCurrentThreadId () returned 0x1130 [0243.481] malloc (_Size=0x64) returned 0x1d1338 [0243.481] GetCurrentThreadId () returned 0x1130 [0243.481] GetCurrentThreadId () returned 0x1130 [0243.481] GetCurrentThreadId () returned 0x1130 [0243.481] GetCurrentThreadId () returned 0x1130 [0243.481] GetCurrentThreadId () returned 0x1130 [0243.481] GetCurrentThreadId () returned 0x1130 [0243.481] free (_Block=0x1d1338) [0243.481] malloc (_Size=0x60) returned 0x1d1338 [0243.481] free (_Block=0x1d1338) [0243.481] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.481] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc76 [0243.481] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.481] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.481] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc76 [0243.481] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.481] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc76, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc76, lpOverlapped=0x0) returned 1 [0243.492] malloc (_Size=0x8c) returned 0x1d1338 [0243.492] malloc (_Size=0xfc) returned 0x31d73c0 [0243.492] malloc (_Size=0x40) returned 0x1d14e8 [0243.492] GetCurrentThreadId () returned 0x1130 [0243.492] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] malloc (_Size=0xa5c) returned 0x31e40b0 [0243.493] malloc (_Size=0x40) returned 0x1d7470 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] GetCurrentThreadId () returned 0x1130 [0243.493] malloc (_Size=0xc) returned 0x31e1ca0 [0243.493] malloc (_Size=0x720) returned 0x31d2860 [0243.493] malloc (_Size=0xe3c) returned 0x1d9aa8 [0243.493] free (_Block=0x31d2860) [0243.493] malloc (_Size=0x15ac) returned 0x1da8f0 [0243.494] free (_Block=0x1d9aa8) [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] free (_Block=0x31e40b0) [0243.494] free (_Block=0x1d14e8) [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.494] GetCurrentThreadId () returned 0x1130 [0243.495] GetCurrentThreadId () returned 0x1130 [0243.495] GetCurrentThreadId () returned 0x1130 [0243.495] GetCurrentThreadId () returned 0x1130 [0243.495] GetCurrentThreadId () returned 0x1130 [0243.495] GetCurrentThreadId () returned 0x1130 [0243.495] GetCurrentThreadId () returned 0x1130 [0243.495] GetCurrentThreadId () returned 0x1130 [0243.495] free (_Block=0x1da8f0) [0243.495] free (_Block=0x31e1ca0) [0243.495] free (_Block=0x1d7470) [0243.495] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x1103, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1103, lpOverlapped=0x0) returned 1 [0243.497] free (_Block=0x31d73c0) [0243.497] free (_Block=0x1d1338) [0243.497] CloseHandle (hObject=0x2b4) returned 1 [0243.497] CloseHandle (hObject=0x404) returned 1 [0243.497] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0243.497] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0243.497] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0243.497] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0243.497] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0243.497] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0243.497] SetLastError (dwErrCode=0x0) [0243.498] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", lpFilePart=0x19f9f8*="1dae14df-4c42-28af-691e-10cc07a990b4.xml") returned 0x62 [0243.498] GetLastError () returned 0x0 [0243.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0243.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0243.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0243.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0243.498] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.498] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml")) returned 1 [0243.499] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x13, wMilliseconds=0x1d2)) [0243.499] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0243.499] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.499] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0243.499] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.499] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0243.499] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.499] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0243.499] CloseHandle (hObject=0x404) returned 1 [0243.500] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1dae14df-4c42-28af-691e-10cc07a990b4.xml]omgp:[9hi\\U,|(r,pLL9u!YcpZZweqAVJ+n]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0243.500] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1dae14df-4c42-28af-691e-10cc07a990b4.xml]omgp:[9hi\\U,|(r,pLL9u!YcpZZweqAVJ+n]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0243.500] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1dae14df-4c42-28af-691e-10cc07a990b4.xml]omgp:[9hi\\U,|(r,pLL9u!YcpZZweqAVJ+n]", cchWideChar=83, lpMultiByteStr=0x251e148, cbMultiByte=83, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[1dae14df-4c42-28af-691e-10cc07a990b4.xml]omgp:[9hi\\U,|(r,pLL9u!YcpZZweqAVJ+n]", lpUsedDefaultChar=0x0) returned 83 [0243.506] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0243.506] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w=") returned 172 [0243.506] GetCurrentThreadId () returned 0x1130 [0243.506] GetCurrentThreadId () returned 0x1130 [0243.506] GetCurrentThreadId () returned 0x1130 [0243.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.506] SetLastError (dwErrCode=0x0) [0243.506] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320") returned 0x85 [0243.506] GetLastError () returned 0x0 [0243.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.506] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.506] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].wannacash ncov v310320")) returned 0x20 [0243.506] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [510].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.507] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0243.507] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.507] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1103 [0243.507] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.507] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0243.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.507] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.507] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3") returned 197 [0243.507] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.507] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3") returned 197 [0243.507] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1103 [0243.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:477+sglJt0v0PFP9T4xfpytpQ5pF+QQqGOnvVIK5uf/d2VLeLmICIlsA1UV8tUfcJQX/Ekpud7G7yA1cs2I2vEhx/3nPBNP7pRY0M5XUOmpXmDZ/APgp1Qg/8AHfiyD1wEo72244/2KP4jeDglLzBoWH2ScPJabQk2I2M2/240w= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.507] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0243.508] CloseHandle (hObject=0x404) returned 1 [0243.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0243.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0243.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0243.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0243.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0243.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0243.508] SetLastError (dwErrCode=0x0) [0243.508] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", lpFilePart=0x19fa34*="1dae14df-4c42-28af-691e-10cc07a990b4.xml") returned 0x62 [0243.508] GetLastError () returned 0x0 [0243.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0243.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0243.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=8) returned 1 [0243.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml", cchCount2=4) returned 1 [0243.508] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.508] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml")) returned 0 [0243.508] GetLastError () returned 0x2 [0243.508] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1dae14df-4c42-28af-691e-10cc07a990b4.xml")) returned 0xffffffff [0243.508] SetLastError (dwErrCode=0x2) [0243.509] GetLastError () returned 0x2 [0243.509] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0243.509] LocalFree (hMem=0x92fe20) returned 0x0 [0243.509] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0243.509] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0243.509] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml")) returned 0x20 [0243.519] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33842561038) returned 1 [0243.520] GetCurrentThreadId () returned 0x1130 [0243.520] GetCurrentThreadId () returned 0x1130 [0243.520] GetCurrentThreadId () returned 0x1130 [0243.520] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="v4y1#L1qp-1&)zADTt*:@QS{vLPVEkb1ZH/YN,7OaaEo", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0243.520] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="v4y1#L1qp-1&)zADTt*:@QS{vLPVEkb1ZH/YN,7OaaEo", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0243.520] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="v4y1#L1qp-1&)zADTt*:@QS{vLPVEkb1ZH/YN,7OaaEo", cchWideChar=44, lpMultiByteStr=0x2525040, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="v4y1#L1qp-1&)zADTt*:@QS{vLPVEkb1ZH/YN,7OaaEo©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 44 [0243.520] GetCurrentThreadId () returned 0x1130 [0243.520] GetCurrentThreadId () returned 0x1130 [0243.520] GetCurrentThreadId () returned 0x1130 [0243.520] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.520] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0243.520] GetCurrentThreadId () returned 0x1130 [0243.520] GetCurrentThreadId () returned 0x1130 [0243.520] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] malloc (_Size=0x64) returned 0x1d1338 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] GetCurrentThreadId () returned 0x1130 [0243.521] free (_Block=0x1d1338) [0243.521] malloc (_Size=0x60) returned 0x1d1338 [0243.521] free (_Block=0x1d1338) [0243.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa4a [0243.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.522] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa4a [0243.522] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.522] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xa4a, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xa4a, lpOverlapped=0x0) returned 1 [0243.523] malloc (_Size=0x8c) returned 0x1d1338 [0243.523] malloc (_Size=0xfc) returned 0x31d72b8 [0243.523] malloc (_Size=0x40) returned 0x1d14e8 [0243.523] GetCurrentThreadId () returned 0x1130 [0243.523] GetCurrentThreadId () returned 0x1130 [0243.523] GetCurrentThreadId () returned 0x1130 [0243.523] GetCurrentThreadId () returned 0x1130 [0243.523] GetCurrentThreadId () returned 0x1130 [0243.523] GetCurrentThreadId () returned 0x1130 [0243.523] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] malloc (_Size=0xa5c) returned 0x31e40b0 [0243.524] malloc (_Size=0x40) returned 0x1d7470 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] malloc (_Size=0xc) returned 0x31e1d18 [0243.524] malloc (_Size=0x720) returned 0x31d2860 [0243.524] malloc (_Size=0xe3c) returned 0x1d9aa8 [0243.524] free (_Block=0x31d2860) [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.524] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] free (_Block=0x31e40b0) [0243.525] free (_Block=0x1d14e8) [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] GetCurrentThreadId () returned 0x1130 [0243.525] free (_Block=0x1d9aa8) [0243.525] free (_Block=0x31e1d18) [0243.525] free (_Block=0x1d7470) [0243.525] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xe10, lpOverlapped=0x0) returned 1 [0243.527] free (_Block=0x31d72b8) [0243.527] free (_Block=0x1d1338) [0243.527] CloseHandle (hObject=0x2b4) returned 1 [0243.527] CloseHandle (hObject=0x404) returned 1 [0243.527] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0243.527] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0243.527] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0243.527] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0243.527] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0243.527] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0243.527] SetLastError (dwErrCode=0x0) [0243.528] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", lpFilePart=0x19f9f8*="1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml") returned 0x62 [0243.528] GetLastError () returned 0x0 [0243.528] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0243.528] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0243.528] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0243.528] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0243.528] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.528] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml")) returned 1 [0243.529] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x13, wMilliseconds=0x1f1)) [0243.529] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0243.529] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0243.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0243.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.529] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0243.529] CloseHandle (hObject=0x404) returned 1 [0243.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml]omgp:[v4y1#L1qp-1&)zADTt*:@QS{vLPVEkb1ZH/YN,7OaaEo]", cchWideChar=98, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 98 [0243.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml]omgp:[v4y1#L1qp-1&)zADTt*:@QS{vLPVEkb1ZH/YN,7OaaEo]", cchWideChar=98, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 98 [0243.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml]omgp:[v4y1#L1qp-1&)zADTt*:@QS{vLPVEkb1ZH/YN,7OaaEo]", cchWideChar=98, lpMultiByteStr=0x24203a8, cbMultiByte=98, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml]omgp:[v4y1#L1qp-1&)zADTt*:@QS{vLPVEkb1ZH/YN,7OaaEo]", lpUsedDefaultChar=0x0) returned 98 [0243.536] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0243.536] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA=") returned 172 [0243.536] GetCurrentThreadId () returned 0x1130 [0243.536] GetCurrentThreadId () returned 0x1130 [0243.536] GetCurrentThreadId () returned 0x1130 [0243.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.536] SetLastError (dwErrCode=0x0) [0243.536] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320") returned 0x85 [0243.536] GetLastError () returned 0x0 [0243.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.536] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.536] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].wannacash ncov v310320")) returned 0x20 [0243.536] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [511].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.537] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0243.537] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.537] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xe10 [0243.537] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.537] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0243.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.537] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.537] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.537] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.537] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.537] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3") returned 197 [0243.537] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.537] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3") returned 197 [0243.537] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xe10 [0243.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vMW1dTeD8d3kbGZoTzlZMDtuWtoe9mjIm+zYvy8M6C1opUI/5EmLTgshfw/Oaj+mXLOqM7n7K1dgxvkt2n9ywME8XBma+bh61c++JXPc1Mfwr/fN2t4bMMiyPzfw54agN998uC7TiysNCe+FFmOf/bVF3WLwmjVGsI7CNCyjwhA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.537] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0243.537] CloseHandle (hObject=0x404) returned 1 [0243.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0243.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0243.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0243.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0243.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0243.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0243.538] SetLastError (dwErrCode=0x0) [0243.538] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", lpFilePart=0x19fa34*="1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml") returned 0x62 [0243.538] GetLastError () returned 0x0 [0243.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0243.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0243.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=8) returned 1 [0243.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml", cchCount2=4) returned 1 [0243.538] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.538] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml")) returned 0 [0243.538] GetLastError () returned 0x2 [0243.538] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml")) returned 0xffffffff [0243.538] SetLastError (dwErrCode=0x2) [0243.538] GetLastError () returned 0x2 [0243.538] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0243.538] LocalFree (hMem=0x92fe20) returned 0x0 [0243.538] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0243.539] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0243.539] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml")) returned 0x20 [0243.540] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33844576844) returned 1 [0243.540] GetCurrentThreadId () returned 0x1130 [0243.540] GetCurrentThreadId () returned 0x1130 [0243.540] GetCurrentThreadId () returned 0x1130 [0243.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}sk934)4wo;N^>gjmsc&v.;1TUi&x#h_+,tDcO?", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0243.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}sk934)4wo;N^>gjmsc&v.;1TUi&x#h_+,tDcO?", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0243.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}sk934)4wo;N^>gjmsc&v.;1TUi&x#h_+,tDcO?", cchWideChar=39, lpMultiByteStr=0x2525040, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="}sk934)4wo;N^>gjmsc&v.;1TUi&x#h_+,tDcO?", lpUsedDefaultChar=0x0) returned 39 [0243.540] GetCurrentThreadId () returned 0x1130 [0243.540] GetCurrentThreadId () returned 0x1130 [0243.540] GetCurrentThreadId () returned 0x1130 [0243.540] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.540] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] malloc (_Size=0x64) returned 0x1d1338 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] GetCurrentThreadId () returned 0x1130 [0243.541] free (_Block=0x1d1338) [0243.541] malloc (_Size=0x60) returned 0x1d1338 [0243.541] free (_Block=0x1d1338) [0243.541] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.541] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xade [0243.542] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.542] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.542] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xade [0243.542] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0243.542] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xade, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xade, lpOverlapped=0x0) returned 1 [0243.544] malloc (_Size=0x8c) returned 0x1d1338 [0243.544] malloc (_Size=0xfc) returned 0x31d72b8 [0243.544] malloc (_Size=0x40) returned 0x1d14e8 [0243.544] GetCurrentThreadId () returned 0x1130 [0243.544] GetCurrentThreadId () returned 0x1130 [0243.544] GetCurrentThreadId () returned 0x1130 [0243.544] GetCurrentThreadId () returned 0x1130 [0243.544] GetCurrentThreadId () returned 0x1130 [0243.544] GetCurrentThreadId () returned 0x1130 [0243.544] GetCurrentThreadId () returned 0x1130 [0243.544] GetCurrentThreadId () returned 0x1130 [0243.544] GetCurrentThreadId () returned 0x1130 [0243.544] GetCurrentThreadId () returned 0x1130 [0243.544] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] malloc (_Size=0xa5c) returned 0x31e40b0 [0243.545] malloc (_Size=0x40) returned 0x1d7470 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] malloc (_Size=0xc) returned 0x31e1dc0 [0243.545] malloc (_Size=0x720) returned 0x31d2860 [0243.545] malloc (_Size=0xe3c) returned 0x1d9aa8 [0243.545] free (_Block=0x31d2860) [0243.545] malloc (_Size=0x13a4) returned 0x1da8f0 [0243.545] free (_Block=0x1d9aa8) [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.545] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] free (_Block=0x31e40b0) [0243.546] free (_Block=0x1d14e8) [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] GetCurrentThreadId () returned 0x1130 [0243.546] free (_Block=0x1da8f0) [0243.547] free (_Block=0x31e1dc0) [0243.547] free (_Block=0x1d7470) [0243.547] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xed3, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xed3, lpOverlapped=0x0) returned 1 [0243.548] free (_Block=0x31d72b8) [0243.548] free (_Block=0x1d1338) [0243.548] CloseHandle (hObject=0x2b4) returned 1 [0243.548] CloseHandle (hObject=0x404) returned 1 [0243.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0243.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0243.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0243.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0243.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0243.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0243.549] SetLastError (dwErrCode=0x0) [0243.549] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", lpFilePart=0x19f9f8*="215f9712-9fca-a3f8-5b11-660eefc73b96.xml") returned 0x62 [0243.549] GetLastError () returned 0x0 [0243.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0243.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0243.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0243.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0243.549] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.549] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml")) returned 1 [0243.550] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x13, wMilliseconds=0x201)) [0243.550] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0243.550] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.550] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0243.550] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.550] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0243.551] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0243.551] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0243.551] CloseHandle (hObject=0x404) returned 1 [0243.551] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[215f9712-9fca-a3f8-5b11-660eefc73b96.xml]omgp:[}sk934)4wo;N^>gjmsc&v.;1TUi&x#h_+,tDcO?]", cchWideChar=93, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 93 [0243.551] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[215f9712-9fca-a3f8-5b11-660eefc73b96.xml]omgp:[}sk934)4wo;N^>gjmsc&v.;1TUi&x#h_+,tDcO?]", cchWideChar=93, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 93 [0243.551] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[215f9712-9fca-a3f8-5b11-660eefc73b96.xml]omgp:[}sk934)4wo;N^>gjmsc&v.;1TUi&x#h_+,tDcO?]", cchWideChar=93, lpMultiByteStr=0x24203a8, cbMultiByte=93, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[215f9712-9fca-a3f8-5b11-660eefc73b96.xml]omgp:[}sk934)4wo;N^>gjmsc&v.;1TUi&x#h_+,tDcO?]aaEo]", lpUsedDefaultChar=0x0) returned 93 [0243.557] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0243.557] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc=") returned 172 [0243.557] GetCurrentThreadId () returned 0x1130 [0243.557] GetCurrentThreadId () returned 0x1130 [0243.557] GetCurrentThreadId () returned 0x1130 [0243.557] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.557] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.557] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.557] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.557] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.557] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.557] SetLastError (dwErrCode=0x0) [0243.557] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320") returned 0x85 [0243.557] GetLastError () returned 0x0 [0243.557] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.557] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.557] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0243.557] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0243.557] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.565] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].wannacash ncov v310320")) returned 0x20 [0243.566] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [512].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0243.566] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0243.566] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.566] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xed3 [0243.566] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0243.566] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0243.566] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.566] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.566] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.566] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.566] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.566] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3") returned 197 [0243.566] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0243.566] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3") returned 197 [0243.567] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xed3 [0243.567] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.567] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0243.567] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:EtniN77YoJ5pCTmWrILOLZmCCCXwAXVG6Rg/5s2Q6ZEd06UnMCDgLNrg1cXYiNptX1Fzehpw0O1OEwO3RoA8SdYBtY/fsdo6455HdIXy4J6uK6V4ZZ8KPZghAdj0RZCdZHhm/4+8hlAOKny90KuePtLTQjKqFETjoORh7jrHEwc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0243.567] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0243.567] CloseHandle (hObject=0x404) returned 1 [0243.567] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0243.567] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0243.567] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0243.567] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0243.567] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0243.567] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0243.567] SetLastError (dwErrCode=0x0) [0243.567] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", lpFilePart=0x19fa34*="215f9712-9fca-a3f8-5b11-660eefc73b96.xml") returned 0x62 [0243.567] GetLastError () returned 0x0 [0243.567] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0243.568] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0243.568] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=8) returned 1 [0243.568] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml", cchCount2=4) returned 1 [0243.568] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0243.568] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml")) returned 0 [0243.568] GetLastError () returned 0x2 [0243.568] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\215f9712-9fca-a3f8-5b11-660eefc73b96.xml")) returned 0xffffffff [0243.568] SetLastError (dwErrCode=0x2) [0243.568] GetLastError () returned 0x2 [0243.568] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0243.568] LocalFree (hMem=0x92fe20) returned 0x0 [0243.568] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0243.568] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0243.568] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\2657f7c0-8294-58c3-f394-15fe18ba174a.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\2657f7c0-8294-58c3-f394-15fe18ba174a.xml")) returned 0x20 [0243.569] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33847483421) returned 1 [0243.569] GetCurrentThreadId () returned 0x1130 [0243.569] GetCurrentThreadId () returned 0x1130 [0243.569] GetCurrentThreadId () returned 0x1130 [0243.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№djpXa%C\\7}i.KU8Z)CILi(eKUpwmR(yDlOg*ODkgE|JP}YT", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0244.556] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=">e!aNZ?_*Q!R\"kVc.J!R№Q`nUhC%t>R(yDlOg*ODkgE|JP}YT", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0244.556] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=">e!aNZ?_*Q!R\"kVc.J!R№Q`nUhC%t>R(yDlOg*ODkgE|JP}YT", cchWideChar=49, lpMultiByteStr=0x25337d8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=">e!aNZ?_*Q!R\"kVc.J!Râ\x84\x96Q`nUhC%t>R(yDlOg*ODkgE|JP}YT", lpUsedDefaultChar=0x0) returned 51 [0244.556] GetCurrentThreadId () returned 0x1130 [0244.556] GetCurrentThreadId () returned 0x1130 [0244.556] GetCurrentThreadId () returned 0x1130 [0244.556] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0244.556] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] malloc (_Size=0x64) returned 0x1d1338 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] GetCurrentThreadId () returned 0x1130 [0244.557] free (_Block=0x1d1338) [0244.558] malloc (_Size=0x60) returned 0x1d1338 [0244.568] free (_Block=0x1d1338) [0244.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xdcc [0244.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xdcc [0244.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.568] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xdcc, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xdcc, lpOverlapped=0x0) returned 1 [0244.569] malloc (_Size=0x8c) returned 0x1d1338 [0244.569] malloc (_Size=0xfc) returned 0x31d73c0 [0244.569] malloc (_Size=0x40) returned 0x1d14e8 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] malloc (_Size=0xa5c) returned 0x31e40b0 [0244.570] malloc (_Size=0x40) returned 0x1d7470 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] GetCurrentThreadId () returned 0x1130 [0244.570] malloc (_Size=0xc) returned 0x31e1e38 [0244.571] malloc (_Size=0x720) returned 0x31d2860 [0244.571] malloc (_Size=0xe3c) returned 0x1d9aa8 [0244.571] free (_Block=0x31d2860) [0244.571] malloc (_Size=0x15ac) returned 0x1da8f0 [0244.571] free (_Block=0x1d9aa8) [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.571] GetCurrentThreadId () returned 0x1130 [0244.572] free (_Block=0x31e40b0) [0244.572] free (_Block=0x1d14e8) [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] GetCurrentThreadId () returned 0x1130 [0244.572] free (_Block=0x1da8f0) [0244.572] free (_Block=0x31e1e38) [0244.572] free (_Block=0x1d7470) [0244.572] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b75d8*, nNumberOfBytesToWrite=0x12ca, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b75d8*, lpNumberOfBytesWritten=0x19fbbc*=0x12ca, lpOverlapped=0x0) returned 1 [0244.574] free (_Block=0x31d73c0) [0244.574] free (_Block=0x1d1338) [0244.574] CloseHandle (hObject=0x2b4) returned 1 [0244.575] CloseHandle (hObject=0x404) returned 1 [0244.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=8) returned 1 [0244.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=4) returned 1 [0244.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=8) returned 1 [0244.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=4) returned 1 [0244.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=8) returned 1 [0244.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=4) returned 1 [0244.575] SetLastError (dwErrCode=0x0) [0244.575] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", lpFilePart=0x19f9f8*="5f3c8956-0358-1f87-eb47-697e265d6aa9.xml") returned 0x62 [0244.575] GetLastError () returned 0x0 [0244.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=8) returned 1 [0244.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=4) returned 1 [0244.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=8) returned 1 [0244.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=4) returned 1 [0244.575] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0244.576] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml")) returned 1 [0244.576] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x14, wMilliseconds=0x220)) [0244.576] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0244.576] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0244.576] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0244.577] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0244.577] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0244.577] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0244.577] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0244.577] CloseHandle (hObject=0x404) returned 1 [0244.577] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[5f3c8956-0358-1f87-eb47-697e265d6aa9.xml]omgp:[>e!aNZ?_*Q!R\"kVc.J!R№Q`nUhC%t>R(yDlOg*ODkgE|JP}YT]", cchWideChar=103, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 103 [0244.577] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[5f3c8956-0358-1f87-eb47-697e265d6aa9.xml]omgp:[>e!aNZ?_*Q!R\"kVc.J!R№Q`nUhC%t>R(yDlOg*ODkgE|JP}YT]", cchWideChar=103, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 103 [0244.577] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[5f3c8956-0358-1f87-eb47-697e265d6aa9.xml]omgp:[>e!aNZ?_*Q!R\"kVc.J!R№Q`nUhC%t>R(yDlOg*ODkgE|JP}YT]", cchWideChar=103, lpMultiByteStr=0x2494888, cbMultiByte=103, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[5f3c8956-0358-1f87-eb47-697e265d6aa9.xml]omgp:[>e!aNZ?_*Q!R\"kVc.J!R?Q`nUhC%t>R(yDlOg*ODkgE|JP}YT]", lpUsedDefaultChar=0x0) returned 103 [0244.585] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0244.585] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU=") returned 172 [0244.585] GetCurrentThreadId () returned 0x1130 [0244.585] GetCurrentThreadId () returned 0x1130 [0244.585] GetCurrentThreadId () returned 0x1130 [0244.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0244.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0244.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0244.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0244.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0244.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0244.586] SetLastError (dwErrCode=0x0) [0244.586] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320") returned 0x85 [0244.586] GetLastError () returned 0x0 [0244.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0244.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0244.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0244.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0244.586] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0244.586] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].wannacash ncov v310320")) returned 0x20 [0244.586] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [536].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0244.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0244.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0244.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x12ca [0244.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0244.587] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0244.587] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.587] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.587] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0244.587] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.587] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.587] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0244.587] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0244.587] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3") returned 197 [0244.587] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0244.587] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3") returned 197 [0244.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x12ca [0244.587] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:gDMgneTckGDEwF2/fXt9z7aotm9hMAe+JmO3uAaY/5gKxI1nwvrb6iz2gtj95tkT6Na87F8ueuqGqUmDmBOGV8IVshofPOxVeNbXIIak3yiIk+Cc960oAUaMzWG3jPOKJ2t6kuOh09E6azZhjHHXHqMc1k2fRxLhn1NkrIk6zgU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0244.588] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0244.588] CloseHandle (hObject=0x404) returned 1 [0244.588] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=8) returned 1 [0244.588] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=4) returned 1 [0244.588] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=8) returned 1 [0244.588] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=4) returned 1 [0244.588] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=8) returned 1 [0244.588] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=4) returned 1 [0244.588] SetLastError (dwErrCode=0x0) [0244.588] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", lpFilePart=0x19fa34*="5f3c8956-0358-1f87-eb47-697e265d6aa9.xml") returned 0x62 [0244.588] GetLastError () returned 0x0 [0244.588] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=8) returned 1 [0244.588] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=4) returned 1 [0244.588] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=8) returned 1 [0244.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml", cchCount2=4) returned 1 [0244.589] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0244.589] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml")) returned 0 [0244.590] GetLastError () returned 0x2 [0244.590] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\5f3c8956-0358-1f87-eb47-697e265d6aa9.xml")) returned 0xffffffff [0244.590] SetLastError (dwErrCode=0x2) [0244.590] GetLastError () returned 0x2 [0244.590] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0244.590] LocalFree (hMem=0x92fe20) returned 0x0 [0244.590] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0244.590] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0244.590] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\600364a7-e11c-efda-2c12-eac40e75f19a.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\600364a7-e11c-efda-2c12-eac40e75f19a.xml")) returned 0x20 [0244.591] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33949681718) returned 1 [0244.591] GetCurrentThreadId () returned 0x1130 [0244.591] GetCurrentThreadId () returned 0x1130 [0244.591] GetCurrentThreadId () returned 0x1130 [0244.591] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="TZs38@.-_#^_7Wds8{\\W-rSW!oE\"In\\fgxCt*LaX#+7gSu&(zSo7RgFEn$b>2~AL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0244.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6>\"In\\fgxCt*LaX#+7gSu&(zSo7RgFEn$b>2~AL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0244.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6>\"In\\fgxCt*LaX#+7gSu&(zSo7RgFEn$b>2~AL", cchWideChar=39, lpMultiByteStr=0x2525040, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="6>\"In\\fgxCt*LaX#+7gSu&(zSo7RgFEn$b>2~AL", lpUsedDefaultChar=0x0) returned 39 [0244.945] GetCurrentThreadId () returned 0x1130 [0244.945] GetCurrentThreadId () returned 0x1130 [0244.945] GetCurrentThreadId () returned 0x1130 [0244.945] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0244.945] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] malloc (_Size=0x64) returned 0x1d1338 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] GetCurrentThreadId () returned 0x1130 [0244.946] free (_Block=0x1d1338) [0244.946] malloc (_Size=0x60) returned 0x1d1338 [0244.946] free (_Block=0x1d1338) [0244.946] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.946] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc7c [0244.947] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.947] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.947] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc7c [0244.947] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.947] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc7c, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc7c, lpOverlapped=0x0) returned 1 [0244.965] malloc (_Size=0x8c) returned 0x1d1338 [0244.965] malloc (_Size=0xfc) returned 0x31d78e8 [0244.965] malloc (_Size=0x40) returned 0x1d14e8 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] malloc (_Size=0xa5c) returned 0x31e40b0 [0244.965] malloc (_Size=0x40) returned 0x1d7470 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.965] GetCurrentThreadId () returned 0x1130 [0244.966] GetCurrentThreadId () returned 0x1130 [0244.966] malloc (_Size=0xc) returned 0x31e1dc0 [0244.966] malloc (_Size=0x720) returned 0x31d2860 [0244.966] malloc (_Size=0xe3c) returned 0x1d9aa8 [0244.966] free (_Block=0x31d2860) [0244.966] malloc (_Size=0x15ac) returned 0x1da8f0 [0244.966] free (_Block=0x1d9aa8) [0244.966] GetCurrentThreadId () returned 0x1130 [0244.966] GetCurrentThreadId () returned 0x1130 [0244.966] GetCurrentThreadId () returned 0x1130 [0244.966] GetCurrentThreadId () returned 0x1130 [0244.966] GetCurrentThreadId () returned 0x1130 [0244.966] GetCurrentThreadId () returned 0x1130 [0244.966] GetCurrentThreadId () returned 0x1130 [0244.966] GetCurrentThreadId () returned 0x1130 [0244.966] GetCurrentThreadId () returned 0x1130 [0244.966] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] free (_Block=0x31e40b0) [0244.967] free (_Block=0x1d14e8) [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] GetCurrentThreadId () returned 0x1130 [0244.967] free (_Block=0x1da8f0) [0244.968] free (_Block=0x31e1dc0) [0244.968] free (_Block=0x1d7470) [0244.968] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x1103, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1103, lpOverlapped=0x0) returned 1 [0244.969] free (_Block=0x31d78e8) [0244.969] free (_Block=0x1d1338) [0244.969] CloseHandle (hObject=0x2b4) returned 1 [0244.969] CloseHandle (hObject=0x404) returned 1 [0244.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=8) returned 1 [0244.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=4) returned 1 [0244.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=8) returned 1 [0244.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=4) returned 1 [0244.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=8) returned 1 [0244.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=4) returned 1 [0244.970] SetLastError (dwErrCode=0x0) [0244.970] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", lpFilePart=0x19f9f8*="7646fa0f-b52c-71a8-3aed-950dd1668c09.xml") returned 0x62 [0244.970] GetLastError () returned 0x0 [0244.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=8) returned 1 [0244.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=4) returned 1 [0244.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=8) returned 1 [0244.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=4) returned 1 [0244.970] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0244.970] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml")) returned 1 [0244.971] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x14, wMilliseconds=0x3a7)) [0244.971] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0244.971] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0244.971] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0244.972] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0244.972] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0244.972] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0244.972] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0244.972] CloseHandle (hObject=0x404) returned 1 [0244.972] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[7646fa0f-b52c-71a8-3aed-950dd1668c09.xml]omgp:[6>\"In\\fgxCt*LaX#+7gSu&(zSo7RgFEn$b>2~AL]", cchWideChar=93, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 93 [0244.972] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[7646fa0f-b52c-71a8-3aed-950dd1668c09.xml]omgp:[6>\"In\\fgxCt*LaX#+7gSu&(zSo7RgFEn$b>2~AL]", cchWideChar=93, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 93 [0244.972] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[7646fa0f-b52c-71a8-3aed-950dd1668c09.xml]omgp:[6>\"In\\fgxCt*LaX#+7gSu&(zSo7RgFEn$b>2~AL]", cchWideChar=93, lpMultiByteStr=0x24203a8, cbMultiByte=93, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[7646fa0f-b52c-71a8-3aed-950dd1668c09.xml]omgp:[6>\"In\\fgxCt*LaX#+7gSu&(zSo7RgFEn$b>2~AL]", lpUsedDefaultChar=0x0) returned 93 [0244.978] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0244.978] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0=") returned 172 [0244.978] GetCurrentThreadId () returned 0x1130 [0244.978] GetCurrentThreadId () returned 0x1130 [0244.978] GetCurrentThreadId () returned 0x1130 [0244.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0244.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0244.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0244.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0244.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0244.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0244.978] SetLastError (dwErrCode=0x0) [0244.978] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320") returned 0x85 [0244.978] GetLastError () returned 0x0 [0244.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0244.978] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0244.979] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0244.979] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0244.979] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0244.979] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].wannacash ncov v310320")) returned 0x20 [0244.979] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [544].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0244.979] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0244.979] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0244.979] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1103 [0244.979] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0244.979] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0244.979] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.980] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.980] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0244.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.980] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0244.980] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0244.980] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3") returned 197 [0244.980] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0244.980] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3") returned 197 [0244.980] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1103 [0244.980] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.980] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0244.980] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:pDSQCrh2mNwpW48c//LnJ5UA7p3Q3BidQM338B4d8MG5wmejea/s1Cl7Sy3ODuKtPex2PfxPvOoHsV3G1EhF+CrbCPXdlyovGa3ouV2nUcBHdQ3xLysfP8igjpAP7Ag4uoeDp/GI2P5KS37sBMtFz9nMf9Ujzrde9/txjk1xom0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0244.980] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0244.980] CloseHandle (hObject=0x404) returned 1 [0244.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=8) returned 1 [0244.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=4) returned 1 [0244.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=8) returned 1 [0244.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=4) returned 1 [0244.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=8) returned 1 [0244.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=4) returned 1 [0244.981] SetLastError (dwErrCode=0x0) [0244.981] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", lpFilePart=0x19fa34*="7646fa0f-b52c-71a8-3aed-950dd1668c09.xml") returned 0x62 [0244.981] GetLastError () returned 0x0 [0244.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=8) returned 1 [0244.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=4) returned 1 [0244.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=8) returned 1 [0244.981] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml", cchCount2=4) returned 1 [0244.981] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0244.981] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml")) returned 0 [0244.981] GetLastError () returned 0x2 [0244.981] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml")) returned 0xffffffff [0244.981] SetLastError (dwErrCode=0x2) [0244.981] GetLastError () returned 0x2 [0244.981] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0244.981] LocalFree (hMem=0x92fe20) returned 0x0 [0244.981] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0244.982] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0244.982] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml")) returned 0x20 [0244.982] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33988809198) returned 1 [0244.982] GetCurrentThreadId () returned 0x1130 [0244.982] GetCurrentThreadId () returned 0x1130 [0244.982] GetCurrentThreadId () returned 0x1130 [0244.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="{\\t^Wj=F%jRsD+\\4ZP+f!S-cy,raQyf7o.:2H8lIyr\\DeR~U5", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0244.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="{\\t^Wj=F%jRsD+\\4ZP+f!S-cy,raQyf7o.:2H8lIyr\\DeR~U5", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0244.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="{\\t^Wj=F%jRsD+\\4ZP+f!S-cy,raQyf7o.:2H8lIyr\\DeR~U5", cchWideChar=49, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{\\t^Wj=F%jRsD+\\4ZP+f!S-cy,raQyf7o.:2H8lIyr\\DeR~U5", lpUsedDefaultChar=0x0) returned 49 [0244.982] GetCurrentThreadId () returned 0x1130 [0244.982] GetCurrentThreadId () returned 0x1130 [0244.982] GetCurrentThreadId () returned 0x1130 [0244.982] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0244.982] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] malloc (_Size=0x64) returned 0x1d1338 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.983] GetCurrentThreadId () returned 0x1130 [0244.984] free (_Block=0x1d1338) [0244.984] malloc (_Size=0x60) returned 0x1d1338 [0244.984] free (_Block=0x1d1338) [0244.984] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.984] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa64 [0244.984] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.984] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.984] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa64 [0244.984] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0244.984] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xa64, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xa64, lpOverlapped=0x0) returned 1 [0244.988] malloc (_Size=0x8c) returned 0x1d1338 [0244.988] malloc (_Size=0xfc) returned 0x31d76d8 [0244.988] malloc (_Size=0x40) returned 0x1d14e8 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] malloc (_Size=0xa5c) returned 0x31e40b0 [0244.988] malloc (_Size=0x40) returned 0x1d7470 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.988] GetCurrentThreadId () returned 0x1130 [0244.989] malloc (_Size=0xc) returned 0x31e1ca0 [0244.989] malloc (_Size=0x720) returned 0x31d2860 [0244.989] malloc (_Size=0xe3c) returned 0x1d9aa8 [0244.989] free (_Block=0x31d2860) [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.989] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] free (_Block=0x31e40b0) [0244.990] free (_Block=0x1d14e8) [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] GetCurrentThreadId () returned 0x1130 [0244.990] free (_Block=0x1d9aa8) [0244.990] free (_Block=0x31e1ca0) [0244.990] free (_Block=0x1d7470) [0244.990] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xe38, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xe38, lpOverlapped=0x0) returned 1 [0244.991] free (_Block=0x31d76d8) [0244.991] free (_Block=0x1d1338) [0244.991] CloseHandle (hObject=0x2b4) returned 1 [0244.992] CloseHandle (hObject=0x404) returned 1 [0244.992] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=8) returned 1 [0244.992] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=4) returned 1 [0244.992] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=8) returned 1 [0244.992] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=4) returned 1 [0244.992] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=8) returned 1 [0244.992] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=4) returned 1 [0244.992] SetLastError (dwErrCode=0x0) [0244.992] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", lpFilePart=0x19f9f8*="8292682a-6850-c06c-9b6d-9646f16d4ed0.xml") returned 0x62 [0244.992] GetLastError () returned 0x0 [0244.992] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=8) returned 1 [0244.992] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=4) returned 1 [0244.992] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=8) returned 1 [0244.992] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=4) returned 1 [0244.992] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0244.992] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml")) returned 1 [0244.993] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x14, wMilliseconds=0x3b6)) [0244.993] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0244.993] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0244.994] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0244.994] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0244.994] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0244.994] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0244.994] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0244.994] CloseHandle (hObject=0x404) returned 1 [0244.994] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8292682a-6850-c06c-9b6d-9646f16d4ed0.xml]omgp:[{\\t^Wj=F%jRsD+\\4ZP+f!S-cy,raQyf7o.:2H8lIyr\\DeR~U5]", cchWideChar=103, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 103 [0244.994] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8292682a-6850-c06c-9b6d-9646f16d4ed0.xml]omgp:[{\\t^Wj=F%jRsD+\\4ZP+f!S-cy,raQyf7o.:2H8lIyr\\DeR~U5]", cchWideChar=103, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 103 [0244.994] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8292682a-6850-c06c-9b6d-9646f16d4ed0.xml]omgp:[{\\t^Wj=F%jRsD+\\4ZP+f!S-cy,raQyf7o.:2H8lIyr\\DeR~U5]", cchWideChar=103, lpMultiByteStr=0x2494888, cbMultiByte=103, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[8292682a-6850-c06c-9b6d-9646f16d4ed0.xml]omgp:[{\\t^Wj=F%jRsD+\\4ZP+f!S-cy,raQyf7o.:2H8lIyr\\DeR~U5]", lpUsedDefaultChar=0x0) returned 103 [0245.000] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0245.000] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4=") returned 172 [0245.001] GetCurrentThreadId () returned 0x1130 [0245.001] GetCurrentThreadId () returned 0x1130 [0245.001] GetCurrentThreadId () returned 0x1130 [0245.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.001] SetLastError (dwErrCode=0x0) [0245.001] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320") returned 0x85 [0245.001] GetLastError () returned 0x0 [0245.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.001] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.001] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.001] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].wannacash ncov v310320")) returned 0x20 [0245.001] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [545].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.002] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0245.002] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.002] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xe38 [0245.002] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.002] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0245.002] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.002] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.002] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.002] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.002] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.002] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.002] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.002] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3") returned 197 [0245.002] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.002] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3") returned 197 [0245.002] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xe38 [0245.002] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.002] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.002] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:b/86ym+BF3991lM4OKADlqnLv9SeHo6YCro8Env++Hhe7B70xG2USuFrpaBAFSg0cqT/AGR9VaWijVvE98/yhao/F5050PozK8/qX9ODaWrcc/S1HstkF8gPSrTHdhtOOWrlgF1fOoq+q+mSj35P17OylAHH7Ym8dBFqoMbrOD4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.003] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0245.003] CloseHandle (hObject=0x404) returned 1 [0245.003] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=8) returned 1 [0245.003] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=4) returned 1 [0245.003] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=8) returned 1 [0245.003] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=4) returned 1 [0245.003] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=8) returned 1 [0245.003] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=4) returned 1 [0245.003] SetLastError (dwErrCode=0x0) [0245.003] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", lpFilePart=0x19fa34*="8292682a-6850-c06c-9b6d-9646f16d4ed0.xml") returned 0x62 [0245.003] GetLastError () returned 0x0 [0245.003] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=8) returned 1 [0245.003] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=4) returned 1 [0245.003] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=8) returned 1 [0245.003] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml", cchCount2=4) returned 1 [0245.003] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.003] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml")) returned 0 [0245.004] GetLastError () returned 0x2 [0245.004] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml")) returned 0xffffffff [0245.004] SetLastError (dwErrCode=0x2) [0245.004] GetLastError () returned 0x2 [0245.004] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0245.004] LocalFree (hMem=0x92fe20) returned 0x0 [0245.004] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0245.004] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0245.004] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml")) returned 0x20 [0245.004] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33991061841) returned 1 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(f>r\"x)z#nMcPI№D&p$!uY>wb9f?X", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0245.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(f>r\"x)z#nMcPI№D&p$!uY>wb9f?X", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0245.005] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(f>r\"x)z#nMcPI№D&p$!uY>wb9f?X", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="(f>r\"x)z#nMcPIâ\x84\x96D&p$!uY>wb9f?X", lpUsedDefaultChar=0x0) returned 31 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.005] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.005] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.005] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] malloc (_Size=0x64) returned 0x1d1338 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] GetCurrentThreadId () returned 0x1130 [0245.006] free (_Block=0x1d1338) [0245.006] malloc (_Size=0x60) returned 0x1d1338 [0245.006] free (_Block=0x1d1338) [0245.006] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.006] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xb00 [0245.006] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.006] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.006] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xb00 [0245.007] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.007] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xb00, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xb00, lpOverlapped=0x0) returned 1 [0245.038] malloc (_Size=0x8c) returned 0x1d1338 [0245.038] malloc (_Size=0xfc) returned 0x31d71b0 [0245.038] malloc (_Size=0x40) returned 0x1d14e8 [0245.038] GetCurrentThreadId () returned 0x1130 [0245.038] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] malloc (_Size=0xa5c) returned 0x31e40b0 [0245.039] malloc (_Size=0x40) returned 0x1d7470 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] GetCurrentThreadId () returned 0x1130 [0245.039] malloc (_Size=0xc) returned 0x31e1eb0 [0245.039] malloc (_Size=0x720) returned 0x31d2860 [0245.039] malloc (_Size=0xe3c) returned 0x1d9aa8 [0245.039] free (_Block=0x31d2860) [0245.040] malloc (_Size=0x13fc) returned 0x1da8f0 [0245.040] free (_Block=0x1d9aa8) [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] free (_Block=0x31e40b0) [0245.040] free (_Block=0x1d14e8) [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.040] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] GetCurrentThreadId () returned 0x1130 [0245.041] free (_Block=0x1da8f0) [0245.041] free (_Block=0x31e1eb0) [0245.041] free (_Block=0x1d7470) [0245.041] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xf14, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xf14, lpOverlapped=0x0) returned 1 [0245.042] free (_Block=0x31d71b0) [0245.042] free (_Block=0x1d1338) [0245.042] CloseHandle (hObject=0x2b4) returned 1 [0245.043] CloseHandle (hObject=0x404) returned 1 [0245.043] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=8) returned 1 [0245.043] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=4) returned 1 [0245.043] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=8) returned 1 [0245.043] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=4) returned 1 [0245.043] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=8) returned 1 [0245.043] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=4) returned 1 [0245.043] SetLastError (dwErrCode=0x0) [0245.043] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", lpFilePart=0x19f9f8*="865e8f30-20a1-9528-bb48-42999b5b2aa8.xml") returned 0x62 [0245.043] GetLastError () returned 0x0 [0245.043] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=8) returned 1 [0245.043] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=4) returned 1 [0245.043] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=8) returned 1 [0245.043] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=4) returned 1 [0245.043] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.044] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml")) returned 1 [0245.044] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x15, wMilliseconds=0xd)) [0245.044] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0245.044] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.044] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0245.044] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.045] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0245.045] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.045] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0245.045] CloseHandle (hObject=0x404) returned 1 [0245.045] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[865e8f30-20a1-9528-bb48-42999b5b2aa8.xml]omgp:[(f>r\"x)z#nMcPI№D&p$!uY>wb9f?X]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0245.045] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[865e8f30-20a1-9528-bb48-42999b5b2aa8.xml]omgp:[(f>r\"x)z#nMcPI№D&p$!uY>wb9f?X]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0245.045] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[865e8f30-20a1-9528-bb48-42999b5b2aa8.xml]omgp:[(f>r\"x)z#nMcPI№D&p$!uY>wb9f?X]", cchWideChar=83, lpMultiByteStr=0x251e148, cbMultiByte=83, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[865e8f30-20a1-9528-bb48-42999b5b2aa8.xml]omgp:[(f>r\"x)z#nMcPI?D&p$!uY>wb9f?X]", lpUsedDefaultChar=0x0) returned 83 [0245.052] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0245.052] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg=") returned 172 [0245.052] GetCurrentThreadId () returned 0x1130 [0245.052] GetCurrentThreadId () returned 0x1130 [0245.052] GetCurrentThreadId () returned 0x1130 [0245.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.052] SetLastError (dwErrCode=0x0) [0245.052] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320") returned 0x85 [0245.052] GetLastError () returned 0x0 [0245.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.052] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.052] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].wannacash ncov v310320")) returned 0x20 [0245.052] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [546].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.053] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0245.053] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.053] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xf14 [0245.053] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.053] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0245.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.053] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.053] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3") returned 197 [0245.053] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.053] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3") returned 197 [0245.053] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xf14 [0245.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:LZTKfKAy4wn7+gpW+Rk5U9IwUDthpT38u4SUbeA0iobkuz0K1EEiThtLD6RVWGCEfQDPiP/aSY4XcrpS5fJ2wMk6uPG4e5xl+JwYHCikBf7nrbu6QyD+dQ/A0Si7n04bycKh946f7g3FadZRiV7PRS21Gh0qfV9A5972KjiV/xg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.053] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0245.054] CloseHandle (hObject=0x404) returned 1 [0245.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=8) returned 1 [0245.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=4) returned 1 [0245.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=8) returned 1 [0245.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=4) returned 1 [0245.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=8) returned 1 [0245.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=4) returned 1 [0245.054] SetLastError (dwErrCode=0x0) [0245.054] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", lpFilePart=0x19fa34*="865e8f30-20a1-9528-bb48-42999b5b2aa8.xml") returned 0x62 [0245.054] GetLastError () returned 0x0 [0245.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=8) returned 1 [0245.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=4) returned 1 [0245.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=8) returned 1 [0245.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml", cchCount2=4) returned 1 [0245.054] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.055] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml")) returned 0 [0245.055] GetLastError () returned 0x2 [0245.055] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml")) returned 0xffffffff [0245.055] SetLastError (dwErrCode=0x2) [0245.055] GetLastError () returned 0x2 [0245.055] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0245.055] LocalFree (hMem=0x92fe20) returned 0x0 [0245.055] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0245.056] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0245.056] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml")) returned 0x20 [0245.057] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=33996282473) returned 1 [0245.057] GetCurrentThreadId () returned 0x1130 [0245.057] GetCurrentThreadId () returned 0x1130 [0245.057] GetCurrentThreadId () returned 0x1130 [0245.057] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="?!8N~flU5Jn7#F\"№Vkpvb.,-S(RR``vwnI=6mdo-n~s", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0245.057] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="?!8N~flU5Jn7#F\"№Vkpvb.,-S(RR``vwnI=6mdo-n~s", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0245.057] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="?!8N~flU5Jn7#F\"№Vkpvb.,-S(RR``vwnI=6mdo-n~s", cchWideChar=43, lpMultiByteStr=0x25337d8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="?!8N~flU5Jn7#F\"â\x84\x96Vkpvb.,-S(RR``vwnI=6mdo-n~s", lpUsedDefaultChar=0x0) returned 45 [0245.057] GetCurrentThreadId () returned 0x1130 [0245.057] GetCurrentThreadId () returned 0x1130 [0245.057] GetCurrentThreadId () returned 0x1130 [0245.057] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.057] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0245.058] GetCurrentThreadId () returned 0x1130 [0245.058] GetCurrentThreadId () returned 0x1130 [0245.058] GetCurrentThreadId () returned 0x1130 [0245.058] GetCurrentThreadId () returned 0x1130 [0245.058] GetCurrentThreadId () returned 0x1130 [0245.058] GetCurrentThreadId () returned 0x1130 [0245.058] GetCurrentThreadId () returned 0x1130 [0245.058] GetCurrentThreadId () returned 0x1130 [0245.058] GetCurrentThreadId () returned 0x1130 [0245.058] GetCurrentThreadId () returned 0x1130 [0245.059] GetCurrentThreadId () returned 0x1130 [0245.059] GetCurrentThreadId () returned 0x1130 [0245.059] GetCurrentThreadId () returned 0x1130 [0245.059] malloc (_Size=0x64) returned 0x1d1338 [0245.059] GetCurrentThreadId () returned 0x1130 [0245.059] GetCurrentThreadId () returned 0x1130 [0245.059] GetCurrentThreadId () returned 0x1130 [0245.059] GetCurrentThreadId () returned 0x1130 [0245.059] GetCurrentThreadId () returned 0x1130 [0245.059] GetCurrentThreadId () returned 0x1130 [0245.059] free (_Block=0x1d1338) [0245.059] malloc (_Size=0x60) returned 0x1d1338 [0245.059] free (_Block=0x1d1338) [0245.059] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.059] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xadf [0245.059] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.060] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.060] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xadf [0245.060] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.060] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xadf, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xadf, lpOverlapped=0x0) returned 1 [0245.063] malloc (_Size=0x8c) returned 0x1d1338 [0245.063] malloc (_Size=0xfc) returned 0x31d77e0 [0245.063] malloc (_Size=0x40) returned 0x1d14e8 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] malloc (_Size=0xa5c) returned 0x31e40b0 [0245.063] malloc (_Size=0x40) returned 0x1d7470 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.063] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] malloc (_Size=0xc) returned 0x31e1ca0 [0245.064] malloc (_Size=0x720) returned 0x31d2860 [0245.064] malloc (_Size=0xe3c) returned 0x1d9aa8 [0245.064] free (_Block=0x31d2860) [0245.064] malloc (_Size=0x13a4) returned 0x1da8f0 [0245.064] free (_Block=0x1d9aa8) [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.064] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] free (_Block=0x31e40b0) [0245.065] free (_Block=0x1d14e8) [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.065] GetCurrentThreadId () returned 0x1130 [0245.066] GetCurrentThreadId () returned 0x1130 [0245.066] GetCurrentThreadId () returned 0x1130 [0245.066] GetCurrentThreadId () returned 0x1130 [0245.066] GetCurrentThreadId () returned 0x1130 [0245.066] GetCurrentThreadId () returned 0x1130 [0245.066] GetCurrentThreadId () returned 0x1130 [0245.066] GetCurrentThreadId () returned 0x1130 [0245.066] GetCurrentThreadId () returned 0x1130 [0245.066] GetCurrentThreadId () returned 0x1130 [0245.066] free (_Block=0x1da8f0) [0245.066] free (_Block=0x31e1ca0) [0245.066] free (_Block=0x1d7470) [0245.066] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xed3, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xed3, lpOverlapped=0x0) returned 1 [0245.068] free (_Block=0x31d77e0) [0245.068] free (_Block=0x1d1338) [0245.068] CloseHandle (hObject=0x2b4) returned 1 [0245.068] CloseHandle (hObject=0x404) returned 1 [0245.068] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=8) returned 1 [0245.068] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=4) returned 1 [0245.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=8) returned 1 [0245.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=4) returned 1 [0245.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=8) returned 1 [0245.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=4) returned 1 [0245.069] SetLastError (dwErrCode=0x0) [0245.069] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", lpFilePart=0x19f9f8*="8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml") returned 0x62 [0245.069] GetLastError () returned 0x0 [0245.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=8) returned 1 [0245.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=4) returned 1 [0245.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=8) returned 1 [0245.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=4) returned 1 [0245.069] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.069] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml")) returned 1 [0245.071] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x15, wMilliseconds=0x1c)) [0245.071] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0245.071] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0245.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0245.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.071] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0245.071] CloseHandle (hObject=0x404) returned 1 [0245.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml]omgp:[?!8N~flU5Jn7#F\"№Vkpvb.,-S(RR``vwnI=6mdo-n~s]", cchWideChar=97, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 97 [0245.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml]omgp:[?!8N~flU5Jn7#F\"№Vkpvb.,-S(RR``vwnI=6mdo-n~s]", cchWideChar=97, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 97 [0245.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml]omgp:[?!8N~flU5Jn7#F\"№Vkpvb.,-S(RR``vwnI=6mdo-n~s]", cchWideChar=97, lpMultiByteStr=0x24203a8, cbMultiByte=97, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml]omgp:[?!8N~flU5Jn7#F\"?Vkpvb.,-S(RR``vwnI=6mdo-n~s]", lpUsedDefaultChar=0x0) returned 97 [0245.115] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0245.115] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY=") returned 172 [0245.115] GetCurrentThreadId () returned 0x1130 [0245.115] GetCurrentThreadId () returned 0x1130 [0245.116] GetCurrentThreadId () returned 0x1130 [0245.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.116] SetLastError (dwErrCode=0x0) [0245.116] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320") returned 0x85 [0245.116] GetLastError () returned 0x0 [0245.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.116] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.116] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.116] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].wannacash ncov v310320")) returned 0x20 [0245.117] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [547].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0245.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xed3 [0245.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.117] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0245.117] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.117] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.117] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.117] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.117] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.118] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.118] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.118] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3") returned 197 [0245.118] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.118] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3") returned 197 [0245.118] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xed3 [0245.118] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.118] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.118] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:CgeIpJSPE05Qru0my+DVnuj2MiXV33JlIdZkO+4ROllBw9NtDEN7jg8sEEX/NjCTQ1vOSRGH2MKTe4qxxtvCJXW0KbsO1C/Vg5b9jh1HhXq8acJ/gg0OrZkrdFAioJf24kMNonsiFnNS6e2pLiQ7GcQuq9uqyl+nMM/XF0H5hkY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.118] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0245.118] CloseHandle (hObject=0x404) returned 1 [0245.119] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=8) returned 1 [0245.119] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=4) returned 1 [0245.119] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=8) returned 1 [0245.119] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=4) returned 1 [0245.119] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=8) returned 1 [0245.119] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=4) returned 1 [0245.119] SetLastError (dwErrCode=0x0) [0245.119] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", lpFilePart=0x19fa34*="8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml") returned 0x62 [0245.119] GetLastError () returned 0x0 [0245.119] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=8) returned 1 [0245.119] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=4) returned 1 [0245.119] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=8) returned 1 [0245.119] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml", cchCount2=4) returned 1 [0245.119] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.119] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml")) returned 0 [0245.119] GetLastError () returned 0x2 [0245.119] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml")) returned 0xffffffff [0245.120] SetLastError (dwErrCode=0x2) [0245.120] GetLastError () returned 0x2 [0245.120] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0245.120] LocalFree (hMem=0x92fe20) returned 0x0 [0245.120] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0245.121] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0245.121] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml")) returned 0x20 [0245.121] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34002719625) returned 1 [0245.121] GetCurrentThreadId () returned 0x1130 [0245.121] GetCurrentThreadId () returned 0x1130 [0245.121] GetCurrentThreadId () returned 0x1130 [0245.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C<-№M3fA$aHNcDy7\"X3EzMNYTSr@Va№DS&v*n\"^/xay>iB:T", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 52 [0245.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C<-№M3fA$aHNcDy7\"X3EzMNYTSr@Va№DS&v*n\"^/xay>iB:T", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 52 [0245.121] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C<-№M3fA$aHNcDy7\"X3EzMNYTSr@Va№DS&v*n\"^/xay>iB:T", cchWideChar=48, lpMultiByteStr=0x25337d8, cbMultiByte=52, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C<-â\x84\x96M3fA$aHNcDy7\"X3EzMNYTSr@Vaâ\x84\x96DS&v*n\"^/xay>iB:T", lpUsedDefaultChar=0x0) returned 52 [0245.121] GetCurrentThreadId () returned 0x1130 [0245.121] GetCurrentThreadId () returned 0x1130 [0245.121] GetCurrentThreadId () returned 0x1130 [0245.121] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.122] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0245.122] GetCurrentThreadId () returned 0x1130 [0245.122] GetCurrentThreadId () returned 0x1130 [0245.122] GetCurrentThreadId () returned 0x1130 [0245.122] GetCurrentThreadId () returned 0x1130 [0245.122] GetCurrentThreadId () returned 0x1130 [0245.122] GetCurrentThreadId () returned 0x1130 [0245.122] GetCurrentThreadId () returned 0x1130 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] malloc (_Size=0x64) returned 0x1d1338 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] GetCurrentThreadId () returned 0x1130 [0245.123] free (_Block=0x1d1338) [0245.123] malloc (_Size=0x60) returned 0x1d1338 [0245.123] free (_Block=0x1d1338) [0245.123] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.123] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa6d [0245.124] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.124] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.124] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa6d [0245.124] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.124] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xa6d, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xa6d, lpOverlapped=0x0) returned 1 [0245.126] malloc (_Size=0x8c) returned 0x1d1338 [0245.126] malloc (_Size=0xfc) returned 0x31d75d0 [0245.126] malloc (_Size=0x40) returned 0x1d14e8 [0245.126] GetCurrentThreadId () returned 0x1130 [0245.126] GetCurrentThreadId () returned 0x1130 [0245.126] GetCurrentThreadId () returned 0x1130 [0245.127] GetCurrentThreadId () returned 0x1130 [0245.127] GetCurrentThreadId () returned 0x1130 [0245.127] GetCurrentThreadId () returned 0x1130 [0245.127] GetCurrentThreadId () returned 0x1130 [0245.127] GetCurrentThreadId () returned 0x1130 [0245.127] GetCurrentThreadId () returned 0x1130 [0245.127] GetCurrentThreadId () returned 0x1130 [0245.127] GetCurrentThreadId () returned 0x1130 [0245.127] GetCurrentThreadId () returned 0x1130 [0245.127] malloc (_Size=0xa5c) returned 0x31e40b0 [0245.127] malloc (_Size=0x40) returned 0x1d7470 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] malloc (_Size=0xc) returned 0x31e1e20 [0245.128] malloc (_Size=0x720) returned 0x31d2860 [0245.128] malloc (_Size=0xe3c) returned 0x1d9aa8 [0245.128] free (_Block=0x31d2860) [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.128] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] free (_Block=0x31e40b0) [0245.129] free (_Block=0x1d14e8) [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.129] GetCurrentThreadId () returned 0x1130 [0245.130] GetCurrentThreadId () returned 0x1130 [0245.130] GetCurrentThreadId () returned 0x1130 [0245.130] GetCurrentThreadId () returned 0x1130 [0245.130] GetCurrentThreadId () returned 0x1130 [0245.130] GetCurrentThreadId () returned 0x1130 [0245.130] GetCurrentThreadId () returned 0x1130 [0245.130] GetCurrentThreadId () returned 0x1130 [0245.130] GetCurrentThreadId () returned 0x1130 [0245.130] free (_Block=0x1d9aa8) [0245.130] free (_Block=0x31e1e20) [0245.130] free (_Block=0x1d7470) [0245.130] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xe38, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xe38, lpOverlapped=0x0) returned 1 [0245.131] free (_Block=0x31d75d0) [0245.132] free (_Block=0x1d1338) [0245.132] CloseHandle (hObject=0x2b4) returned 1 [0245.132] CloseHandle (hObject=0x404) returned 1 [0245.132] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=8) returned 1 [0245.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=4) returned 1 [0245.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=8) returned 1 [0245.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=4) returned 1 [0245.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=8) returned 1 [0245.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=4) returned 1 [0245.133] SetLastError (dwErrCode=0x0) [0245.133] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", lpFilePart=0x19f9f8*="8d56e57b-8663-136d-ff69-a004e217825a.xml") returned 0x62 [0245.133] GetLastError () returned 0x0 [0245.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=8) returned 1 [0245.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=4) returned 1 [0245.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=8) returned 1 [0245.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=4) returned 1 [0245.133] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.133] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml")) returned 1 [0245.151] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x15, wMilliseconds=0x6a)) [0245.151] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0245.151] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.151] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0245.151] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.151] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0245.191] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.191] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0245.191] CloseHandle (hObject=0x404) returned 1 [0245.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8d56e57b-8663-136d-ff69-a004e217825a.xml]omgp:[C<-№M3fA$aHNcDy7\"X3EzMNYTSr@Va№DS&v*n\"^/xay>iB:T]", cchWideChar=102, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 102 [0245.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8d56e57b-8663-136d-ff69-a004e217825a.xml]omgp:[C<-№M3fA$aHNcDy7\"X3EzMNYTSr@Va№DS&v*n\"^/xay>iB:T]", cchWideChar=102, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 102 [0245.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8d56e57b-8663-136d-ff69-a004e217825a.xml]omgp:[C<-№M3fA$aHNcDy7\"X3EzMNYTSr@Va№DS&v*n\"^/xay>iB:T]", cchWideChar=102, lpMultiByteStr=0x2494888, cbMultiByte=102, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[8d56e57b-8663-136d-ff69-a004e217825a.xml]omgp:[C<-?M3fA$aHNcDy7\"X3EzMNYTSr@Va?DS&v*n\"^/xay>iB:T]", lpUsedDefaultChar=0x0) returned 102 [0245.198] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0245.198] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM=") returned 172 [0245.198] GetCurrentThreadId () returned 0x1130 [0245.198] GetCurrentThreadId () returned 0x1130 [0245.198] GetCurrentThreadId () returned 0x1130 [0245.198] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.198] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.198] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.198] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.198] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.198] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.198] SetLastError (dwErrCode=0x0) [0245.198] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320") returned 0x85 [0245.198] GetLastError () returned 0x0 [0245.198] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.198] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.198] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.199] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.199] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.199] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].wannacash ncov v310320")) returned 0x20 [0245.199] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [548].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.199] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0245.199] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.199] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xe38 [0245.199] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.199] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0245.200] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.200] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.200] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.200] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.200] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.200] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3") returned 197 [0245.200] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.200] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3") returned 197 [0245.200] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xe38 [0245.200] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.200] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.200] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DPpNefUMkjm6Op4oHkiRQHSULuaPzSd8izN+FnsEBo0+/s1SCg1qjys/VsVOzwON4tEWc+DweHHV6rHjNyTjXqodemQiYTHG7gzSR5E6AMRvX9ZbkFft/qHmHcPEUsqPu+J/K9R+9H7/mPCZN1xoZqmbErwJ+9SkEvQeKyklUYM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.201] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0245.201] CloseHandle (hObject=0x404) returned 1 [0245.201] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=8) returned 1 [0245.201] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=4) returned 1 [0245.201] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=8) returned 1 [0245.201] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=4) returned 1 [0245.201] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=8) returned 1 [0245.201] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=4) returned 1 [0245.201] SetLastError (dwErrCode=0x0) [0245.201] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", lpFilePart=0x19fa34*="8d56e57b-8663-136d-ff69-a004e217825a.xml") returned 0x62 [0245.201] GetLastError () returned 0x0 [0245.201] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=8) returned 1 [0245.201] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=4) returned 1 [0245.201] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=8) returned 1 [0245.201] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml", cchCount2=4) returned 1 [0245.202] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.202] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml")) returned 0 [0245.202] GetLastError () returned 0x2 [0245.202] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8d56e57b-8663-136d-ff69-a004e217825a.xml")) returned 0xffffffff [0245.202] SetLastError (dwErrCode=0x2) [0245.202] GetLastError () returned 0x2 [0245.202] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0245.202] LocalFree (hMem=0x92fe20) returned 0x0 [0245.202] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0245.202] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0245.203] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml")) returned 0x20 [0245.203] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34010889478) returned 1 [0245.203] GetCurrentThreadId () returned 0x1130 [0245.203] GetCurrentThreadId () returned 0x1130 [0245.203] GetCurrentThreadId () returned 0x1130 [0245.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P\\HmfV~rvTaj)9Vsh-%;iE=|-", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0245.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P\\HmfV~rvTaj)9Vsh-%;iE=|-", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0245.203] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P\\HmfV~rvTaj)9Vsh-%;iE=|-", cchWideChar=25, lpMultiByteStr=0x2508f10, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="P\\HmfV~rvTaj)9Vsh-%;iE=|-", lpUsedDefaultChar=0x0) returned 25 [0245.203] GetCurrentThreadId () returned 0x1130 [0245.203] GetCurrentThreadId () returned 0x1130 [0245.203] GetCurrentThreadId () returned 0x1130 [0245.203] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.203] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] malloc (_Size=0x64) returned 0x1d1338 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.204] GetCurrentThreadId () returned 0x1130 [0245.205] GetCurrentThreadId () returned 0x1130 [0245.205] free (_Block=0x1d1338) [0245.205] malloc (_Size=0x60) returned 0x1d1338 [0245.205] free (_Block=0x1d1338) [0245.205] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.205] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa67 [0245.205] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.205] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.205] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa67 [0245.205] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.205] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xa67, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xa67, lpOverlapped=0x0) returned 1 [0245.207] malloc (_Size=0x8c) returned 0x1d1338 [0245.207] malloc (_Size=0xfc) returned 0x31d7c00 [0245.207] malloc (_Size=0x40) returned 0x1d14e8 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] malloc (_Size=0xa5c) returned 0x31e40b0 [0245.207] malloc (_Size=0x40) returned 0x1d7470 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.207] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] malloc (_Size=0xc) returned 0x31e1e68 [0245.208] malloc (_Size=0x720) returned 0x31d2860 [0245.208] malloc (_Size=0xe3c) returned 0x1d9aa8 [0245.208] free (_Block=0x31d2860) [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.208] GetCurrentThreadId () returned 0x1130 [0245.209] free (_Block=0x31e40b0) [0245.209] free (_Block=0x1d14e8) [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] GetCurrentThreadId () returned 0x1130 [0245.209] free (_Block=0x1d9aa8) [0245.209] free (_Block=0x31e1e68) [0245.209] free (_Block=0x1d7470) [0245.209] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xe38, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xe38, lpOverlapped=0x0) returned 1 [0245.210] free (_Block=0x31d7c00) [0245.210] free (_Block=0x1d1338) [0245.211] CloseHandle (hObject=0x2b4) returned 1 [0245.211] CloseHandle (hObject=0x404) returned 1 [0245.211] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=8) returned 1 [0245.211] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=4) returned 1 [0245.211] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=8) returned 1 [0245.211] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=4) returned 1 [0245.211] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=8) returned 1 [0245.211] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=4) returned 1 [0245.211] SetLastError (dwErrCode=0x0) [0245.211] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", lpFilePart=0x19f9f8*="8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml") returned 0x62 [0245.211] GetLastError () returned 0x0 [0245.211] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=8) returned 1 [0245.211] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=4) returned 1 [0245.212] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=8) returned 1 [0245.212] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=4) returned 1 [0245.212] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.212] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml")) returned 1 [0245.213] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x15, wMilliseconds=0xa9)) [0245.213] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0245.213] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.213] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0245.213] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.213] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0245.213] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.213] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0245.213] CloseHandle (hObject=0x404) returned 1 [0245.214] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml]omgp:[P\\HmfV~rvTaj)9Vsh-%;iE=|-]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0245.214] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml]omgp:[P\\HmfV~rvTaj)9Vsh-%;iE=|-]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0245.214] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml]omgp:[P\\HmfV~rvTaj)9Vsh-%;iE=|-]", cchWideChar=79, lpMultiByteStr=0x251e0e8, cbMultiByte=79, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml]omgp:[P\\HmfV~rvTaj)9Vsh-%;iE=|-]", lpUsedDefaultChar=0x0) returned 79 [0245.220] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0245.220] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw=") returned 172 [0245.220] GetCurrentThreadId () returned 0x1130 [0245.220] GetCurrentThreadId () returned 0x1130 [0245.220] GetCurrentThreadId () returned 0x1130 [0245.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.220] SetLastError (dwErrCode=0x0) [0245.220] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320") returned 0x85 [0245.220] GetLastError () returned 0x0 [0245.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.220] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.221] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].wannacash ncov v310320")) returned 0x20 [0245.221] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [549].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.221] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0245.221] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.221] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xe38 [0245.221] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.221] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0245.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.221] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.221] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.221] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.221] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.221] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3") returned 197 [0245.221] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.221] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3") returned 197 [0245.221] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xe38 [0245.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.222] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zQ2ueL1mpoIf6nNgFTuFldAzPkYTV55T1+wWJuU7Ta/Cyw7nehSCJ+AXTOmHWeeoQHHLTUii5aR6HmuY5rD9/iUvvxWnOX4aPbxtr6XxaksuiXKDOIjTgiOtcSky2c5GlSvXJXY88tJ04KmQJBCjKXh3BXM5EmoosY2+f7p3oSw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.222] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0245.222] CloseHandle (hObject=0x404) returned 1 [0245.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=8) returned 1 [0245.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=4) returned 1 [0245.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=8) returned 1 [0245.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=4) returned 1 [0245.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=8) returned 1 [0245.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=4) returned 1 [0245.222] SetLastError (dwErrCode=0x0) [0245.222] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", lpFilePart=0x19fa34*="8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml") returned 0x62 [0245.222] GetLastError () returned 0x0 [0245.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=8) returned 1 [0245.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=4) returned 1 [0245.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=8) returned 1 [0245.222] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml", cchCount2=4) returned 1 [0245.222] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.222] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml")) returned 0 [0245.223] GetLastError () returned 0x2 [0245.223] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml")) returned 0xffffffff [0245.223] SetLastError (dwErrCode=0x2) [0245.223] GetLastError () returned 0x2 [0245.223] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0245.223] LocalFree (hMem=0x92fe20) returned 0x0 [0245.223] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0245.223] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0245.223] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\91edce6b-d93b-f186-c4e2-d38502cc520e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\91edce6b-d93b-f186-c4e2-d38502cc520e.xml")) returned 0x20 [0245.223] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34012954581) returned 1 [0245.223] GetCurrentThreadId () returned 0x1130 [0245.223] GetCurrentThreadId () returned 0x1130 [0245.224] GetCurrentThreadId () returned 0x1130 [0245.224] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_3po9C`_DvoGsowG(KJD:>w8M%95P/(8]", lpUsedDefaultChar=0x0) returned 88 [0245.725] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0245.725] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY=") returned 172 [0245.725] GetCurrentThreadId () returned 0x1130 [0245.725] GetCurrentThreadId () returned 0x1130 [0245.725] GetCurrentThreadId () returned 0x1130 [0245.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.726] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.726] SetLastError (dwErrCode=0x0) [0245.726] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320") returned 0x85 [0245.726] GetLastError () returned 0x0 [0245.726] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.726] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.726] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.726] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.726] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.726] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].wannacash ncov v310320")) returned 0x20 [0245.726] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [561].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.727] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0245.727] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.727] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x12e3 [0245.727] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.727] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0245.727] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.727] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.727] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.727] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.727] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3") returned 197 [0245.727] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.727] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3") returned 197 [0245.727] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x12e3 [0245.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.728] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qlqzLCb9K8SmAulxlbJBYTjqP1Djy8UwSXhh/fAmOgHpXtJ2J6riEb1UGaZbaNrjPchoGxNMz+DhjuOB7OBOnWfhp8VETRIswIflRT14/eLZny4vuOloY8CW+eTzxtrAKuvComik1La4VJ1D5Fd3h/fRt4RACrIqSXhU6HzXTUY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.728] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0245.728] CloseHandle (hObject=0x404) returned 1 [0245.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", cchCount2=8) returned 1 [0245.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", cchCount2=4) returned 1 [0245.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", cchCount2=8) returned 1 [0245.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", cchCount2=4) returned 1 [0245.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", cchCount2=8) returned 1 [0245.728] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", cchCount2=4) returned 1 [0245.728] SetLastError (dwErrCode=0x0) [0245.728] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", lpFilePart=0x19fa34*="bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml") returned 0x62 [0245.729] GetLastError () returned 0x0 [0245.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", cchCount2=8) returned 1 [0245.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", cchCount2=4) returned 1 [0245.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", cchCount2=8) returned 1 [0245.729] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml", cchCount2=4) returned 1 [0245.729] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.729] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml")) returned 0 [0245.729] GetLastError () returned 0x2 [0245.729] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml")) returned 0xffffffff [0245.729] SetLastError (dwErrCode=0x2) [0245.729] GetLastError () returned 0x2 [0245.729] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0245.729] LocalFree (hMem=0x92fe20) returned 0x0 [0245.729] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0245.731] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0245.731] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml")) returned 0x20 [0245.732] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34063782352) returned 1 [0245.732] GetCurrentThreadId () returned 0x1130 [0245.732] GetCurrentThreadId () returned 0x1130 [0245.732] GetCurrentThreadId () returned 0x1130 [0245.732] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}dXi#d{)n93,aoT))\\.BOP#x`", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0245.732] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}dXi#d{)n93,aoT))\\.BOP#x`", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0245.732] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}dXi#d{)n93,aoT))\\.BOP#x`", cchWideChar=25, lpMultiByteStr=0x2508ee8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="}dXi#d{)n93,aoT))\\.BOP#x`", lpUsedDefaultChar=0x0) returned 25 [0245.732] GetCurrentThreadId () returned 0x1130 [0245.732] GetCurrentThreadId () returned 0x1130 [0245.732] GetCurrentThreadId () returned 0x1130 [0245.732] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.732] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] GetCurrentThreadId () returned 0x1130 [0245.733] malloc (_Size=0x64) returned 0x1d1338 [0245.734] GetCurrentThreadId () returned 0x1130 [0245.734] GetCurrentThreadId () returned 0x1130 [0245.734] GetCurrentThreadId () returned 0x1130 [0245.734] GetCurrentThreadId () returned 0x1130 [0245.734] GetCurrentThreadId () returned 0x1130 [0245.734] GetCurrentThreadId () returned 0x1130 [0245.734] free (_Block=0x1d1338) [0245.734] malloc (_Size=0x60) returned 0x1d1338 [0245.734] free (_Block=0x1d1338) [0245.734] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.734] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa41 [0245.734] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.734] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.734] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa41 [0245.734] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.734] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xa41, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xa41, lpOverlapped=0x0) returned 1 [0245.737] malloc (_Size=0x8c) returned 0x1d1338 [0245.737] malloc (_Size=0xfc) returned 0x31d70a8 [0245.737] malloc (_Size=0x40) returned 0x1d14e8 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.737] malloc (_Size=0xa5c) returned 0x31e40b0 [0245.737] malloc (_Size=0x40) returned 0x1d7470 [0245.737] GetCurrentThreadId () returned 0x1130 [0245.738] GetCurrentThreadId () returned 0x1130 [0245.738] GetCurrentThreadId () returned 0x1130 [0245.738] GetCurrentThreadId () returned 0x1130 [0245.738] GetCurrentThreadId () returned 0x1130 [0245.738] GetCurrentThreadId () returned 0x1130 [0245.738] GetCurrentThreadId () returned 0x1130 [0245.738] GetCurrentThreadId () returned 0x1130 [0245.738] GetCurrentThreadId () returned 0x1130 [0245.738] GetCurrentThreadId () returned 0x1130 [0245.738] GetCurrentThreadId () returned 0x1130 [0245.738] GetCurrentThreadId () returned 0x1130 [0245.738] malloc (_Size=0xc) returned 0x31e1ec8 [0245.738] malloc (_Size=0x720) returned 0x31d2860 [0245.738] malloc (_Size=0xe3c) returned 0x1d9aa8 [0245.739] free (_Block=0x31d2860) [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] free (_Block=0x31e40b0) [0245.739] free (_Block=0x1d14e8) [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.739] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] GetCurrentThreadId () returned 0x1130 [0245.740] free (_Block=0x1d9aa8) [0245.740] free (_Block=0x31e1ec8) [0245.740] free (_Block=0x1d7470) [0245.740] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xe10, lpOverlapped=0x0) returned 1 [0245.741] free (_Block=0x31d70a8) [0245.742] free (_Block=0x1d1338) [0245.742] CloseHandle (hObject=0x2b4) returned 1 [0245.742] CloseHandle (hObject=0x404) returned 1 [0245.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=8) returned 1 [0245.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=4) returned 1 [0245.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=8) returned 1 [0245.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=4) returned 1 [0245.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=8) returned 1 [0245.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=4) returned 1 [0245.743] SetLastError (dwErrCode=0x0) [0245.743] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", lpFilePart=0x19f9f8*="bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml") returned 0x62 [0245.743] GetLastError () returned 0x0 [0245.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=8) returned 1 [0245.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=4) returned 1 [0245.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=8) returned 1 [0245.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=4) returned 1 [0245.743] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.743] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml")) returned 1 [0245.745] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x15, wMilliseconds=0x2bc)) [0245.745] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0245.745] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.745] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0245.747] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.747] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0245.747] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.748] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0245.748] CloseHandle (hObject=0x404) returned 1 [0245.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml]omgp:[}dXi#d{)n93,aoT))\\.BOP#x`]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0245.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml]omgp:[}dXi#d{)n93,aoT))\\.BOP#x`]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0245.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml]omgp:[}dXi#d{)n93,aoT))\\.BOP#x`]", cchWideChar=79, lpMultiByteStr=0x251e148, cbMultiByte=79, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml]omgp:[}dXi#d{)n93,aoT))\\.BOP#x`]", lpUsedDefaultChar=0x0) returned 79 [0245.757] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0245.757] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4=") returned 172 [0245.757] GetCurrentThreadId () returned 0x1130 [0245.757] GetCurrentThreadId () returned 0x1130 [0245.757] GetCurrentThreadId () returned 0x1130 [0245.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.758] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.758] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.758] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.758] SetLastError (dwErrCode=0x0) [0245.758] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320") returned 0x85 [0245.758] GetLastError () returned 0x0 [0245.758] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.758] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.758] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.758] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.758] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.758] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].wannacash ncov v310320")) returned 0x20 [0245.758] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [562].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.759] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0245.759] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.759] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xe10 [0245.759] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.759] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0245.759] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.759] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.759] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.759] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.759] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.759] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3") returned 197 [0245.759] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.760] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3") returned 197 [0245.760] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xe10 [0245.760] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.760] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.760] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VArM5Gopeo3ydp0aqB+U4Kb7Kx/s2eSGj1PCqtKdnOuOVbgB/Ii7wvLuLuoj1xUFwgVxn0GNwykBkdv0x1Ys8j43Y3bSkpZTWCGQGXqtCv/QGsigU6GX8Mc3rXttkj7BBVvuoeWrCQOK2Nvnd8BUn1VVs9nG0OcY1YUQzvZ92l4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.760] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0245.760] CloseHandle (hObject=0x404) returned 1 [0245.760] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=8) returned 1 [0245.760] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=4) returned 1 [0245.761] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=8) returned 1 [0245.761] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=4) returned 1 [0245.761] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=8) returned 1 [0245.761] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=4) returned 1 [0245.807] SetLastError (dwErrCode=0x0) [0245.808] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", lpFilePart=0x19fa34*="bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml") returned 0x62 [0245.808] GetLastError () returned 0x0 [0245.808] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=8) returned 1 [0245.808] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=4) returned 1 [0245.808] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=8) returned 1 [0245.808] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml", cchCount2=4) returned 1 [0245.808] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.809] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml")) returned 0 [0245.809] GetLastError () returned 0x2 [0245.809] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml")) returned 0xffffffff [0245.809] SetLastError (dwErrCode=0x2) [0245.809] GetLastError () returned 0x2 [0245.809] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0245.809] LocalFree (hMem=0x92fe20) returned 0x0 [0245.809] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0245.810] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0245.810] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml")) returned 0x20 [0245.810] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34071628013) returned 1 [0245.810] GetCurrentThreadId () returned 0x1130 [0245.810] GetCurrentThreadId () returned 0x1130 [0245.810] GetCurrentThreadId () returned 0x1130 [0245.810] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdaQkBpu3g}nYS%L!5ICYpboOPSPkf):uj@$", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0245.810] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdaQkBpu3g}nYS%L!5ICYpboOPSPkf):uj@$", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0245.810] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="AdaQkBpu3g}nYS%L!5ICYpboOPSPkf):uj@$", cchWideChar=36, lpMultiByteStr=0x250f7b8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AdaQkBpu3g}nYS%L!5ICYpboOPSPkf):uj@$\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 36 [0245.811] GetCurrentThreadId () returned 0x1130 [0245.811] GetCurrentThreadId () returned 0x1130 [0245.811] GetCurrentThreadId () returned 0x1130 [0245.811] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.811] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] malloc (_Size=0x64) returned 0x1d1338 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.812] GetCurrentThreadId () returned 0x1130 [0245.813] GetCurrentThreadId () returned 0x1130 [0245.813] GetCurrentThreadId () returned 0x1130 [0245.813] GetCurrentThreadId () returned 0x1130 [0245.813] free (_Block=0x1d1338) [0245.813] malloc (_Size=0x60) returned 0x1d1338 [0245.813] free (_Block=0x1d1338) [0245.813] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.813] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa62 [0245.813] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.813] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.813] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa62 [0245.814] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.814] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xa62, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xa62, lpOverlapped=0x0) returned 1 [0245.817] malloc (_Size=0x8c) returned 0x1d1338 [0245.818] malloc (_Size=0xfc) returned 0x31d78e8 [0245.818] malloc (_Size=0x40) returned 0x1d14e8 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] malloc (_Size=0xa5c) returned 0x31e40b0 [0245.818] malloc (_Size=0x40) returned 0x1d7470 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.818] GetCurrentThreadId () returned 0x1130 [0245.819] GetCurrentThreadId () returned 0x1130 [0245.819] GetCurrentThreadId () returned 0x1130 [0245.819] malloc (_Size=0xc) returned 0x31e1e50 [0245.819] malloc (_Size=0x720) returned 0x31d2860 [0245.819] malloc (_Size=0xe3c) returned 0x1d9aa8 [0245.819] free (_Block=0x31d2860) [0245.819] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.820] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] free (_Block=0x31e40b0) [0245.821] free (_Block=0x1d14e8) [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.821] GetCurrentThreadId () returned 0x1130 [0245.822] free (_Block=0x1d9aa8) [0245.822] free (_Block=0x31e1e50) [0245.822] free (_Block=0x1d7470) [0245.822] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xe38, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xe38, lpOverlapped=0x0) returned 1 [0245.825] free (_Block=0x31d78e8) [0245.825] free (_Block=0x1d1338) [0245.825] CloseHandle (hObject=0x2b4) returned 1 [0245.825] CloseHandle (hObject=0x404) returned 1 [0245.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=8) returned 1 [0245.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=4) returned 1 [0245.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=8) returned 1 [0245.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=4) returned 1 [0245.865] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=8) returned 1 [0245.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=4) returned 1 [0245.866] SetLastError (dwErrCode=0x0) [0245.866] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", lpFilePart=0x19f9f8*="bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml") returned 0x62 [0245.866] GetLastError () returned 0x0 [0245.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=8) returned 1 [0245.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=4) returned 1 [0245.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=8) returned 1 [0245.866] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=4) returned 1 [0245.866] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.866] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml")) returned 1 [0245.868] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x15, wMilliseconds=0x343)) [0245.868] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0245.868] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.868] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0245.868] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.868] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0245.868] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0245.868] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0245.868] CloseHandle (hObject=0x404) returned 1 [0245.869] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml]omgp:[AdaQkBpu3g}nYS%L!5ICYpboOPSPkf):uj@$]", cchWideChar=90, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 90 [0245.869] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml]omgp:[AdaQkBpu3g}nYS%L!5ICYpboOPSPkf):uj@$]", cchWideChar=90, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 90 [0245.869] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml]omgp:[AdaQkBpu3g}nYS%L!5ICYpboOPSPkf):uj@$]", cchWideChar=90, lpMultiByteStr=0x253b180, cbMultiByte=90, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml]omgp:[AdaQkBpu3g}nYS%L!5ICYpboOPSPkf):uj@$]", lpUsedDefaultChar=0x0) returned 90 [0245.878] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0245.878] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8=") returned 172 [0245.878] GetCurrentThreadId () returned 0x1130 [0245.878] GetCurrentThreadId () returned 0x1130 [0245.878] GetCurrentThreadId () returned 0x1130 [0245.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.878] SetLastError (dwErrCode=0x0) [0245.878] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320") returned 0x85 [0245.878] GetLastError () returned 0x0 [0245.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0245.878] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0245.878] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.878] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].wannacash ncov v310320")) returned 0x20 [0245.879] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [563].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.879] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0245.879] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.879] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xe38 [0245.879] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0245.879] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0245.879] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.879] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.879] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.879] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.879] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.879] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.879] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.879] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3") returned 197 [0245.879] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0245.879] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3") returned 197 [0245.879] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xe38 [0245.880] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.880] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0245.880] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:0xjk4OLcPCkwv2l3c4eO8QKOT9zZBdgKaSv0sheVYnwI6L9XD9f62WB7QIqRSLL3112hRRKKa7IvWVIfYaRKrYbgrthuQltHFOjoqUVq69uaTFVR1jrFb5EPMk3YhIaFAoGpU3O0rv5QABL7QVoh5lcv3J5mkwuejgSfn8OJlj8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0245.880] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0245.880] CloseHandle (hObject=0x404) returned 1 [0245.880] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=8) returned 1 [0245.881] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=4) returned 1 [0245.881] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=8) returned 1 [0245.881] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=4) returned 1 [0245.881] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=8) returned 1 [0245.881] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=4) returned 1 [0245.881] SetLastError (dwErrCode=0x0) [0245.881] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", lpFilePart=0x19fa34*="bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml") returned 0x62 [0245.881] GetLastError () returned 0x0 [0245.881] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=8) returned 1 [0245.881] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=4) returned 1 [0245.881] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=8) returned 1 [0245.881] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml", cchCount2=4) returned 1 [0245.881] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0245.881] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml")) returned 0 [0245.881] GetLastError () returned 0x2 [0245.881] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml")) returned 0xffffffff [0245.882] SetLastError (dwErrCode=0x2) [0245.882] GetLastError () returned 0x2 [0245.882] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0245.882] LocalFree (hMem=0x92fe20) returned 0x0 [0245.882] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0245.882] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0245.882] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml")) returned 0x20 [0245.885] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34079085917) returned 1 [0245.885] GetCurrentThreadId () returned 0x1130 [0245.885] GetCurrentThreadId () returned 0x1130 [0245.885] GetCurrentThreadId () returned 0x1130 [0245.885] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="u:_mP$&^lhysVh.ze!DM(,)PH(woq;KmG\\PIY#2|;Z98#n", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0245.885] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="u:_mP$&^lhysVh.ze!DM(,)PH(woq;KmG\\PIY#2|;Z98#n", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0245.885] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="u:_mP$&^lhysVh.ze!DM(,)PH(woq;KmG\\PIY#2|;Z98#n", cchWideChar=46, lpMultiByteStr=0x25337d8, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="u:_mP$&^lhysVh.ze!DM(,)PH(woq;KmG\\PIY#2|;Z98#n", lpUsedDefaultChar=0x0) returned 46 [0245.885] GetCurrentThreadId () returned 0x1130 [0245.885] GetCurrentThreadId () returned 0x1130 [0245.885] GetCurrentThreadId () returned 0x1130 [0245.885] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0245.885] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] malloc (_Size=0x64) returned 0x1d1338 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] GetCurrentThreadId () returned 0x1130 [0245.886] free (_Block=0x1d1338) [0245.886] malloc (_Size=0x60) returned 0x1d1338 [0245.886] free (_Block=0x1d1338) [0245.887] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.887] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1aa7 [0245.887] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.887] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.887] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1aa7 [0245.887] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0245.887] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x1aa7, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x1aa7, lpOverlapped=0x0) returned 1 [0246.031] malloc (_Size=0x8c) returned 0x1d1338 [0246.031] malloc (_Size=0xfc) returned 0x31d79f0 [0246.031] malloc (_Size=0x40) returned 0x1d14e8 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.031] GetCurrentThreadId () returned 0x1130 [0246.032] malloc (_Size=0xa5c) returned 0x31e40b0 [0246.032] malloc (_Size=0x40) returned 0x1d7470 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] GetCurrentThreadId () returned 0x1130 [0246.032] malloc (_Size=0xc) returned 0x31e1ca0 [0246.032] malloc (_Size=0x720) returned 0x31d2860 [0246.032] malloc (_Size=0xe3c) returned 0x1d9aa8 [0246.032] free (_Block=0x31d2860) [0246.032] malloc (_Size=0x15ac) returned 0x1da8f0 [0246.033] free (_Block=0x1d9aa8) [0246.033] malloc (_Size=0x23e4) returned 0x1dbea8 [0246.033] free (_Block=0x1da8f0) [0246.033] malloc (_Size=0x3014) returned 0x3a60048 [0246.033] free (_Block=0x1dbea8) [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] free (_Block=0x31e40b0) [0246.034] free (_Block=0x1d14e8) [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.034] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] GetCurrentThreadId () returned 0x1130 [0246.035] free (_Block=0x3a60048) [0246.036] free (_Block=0x31e1ca0) [0246.036] free (_Block=0x1d7470) [0246.036] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b9e08*, nNumberOfBytesToWrite=0x243b, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b9e08*, lpNumberOfBytesWritten=0x19fbbc*=0x243b, lpOverlapped=0x0) returned 1 [0246.038] free (_Block=0x31d79f0) [0246.038] free (_Block=0x1d1338) [0246.038] CloseHandle (hObject=0x2b4) returned 1 [0246.038] CloseHandle (hObject=0x404) returned 1 [0246.039] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=8) returned 1 [0246.039] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=4) returned 1 [0246.039] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=8) returned 1 [0246.039] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=4) returned 1 [0246.039] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=8) returned 1 [0246.039] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=4) returned 1 [0246.039] SetLastError (dwErrCode=0x0) [0246.039] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", lpFilePart=0x19f9f8*="be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml") returned 0x62 [0246.039] GetLastError () returned 0x0 [0246.039] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=8) returned 1 [0246.039] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=4) returned 1 [0246.039] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=8) returned 1 [0246.039] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=4) returned 1 [0246.039] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.039] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml")) returned 1 [0246.041] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x16, wMilliseconds=0x7)) [0246.041] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0246.041] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.041] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0246.041] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.041] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0246.042] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.042] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0246.043] CloseHandle (hObject=0x404) returned 1 [0246.043] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml]omgp:[u:_mP$&^lhysVh.ze!DM(,)PH(woq;KmG\\PIY#2|;Z98#n]", cchWideChar=100, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 100 [0246.043] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml]omgp:[u:_mP$&^lhysVh.ze!DM(,)PH(woq;KmG\\PIY#2|;Z98#n]", cchWideChar=100, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 100 [0246.043] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml]omgp:[u:_mP$&^lhysVh.ze!DM(,)PH(woq;KmG\\PIY#2|;Z98#n]", cchWideChar=100, lpMultiByteStr=0x24203a8, cbMultiByte=100, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml]omgp:[u:_mP$&^lhysVh.ze!DM(,)PH(woq;KmG\\PIY#2|;Z98#n]pòA\x02\x14\\U", lpUsedDefaultChar=0x0) returned 100 [0246.051] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0246.051] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk=") returned 172 [0246.051] GetCurrentThreadId () returned 0x1130 [0246.051] GetCurrentThreadId () returned 0x1130 [0246.051] GetCurrentThreadId () returned 0x1130 [0246.051] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.051] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.051] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.051] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.051] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.051] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.051] SetLastError (dwErrCode=0x0) [0246.051] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320") returned 0x85 [0246.051] GetLastError () returned 0x0 [0246.051] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.051] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.052] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.052] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.052] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].wannacash ncov v310320")) returned 0x20 [0246.052] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [564].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.052] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0246.052] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.052] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x243b [0246.053] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.053] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0246.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.053] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.053] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.053] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3") returned 197 [0246.053] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.053] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3") returned 197 [0246.053] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x243b [0246.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.053] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:jSurNuRJ2Ijtf3wcXyWSATk0n/LDEjLsPGjimjrQnyPHlf+vGtGoA4Sz1vML+AtXjMpGANoZvfnmF7TrA4qXJtbb3A9X/fce/uTFf5HfG7Qp+WJX8iBqsGOqhFv7HSBEJt7/6pTy1oatsn0PoAvw/S8OQPz9ZKrf9KXoBv5RQyk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.053] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0246.054] CloseHandle (hObject=0x404) returned 1 [0246.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=8) returned 1 [0246.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=4) returned 1 [0246.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=8) returned 1 [0246.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=4) returned 1 [0246.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=8) returned 1 [0246.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=4) returned 1 [0246.054] SetLastError (dwErrCode=0x0) [0246.054] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", lpFilePart=0x19fa34*="be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml") returned 0x62 [0246.054] GetLastError () returned 0x0 [0246.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=8) returned 1 [0246.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=4) returned 1 [0246.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=8) returned 1 [0246.054] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml", cchCount2=4) returned 1 [0246.054] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.054] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml")) returned 0 [0246.055] GetLastError () returned 0x2 [0246.055] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\be7366a7-9d6c-ef6d-2f6b-fe59a23f007c.xml")) returned 0xffffffff [0246.055] SetLastError (dwErrCode=0x2) [0246.055] GetLastError () returned 0x2 [0246.055] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0246.055] LocalFree (hMem=0x92fe20) returned 0x0 [0246.055] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0246.055] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0246.055] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml")) returned 0x20 [0246.056] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34096180099) returned 1 [0246.056] GetCurrentThreadId () returned 0x1130 [0246.056] GetCurrentThreadId () returned 0x1130 [0246.056] GetCurrentThreadId () returned 0x1130 [0246.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="41m_4p/gz&olr\\3zqLQ(;Kd(?aPnAC8^.{uny#/hJN", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0246.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="41m_4p/gz&olr\\3zqLQ(;Kd(?aPnAC8^.{uny#/hJN", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0246.056] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="41m_4p/gz&olr\\3zqLQ(;Kd(?aPnAC8^.{uny#/hJN", cchWideChar=42, lpMultiByteStr=0x2525040, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="41m_4p/gz&olr\\3zqLQ(;Kd(?aPnAC8^.{uny#/hJN", lpUsedDefaultChar=0x0) returned 42 [0246.056] GetCurrentThreadId () returned 0x1130 [0246.056] GetCurrentThreadId () returned 0x1130 [0246.056] GetCurrentThreadId () returned 0x1130 [0246.056] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.056] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0246.057] GetCurrentThreadId () returned 0x1130 [0246.057] GetCurrentThreadId () returned 0x1130 [0246.057] GetCurrentThreadId () returned 0x1130 [0246.057] GetCurrentThreadId () returned 0x1130 [0246.057] GetCurrentThreadId () returned 0x1130 [0246.057] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] malloc (_Size=0x64) returned 0x1d1338 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] GetCurrentThreadId () returned 0x1130 [0246.058] free (_Block=0x1d1338) [0246.058] malloc (_Size=0x60) returned 0x1d1338 [0246.058] free (_Block=0x1d1338) [0246.058] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.058] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa6b [0246.059] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.059] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.059] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xa6b [0246.059] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.059] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xa6b, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xa6b, lpOverlapped=0x0) returned 1 [0246.061] malloc (_Size=0x8c) returned 0x1d1338 [0246.061] malloc (_Size=0xfc) returned 0x31d7d08 [0246.061] malloc (_Size=0x40) returned 0x1d14e8 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.061] GetCurrentThreadId () returned 0x1130 [0246.062] malloc (_Size=0xa5c) returned 0x31e40b0 [0246.062] malloc (_Size=0x40) returned 0x1d7470 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] GetCurrentThreadId () returned 0x1130 [0246.062] malloc (_Size=0xc) returned 0x31e1dc0 [0246.062] malloc (_Size=0x720) returned 0x31d2860 [0246.062] malloc (_Size=0xe3c) returned 0x1d9aa8 [0246.063] free (_Block=0x31d2860) [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] free (_Block=0x31e40b0) [0246.063] free (_Block=0x1d14e8) [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.063] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] GetCurrentThreadId () returned 0x1130 [0246.064] free (_Block=0x1d9aa8) [0246.064] free (_Block=0x31e1dc0) [0246.064] free (_Block=0x1d7470) [0246.064] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xe38, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xe38, lpOverlapped=0x0) returned 1 [0246.065] free (_Block=0x31d7d08) [0246.066] free (_Block=0x1d1338) [0246.066] CloseHandle (hObject=0x2b4) returned 1 [0246.066] CloseHandle (hObject=0x404) returned 1 [0246.066] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=8) returned 1 [0246.066] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=4) returned 1 [0246.066] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=8) returned 1 [0246.066] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=4) returned 1 [0246.066] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=8) returned 1 [0246.066] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=4) returned 1 [0246.066] SetLastError (dwErrCode=0x0) [0246.067] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", lpFilePart=0x19f9f8*="c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml") returned 0x62 [0246.067] GetLastError () returned 0x0 [0246.067] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=8) returned 1 [0246.067] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=4) returned 1 [0246.067] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=8) returned 1 [0246.067] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=4) returned 1 [0246.067] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.067] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml")) returned 1 [0246.116] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x16, wMilliseconds=0x55)) [0246.116] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0246.117] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0246.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0246.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.117] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0246.117] CloseHandle (hObject=0x404) returned 1 [0246.117] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml]omgp:[41m_4p/gz&olr\\3zqLQ(;Kd(?aPnAC8^.{uny#/hJN]", cchWideChar=96, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 96 [0246.117] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml]omgp:[41m_4p/gz&olr\\3zqLQ(;Kd(?aPnAC8^.{uny#/hJN]", cchWideChar=96, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 96 [0246.117] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml]omgp:[41m_4p/gz&olr\\3zqLQ(;Kd(?aPnAC8^.{uny#/hJN]", cchWideChar=96, lpMultiByteStr=0x24203a8, cbMultiByte=96, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml]omgp:[41m_4p/gz&olr\\3zqLQ(;Kd(?aPnAC8^.{uny#/hJN]8#n]pòA\x02\x14\\U", lpUsedDefaultChar=0x0) returned 96 [0246.125] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0246.125] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8=") returned 172 [0246.125] GetCurrentThreadId () returned 0x1130 [0246.125] GetCurrentThreadId () returned 0x1130 [0246.125] GetCurrentThreadId () returned 0x1130 [0246.126] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.126] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.126] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.126] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.126] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.126] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.126] SetLastError (dwErrCode=0x0) [0246.126] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320") returned 0x85 [0246.126] GetLastError () returned 0x0 [0246.126] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.126] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.126] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.126] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.126] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.126] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].wannacash ncov v310320")) returned 0x20 [0246.127] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [565].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.127] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0246.127] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.127] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xe38 [0246.127] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.127] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0246.127] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.127] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.127] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.127] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.128] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.128] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3") returned 197 [0246.128] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.128] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3") returned 197 [0246.128] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xe38 [0246.128] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.128] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.128] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tZ2O1aj8zHwtnLKHei7kQJxuteVpssTG/c2lNr4c/G+cd9h+Pf966Ulgysj+mGz1Rip++OrNDV/Hd/A9mowOgfxCu6NU5aAFyTkUmqZxp8VnUvKav5OkEELP26KDsciEd7N+LGqOnix13Ioqttm8nKAse7Nu5B4J/t8CHz+/PA8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.128] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0246.129] CloseHandle (hObject=0x404) returned 1 [0246.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=8) returned 1 [0246.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=4) returned 1 [0246.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=8) returned 1 [0246.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=4) returned 1 [0246.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=8) returned 1 [0246.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=4) returned 1 [0246.129] SetLastError (dwErrCode=0x0) [0246.129] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", lpFilePart=0x19fa34*="c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml") returned 0x62 [0246.129] GetLastError () returned 0x0 [0246.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=8) returned 1 [0246.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=4) returned 1 [0246.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=8) returned 1 [0246.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml", cchCount2=4) returned 1 [0246.129] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.129] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml")) returned 0 [0246.130] GetLastError () returned 0x2 [0246.130] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml")) returned 0xffffffff [0246.130] SetLastError (dwErrCode=0x2) [0246.130] GetLastError () returned 0x2 [0246.130] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0246.130] LocalFree (hMem=0x92fe20) returned 0x0 [0246.130] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0246.131] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0246.131] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml")) returned 0x20 [0246.131] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34103731228) returned 1 [0246.131] GetCurrentThreadId () returned 0x1130 [0246.131] GetCurrentThreadId () returned 0x1130 [0246.131] GetCurrentThreadId () returned 0x1130 [0246.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Li5luO5\"*x?U%+|Mh:JpprzgWJUS/+6", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0246.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Li5luO5\"*x?U%+|Mh:JpprzgWJUS/+6", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0246.131] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Li5luO5\"*x?U%+|Mh:JpprzgWJUS/+6", cchWideChar=31, lpMultiByteStr=0x250f7b8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Li5luO5\"*x?U%+|Mh:JpprzgWJUS/+6", lpUsedDefaultChar=0x0) returned 31 [0246.131] GetCurrentThreadId () returned 0x1130 [0246.131] GetCurrentThreadId () returned 0x1130 [0246.132] GetCurrentThreadId () returned 0x1130 [0246.132] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.132] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0246.132] GetCurrentThreadId () returned 0x1130 [0246.132] GetCurrentThreadId () returned 0x1130 [0246.132] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] malloc (_Size=0x64) returned 0x1d1338 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] GetCurrentThreadId () returned 0x1130 [0246.133] free (_Block=0x1d1338) [0246.133] malloc (_Size=0x60) returned 0x1d1338 [0246.133] free (_Block=0x1d1338) [0246.133] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.134] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc91 [0246.134] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.134] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.134] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc91 [0246.134] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.134] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc91, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc91, lpOverlapped=0x0) returned 1 [0246.136] malloc (_Size=0x8c) returned 0x1d1338 [0246.136] malloc (_Size=0xfc) returned 0x31d71b0 [0246.136] malloc (_Size=0x40) returned 0x1d14e8 [0246.136] GetCurrentThreadId () returned 0x1130 [0246.136] GetCurrentThreadId () returned 0x1130 [0246.136] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] malloc (_Size=0xa5c) returned 0x31e40b0 [0246.137] malloc (_Size=0x40) returned 0x1d7470 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] GetCurrentThreadId () returned 0x1130 [0246.137] malloc (_Size=0xc) returned 0x31e1ec8 [0246.137] malloc (_Size=0x720) returned 0x31d2860 [0246.137] malloc (_Size=0xe3c) returned 0x1d9aa8 [0246.138] free (_Block=0x31d2860) [0246.138] malloc (_Size=0x15ac) returned 0x1da8f0 [0246.138] free (_Block=0x1d9aa8) [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] GetCurrentThreadId () returned 0x1130 [0246.138] free (_Block=0x31e40b0) [0246.139] free (_Block=0x1d14e8) [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] GetCurrentThreadId () returned 0x1130 [0246.139] free (_Block=0x1da8f0) [0246.139] free (_Block=0x31e1ec8) [0246.139] free (_Block=0x1d7470) [0246.139] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x1130, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1130, lpOverlapped=0x0) returned 1 [0246.141] free (_Block=0x31d71b0) [0246.141] free (_Block=0x1d1338) [0246.141] CloseHandle (hObject=0x2b4) returned 1 [0246.141] CloseHandle (hObject=0x404) returned 1 [0246.142] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=8) returned 1 [0246.142] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=4) returned 1 [0246.142] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=8) returned 1 [0246.142] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=4) returned 1 [0246.142] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=8) returned 1 [0246.142] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=4) returned 1 [0246.142] SetLastError (dwErrCode=0x0) [0246.142] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", lpFilePart=0x19f9f8*="c94a6c18-d496-da1c-8a02-fc6976e0145e.xml") returned 0x62 [0246.142] GetLastError () returned 0x0 [0246.142] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=8) returned 1 [0246.142] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=4) returned 1 [0246.142] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=8) returned 1 [0246.142] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=4) returned 1 [0246.142] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.142] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml")) returned 1 [0246.144] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x16, wMilliseconds=0x64)) [0246.144] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0246.144] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.144] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0246.144] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.144] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0246.144] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.144] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0246.144] CloseHandle (hObject=0x404) returned 1 [0246.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[c94a6c18-d496-da1c-8a02-fc6976e0145e.xml]omgp:[Li5luO5\"*x?U%+|Mh:JpprzgWJUS/+6]", cchWideChar=85, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 85 [0246.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[c94a6c18-d496-da1c-8a02-fc6976e0145e.xml]omgp:[Li5luO5\"*x?U%+|Mh:JpprzgWJUS/+6]", cchWideChar=85, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 85 [0246.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[c94a6c18-d496-da1c-8a02-fc6976e0145e.xml]omgp:[Li5luO5\"*x?U%+|Mh:JpprzgWJUS/+6]", cchWideChar=85, lpMultiByteStr=0x253b0b0, cbMultiByte=85, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[c94a6c18-d496-da1c-8a02-fc6976e0145e.xml]omgp:[Li5luO5\"*x?U%+|Mh:JpprzgWJUS/+6]", lpUsedDefaultChar=0x0) returned 85 [0246.153] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0246.153] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg=") returned 172 [0246.153] GetCurrentThreadId () returned 0x1130 [0246.153] GetCurrentThreadId () returned 0x1130 [0246.153] GetCurrentThreadId () returned 0x1130 [0246.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.153] SetLastError (dwErrCode=0x0) [0246.153] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320") returned 0x85 [0246.153] GetLastError () returned 0x0 [0246.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.154] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.154] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.154] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].wannacash ncov v310320")) returned 0x20 [0246.154] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [566].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.154] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0246.154] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.154] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1130 [0246.154] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.155] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0246.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.155] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.155] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.155] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.155] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.155] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3") returned 197 [0246.155] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.155] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3") returned 197 [0246.155] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1130 [0246.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.155] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:EWg6PG3M763WKvcFeoRr95SzT3X1qOa9S2dS+cIcavxdobeg5Z9xCBNxXFLh1W3Pv7U5h6TVHNS0njGblB4WLvYdyUgtl4boFCo8J0Jin3Zg/6UXppFUwby9vRp4IcPS9Ke9qRvayq2xFpj4PFg+1inzu989FHzPaAQ57oM7OAg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.155] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0246.156] CloseHandle (hObject=0x404) returned 1 [0246.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=8) returned 1 [0246.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=4) returned 1 [0246.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=8) returned 1 [0246.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=4) returned 1 [0246.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=8) returned 1 [0246.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=4) returned 1 [0246.156] SetLastError (dwErrCode=0x0) [0246.156] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", lpFilePart=0x19fa34*="c94a6c18-d496-da1c-8a02-fc6976e0145e.xml") returned 0x62 [0246.156] GetLastError () returned 0x0 [0246.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=8) returned 1 [0246.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=4) returned 1 [0246.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=8) returned 1 [0246.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml", cchCount2=4) returned 1 [0246.156] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.156] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml")) returned 0 [0246.157] GetLastError () returned 0x2 [0246.157] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml")) returned 0xffffffff [0246.157] SetLastError (dwErrCode=0x2) [0246.157] GetLastError () returned 0x2 [0246.157] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0246.157] LocalFree (hMem=0x92fe20) returned 0x0 [0246.157] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0246.157] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0246.157] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml")) returned 0x20 [0246.158] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34106378119) returned 1 [0246.158] GetCurrentThreadId () returned 0x1130 [0246.158] GetCurrentThreadId () returned 0x1130 [0246.158] GetCurrentThreadId () returned 0x1130 [0246.158] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="li№)IPi\"Yj\"E.t1Up`Y|bMNe5q\"w", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0246.158] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="li№)IPi\"Yj\"E.t1Up`Y|bMNe5q\"w", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0246.158] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="li№)IPi\"Yj\"E.t1Up`Y|bMNe5q\"w", cchWideChar=28, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="liâ\x84\x96)IPi\"Yj\"E.t1Up`Y|bMNe5q\"w", lpUsedDefaultChar=0x0) returned 30 [0246.158] GetCurrentThreadId () returned 0x1130 [0246.158] GetCurrentThreadId () returned 0x1130 [0246.158] GetCurrentThreadId () returned 0x1130 [0246.158] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.158] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.159] malloc (_Size=0x64) returned 0x1d1338 [0246.159] GetCurrentThreadId () returned 0x1130 [0246.160] GetCurrentThreadId () returned 0x1130 [0246.160] GetCurrentThreadId () returned 0x1130 [0246.160] GetCurrentThreadId () returned 0x1130 [0246.160] GetCurrentThreadId () returned 0x1130 [0246.160] GetCurrentThreadId () returned 0x1130 [0246.160] free (_Block=0x1d1338) [0246.160] malloc (_Size=0x60) returned 0x1d1338 [0246.160] free (_Block=0x1d1338) [0246.160] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.160] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc9d [0246.160] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.160] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.160] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc9d [0246.160] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.160] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc9d, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc9d, lpOverlapped=0x0) returned 1 [0246.211] malloc (_Size=0x8c) returned 0x1d1338 [0246.211] malloc (_Size=0xfc) returned 0x31d74c8 [0246.211] malloc (_Size=0x40) returned 0x1d14e8 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] GetCurrentThreadId () returned 0x1130 [0246.211] malloc (_Size=0xa5c) returned 0x31e40b0 [0246.212] malloc (_Size=0x40) returned 0x1d7470 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] malloc (_Size=0xc) returned 0x31e1ec8 [0246.212] malloc (_Size=0x720) returned 0x31d2860 [0246.212] malloc (_Size=0xe3c) returned 0x1d9aa8 [0246.212] free (_Block=0x31d2860) [0246.212] malloc (_Size=0x15ac) returned 0x1da8f0 [0246.212] free (_Block=0x1d9aa8) [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.212] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] free (_Block=0x31e40b0) [0246.213] free (_Block=0x1d14e8) [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.213] GetCurrentThreadId () returned 0x1130 [0246.214] GetCurrentThreadId () returned 0x1130 [0246.214] GetCurrentThreadId () returned 0x1130 [0246.214] GetCurrentThreadId () returned 0x1130 [0246.214] GetCurrentThreadId () returned 0x1130 [0246.214] GetCurrentThreadId () returned 0x1130 [0246.214] GetCurrentThreadId () returned 0x1130 [0246.214] free (_Block=0x1da8f0) [0246.214] free (_Block=0x31e1ec8) [0246.214] free (_Block=0x1d7470) [0246.214] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x1130, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1130, lpOverlapped=0x0) returned 1 [0246.215] free (_Block=0x31d74c8) [0246.215] free (_Block=0x1d1338) [0246.215] CloseHandle (hObject=0x2b4) returned 1 [0246.216] CloseHandle (hObject=0x404) returned 1 [0246.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=8) returned 1 [0246.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=4) returned 1 [0246.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=8) returned 1 [0246.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=4) returned 1 [0246.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=8) returned 1 [0246.216] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=4) returned 1 [0246.216] SetLastError (dwErrCode=0x0) [0246.217] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", lpFilePart=0x19f9f8*="ca947da2-7e9a-7249-8095-bceb379c6f74.xml") returned 0x62 [0246.217] GetLastError () returned 0x0 [0246.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=8) returned 1 [0246.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=4) returned 1 [0246.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=8) returned 1 [0246.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=4) returned 1 [0246.217] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.217] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml")) returned 1 [0246.218] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x16, wMilliseconds=0xb2)) [0246.218] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0246.219] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.219] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0246.219] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.219] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0246.219] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.219] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0246.219] CloseHandle (hObject=0x404) returned 1 [0246.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ca947da2-7e9a-7249-8095-bceb379c6f74.xml]omgp:[li№)IPi\"Yj\"E.t1Up`Y|bMNe5q\"w]", cchWideChar=82, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 82 [0246.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ca947da2-7e9a-7249-8095-bceb379c6f74.xml]omgp:[li№)IPi\"Yj\"E.t1Up`Y|bMNe5q\"w]", cchWideChar=82, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 82 [0246.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ca947da2-7e9a-7249-8095-bceb379c6f74.xml]omgp:[li№)IPi\"Yj\"E.t1Up`Y|bMNe5q\"w]", cchWideChar=82, lpMultiByteStr=0x251e0e8, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[ca947da2-7e9a-7249-8095-bceb379c6f74.xml]omgp:[li?)IPi\"Yj\"E.t1Up`Y|bMNe5q\"w]", lpUsedDefaultChar=0x0) returned 82 [0246.228] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0246.228] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk=") returned 172 [0246.228] GetCurrentThreadId () returned 0x1130 [0246.228] GetCurrentThreadId () returned 0x1130 [0246.228] GetCurrentThreadId () returned 0x1130 [0246.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.228] SetLastError (dwErrCode=0x0) [0246.228] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320") returned 0x85 [0246.228] GetLastError () returned 0x0 [0246.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.228] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.228] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.229] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].wannacash ncov v310320")) returned 0x20 [0246.229] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [567].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.229] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0246.229] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.229] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1130 [0246.229] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.229] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0246.229] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.229] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.229] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.230] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.230] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.230] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.230] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.230] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3") returned 197 [0246.230] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.230] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3") returned 197 [0246.230] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1130 [0246.230] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.230] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.230] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Io6CjpT9i/LaeD8BpTkkAFP47/HASGnYZPSSOK+CMXj7Ba58pgAfR0QYcJbJyEPFZK2+4g15W/8Mqii6unhAsEpAMF5p+TfJev1KM6/Vg2cBo9laVUK31QuXaYrT8mTPdb2O8nK7mi1RDD344LTV+wiXblQ+YBJx4bEq3kxnIDk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.230] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0246.230] CloseHandle (hObject=0x404) returned 1 [0246.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=8) returned 1 [0246.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=4) returned 1 [0246.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=8) returned 1 [0246.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=4) returned 1 [0246.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=8) returned 1 [0246.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=4) returned 1 [0246.231] SetLastError (dwErrCode=0x0) [0246.231] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", lpFilePart=0x19fa34*="ca947da2-7e9a-7249-8095-bceb379c6f74.xml") returned 0x62 [0246.231] GetLastError () returned 0x0 [0246.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=8) returned 1 [0246.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=4) returned 1 [0246.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=8) returned 1 [0246.231] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml", cchCount2=4) returned 1 [0246.231] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.231] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml")) returned 0 [0246.231] GetLastError () returned 0x2 [0246.231] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\ca947da2-7e9a-7249-8095-bceb379c6f74.xml")) returned 0xffffffff [0246.232] SetLastError (dwErrCode=0x2) [0246.232] GetLastError () returned 0x2 [0246.232] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0246.232] LocalFree (hMem=0x92fe20) returned 0x0 [0246.232] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0246.232] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0246.232] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml")) returned 0x20 [0246.232] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34113858655) returned 1 [0246.233] GetCurrentThreadId () returned 0x1130 [0246.233] GetCurrentThreadId () returned 0x1130 [0246.233] GetCurrentThreadId () returned 0x1130 [0246.233] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jp#s#\"y/~-mwdahr{WRy5Ctv~jDxsbz;-", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0246.233] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jp#s#\"y/~-mwdahr{WRy5Ctv~jDxsbz;-", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0246.233] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="jp#s#\"y/~-mwdahr{WRy5Ctv~jDxsbz;-", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jp#s#\"y/~-mwdahr{WRy5Ctv~jDxsbz;-", lpUsedDefaultChar=0x0) returned 33 [0246.233] GetCurrentThreadId () returned 0x1130 [0246.233] GetCurrentThreadId () returned 0x1130 [0246.233] GetCurrentThreadId () returned 0x1130 [0246.233] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.233] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] malloc (_Size=0x64) returned 0x1d1338 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] GetCurrentThreadId () returned 0x1130 [0246.234] free (_Block=0x1d1338) [0246.235] malloc (_Size=0x60) returned 0x1d1338 [0246.235] free (_Block=0x1d1338) [0246.235] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.235] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc9d [0246.235] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.235] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.235] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc9d [0246.235] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.235] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc9d, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc9d, lpOverlapped=0x0) returned 1 [0246.245] malloc (_Size=0x8c) returned 0x1d1338 [0246.246] malloc (_Size=0xfc) returned 0x31d71b0 [0246.246] malloc (_Size=0x40) returned 0x1d14e8 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] malloc (_Size=0xa5c) returned 0x31e40b0 [0246.246] malloc (_Size=0x40) returned 0x1d7470 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.246] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] malloc (_Size=0xc) returned 0x31e1e50 [0246.247] malloc (_Size=0x720) returned 0x31d2860 [0246.247] malloc (_Size=0xe3c) returned 0x1d9aa8 [0246.247] free (_Block=0x31d2860) [0246.247] malloc (_Size=0x15ac) returned 0x1da8f0 [0246.247] free (_Block=0x1d9aa8) [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.247] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] free (_Block=0x31e40b0) [0246.248] free (_Block=0x1d14e8) [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] GetCurrentThreadId () returned 0x1130 [0246.248] free (_Block=0x1da8f0) [0246.249] free (_Block=0x31e1e50) [0246.249] free (_Block=0x1d7470) [0246.249] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x1130, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1130, lpOverlapped=0x0) returned 1 [0246.250] free (_Block=0x31d71b0) [0246.250] free (_Block=0x1d1338) [0246.250] CloseHandle (hObject=0x2b4) returned 1 [0246.251] CloseHandle (hObject=0x404) returned 1 [0246.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=8) returned 1 [0246.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=4) returned 1 [0246.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=8) returned 1 [0246.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=4) returned 1 [0246.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=8) returned 1 [0246.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=4) returned 1 [0246.251] SetLastError (dwErrCode=0x0) [0246.251] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", lpFilePart=0x19f9f8*="cb692946-a9f3-639d-1064-a6d75a01b9c3.xml") returned 0x62 [0246.251] GetLastError () returned 0x0 [0246.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=8) returned 1 [0246.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=4) returned 1 [0246.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=8) returned 1 [0246.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=4) returned 1 [0246.251] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.252] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml")) returned 1 [0246.253] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x16, wMilliseconds=0xd2)) [0246.253] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0246.253] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.253] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0246.253] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.253] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0246.253] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.253] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0246.254] CloseHandle (hObject=0x404) returned 1 [0246.254] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cb692946-a9f3-639d-1064-a6d75a01b9c3.xml]omgp:[jp#s#\"y/~-mwdahr{WRy5Ctv~jDxsbz;-]", cchWideChar=87, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 87 [0246.254] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cb692946-a9f3-639d-1064-a6d75a01b9c3.xml]omgp:[jp#s#\"y/~-mwdahr{WRy5Ctv~jDxsbz;-]", cchWideChar=87, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 87 [0246.254] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cb692946-a9f3-639d-1064-a6d75a01b9c3.xml]omgp:[jp#s#\"y/~-mwdahr{WRy5Ctv~jDxsbz;-]", cchWideChar=87, lpMultiByteStr=0x253b0b0, cbMultiByte=87, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[cb692946-a9f3-639d-1064-a6d75a01b9c3.xml]omgp:[jp#s#\"y/~-mwdahr{WRy5Ctv~jDxsbz;-]", lpUsedDefaultChar=0x0) returned 87 [0246.295] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0246.295] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos=") returned 172 [0246.295] GetCurrentThreadId () returned 0x1130 [0246.295] GetCurrentThreadId () returned 0x1130 [0246.295] GetCurrentThreadId () returned 0x1130 [0246.295] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.295] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.295] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.296] SetLastError (dwErrCode=0x0) [0246.296] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320") returned 0x85 [0246.296] GetLastError () returned 0x0 [0246.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.296] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.296] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.296] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].wannacash ncov v310320")) returned 0x20 [0246.296] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [568].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.297] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0246.297] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.297] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1130 [0246.297] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.297] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0246.297] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.297] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.298] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.298] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.298] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3") returned 197 [0246.298] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.298] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3") returned 197 [0246.298] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1130 [0246.298] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.298] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.298] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5qYEu5oPU5CMiWS0h3oSxD2fQ+Yt0VF3d2v7hbcjj7EZOcW4PuODxFopS0bXUGH8PRVkGfGXlE7J867c2JgrmOrtSffzqI4v0Kv1PO1GGXofSLuIJYvc8A8tTzXJib+zVf3WQfIvS2fCjFYietmBPrhFlFAu7SwhFYd7I8ulLos= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.298] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0246.298] CloseHandle (hObject=0x404) returned 1 [0246.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=8) returned 1 [0246.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=4) returned 1 [0246.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=8) returned 1 [0246.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=4) returned 1 [0246.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=8) returned 1 [0246.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=4) returned 1 [0246.299] SetLastError (dwErrCode=0x0) [0246.299] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", lpFilePart=0x19fa34*="cb692946-a9f3-639d-1064-a6d75a01b9c3.xml") returned 0x62 [0246.299] GetLastError () returned 0x0 [0246.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=8) returned 1 [0246.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=4) returned 1 [0246.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=8) returned 1 [0246.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml", cchCount2=4) returned 1 [0246.299] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.299] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml")) returned 0 [0246.300] GetLastError () returned 0x2 [0246.300] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml")) returned 0xffffffff [0246.300] SetLastError (dwErrCode=0x2) [0246.300] GetLastError () returned 0x2 [0246.300] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0246.300] LocalFree (hMem=0x92fe20) returned 0x0 [0246.300] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0246.300] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0246.300] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml")) returned 0x20 [0246.301] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34120686571) returned 1 [0246.301] GetCurrentThreadId () returned 0x1130 [0246.301] GetCurrentThreadId () returned 0x1130 [0246.301] GetCurrentThreadId () returned 0x1130 [0246.301] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="o()>!\\JYC*!lCh`h!N=nz!)Q5(qFOy|", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0246.301] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="o()>!\\JYC*!lCh`h!N=nz!)Q5(qFOy|", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0246.301] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="o()>!\\JYC*!lCh`h!N=nz!)Q5(qFOy|", cchWideChar=31, lpMultiByteStr=0x250f7b8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="o()>!\\JYC*!lCh`h!N=nz!)Q5(qFOy|", lpUsedDefaultChar=0x0) returned 31 [0246.301] GetCurrentThreadId () returned 0x1130 [0246.301] GetCurrentThreadId () returned 0x1130 [0246.301] GetCurrentThreadId () returned 0x1130 [0246.301] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.301] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.303] GetCurrentThreadId () returned 0x1130 [0246.304] malloc (_Size=0x64) returned 0x1d1338 [0246.304] GetCurrentThreadId () returned 0x1130 [0246.304] GetCurrentThreadId () returned 0x1130 [0246.304] GetCurrentThreadId () returned 0x1130 [0246.304] GetCurrentThreadId () returned 0x1130 [0246.304] GetCurrentThreadId () returned 0x1130 [0246.304] GetCurrentThreadId () returned 0x1130 [0246.304] free (_Block=0x1d1338) [0246.304] malloc (_Size=0x60) returned 0x1d1338 [0246.304] free (_Block=0x1d1338) [0246.304] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.304] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc6b [0246.304] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.304] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.304] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc6b [0246.305] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.305] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc6b, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc6b, lpOverlapped=0x0) returned 1 [0246.307] malloc (_Size=0x8c) returned 0x1d1338 [0246.307] malloc (_Size=0xfc) returned 0x31d74c8 [0246.307] malloc (_Size=0x40) returned 0x1d14e8 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.307] malloc (_Size=0xa5c) returned 0x31e40b0 [0246.307] malloc (_Size=0x40) returned 0x1d7470 [0246.307] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] malloc (_Size=0xc) returned 0x31e1e68 [0246.308] malloc (_Size=0x720) returned 0x31d2860 [0246.308] malloc (_Size=0xe3c) returned 0x1d9aa8 [0246.308] free (_Block=0x31d2860) [0246.308] malloc (_Size=0x15ac) returned 0x1da8f0 [0246.308] free (_Block=0x1d9aa8) [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.308] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] free (_Block=0x31e40b0) [0246.309] free (_Block=0x1d14e8) [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.309] GetCurrentThreadId () returned 0x1130 [0246.310] GetCurrentThreadId () returned 0x1130 [0246.310] GetCurrentThreadId () returned 0x1130 [0246.310] GetCurrentThreadId () returned 0x1130 [0246.310] GetCurrentThreadId () returned 0x1130 [0246.310] GetCurrentThreadId () returned 0x1130 [0246.310] free (_Block=0x1da8f0) [0246.310] free (_Block=0x31e1e68) [0246.310] free (_Block=0x1d7470) [0246.310] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x10ef, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x10ef, lpOverlapped=0x0) returned 1 [0246.311] free (_Block=0x31d74c8) [0246.312] free (_Block=0x1d1338) [0246.312] CloseHandle (hObject=0x2b4) returned 1 [0246.312] CloseHandle (hObject=0x404) returned 1 [0246.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=8) returned 1 [0246.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=4) returned 1 [0246.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=8) returned 1 [0246.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=4) returned 1 [0246.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=8) returned 1 [0246.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=4) returned 1 [0246.312] SetLastError (dwErrCode=0x0) [0246.313] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", lpFilePart=0x19f9f8*="d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml") returned 0x62 [0246.313] GetLastError () returned 0x0 [0246.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=8) returned 1 [0246.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=4) returned 1 [0246.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=8) returned 1 [0246.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=4) returned 1 [0246.313] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.313] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml")) returned 1 [0246.314] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x16, wMilliseconds=0x110)) [0246.314] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0246.314] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0246.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0246.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.315] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0246.315] CloseHandle (hObject=0x404) returned 1 [0246.315] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml]omgp:[o()>!\\JYC*!lCh`h!N=nz!)Q5(qFOy|]", cchWideChar=85, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 85 [0246.315] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml]omgp:[o()>!\\JYC*!lCh`h!N=nz!)Q5(qFOy|]", cchWideChar=85, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 85 [0246.315] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml]omgp:[o()>!\\JYC*!lCh`h!N=nz!)Q5(qFOy|]", cchWideChar=85, lpMultiByteStr=0x253b180, cbMultiByte=85, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml]omgp:[o()>!\\JYC*!lCh`h!N=nz!)Q5(qFOy|]", lpUsedDefaultChar=0x0) returned 85 [0246.324] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0246.324] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA=") returned 172 [0246.324] GetCurrentThreadId () returned 0x1130 [0246.324] GetCurrentThreadId () returned 0x1130 [0246.324] GetCurrentThreadId () returned 0x1130 [0246.324] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.324] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.324] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.324] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.324] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.324] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.324] SetLastError (dwErrCode=0x0) [0246.325] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320") returned 0x85 [0246.325] GetLastError () returned 0x0 [0246.325] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.325] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.325] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.325] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.325] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.325] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].wannacash ncov v310320")) returned 0x20 [0246.325] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [569].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.326] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0246.326] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.326] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x10ef [0246.326] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.326] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0246.326] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.326] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.326] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.326] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.326] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.326] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.326] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.326] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3") returned 197 [0246.326] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.326] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3") returned 197 [0246.326] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x10ef [0246.326] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.327] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.327] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:W5WObp/B+c2kCqlqDC6qA8/xhBnAKBErMi4mK2oFpdsCh13NJ5rFuokKTjTjAesCQzc7RDy8f4alHJ8zpDCL29r1xOxnAWPFSHUmWa18+qoQVOhqAfhEe8r+IAHOlb/h9/jLGeNjKm+SItspfDOAIM9+kupwXiQYABd/q3szzgA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.327] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0246.327] CloseHandle (hObject=0x404) returned 1 [0246.327] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=8) returned 1 [0246.327] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=4) returned 1 [0246.327] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=8) returned 1 [0246.327] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=4) returned 1 [0246.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=8) returned 1 [0246.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=4) returned 1 [0246.328] SetLastError (dwErrCode=0x0) [0246.328] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", lpFilePart=0x19fa34*="d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml") returned 0x62 [0246.328] GetLastError () returned 0x0 [0246.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=8) returned 1 [0246.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=4) returned 1 [0246.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=8) returned 1 [0246.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml", cchCount2=4) returned 1 [0246.328] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.328] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml")) returned 0 [0246.328] GetLastError () returned 0x2 [0246.328] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml")) returned 0xffffffff [0246.328] SetLastError (dwErrCode=0x2) [0246.328] GetLastError () returned 0x2 [0246.328] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0246.328] LocalFree (hMem=0x92fe20) returned 0x0 [0246.328] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0246.329] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0246.329] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml")) returned 0x20 [0246.329] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34123548513) returned 1 [0246.329] GetCurrentThreadId () returned 0x1130 [0246.329] GetCurrentThreadId () returned 0x1130 [0246.329] GetCurrentThreadId () returned 0x1130 [0246.330] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="O7#:AcmO1z|6fm;!\"m4*3w}SBu&3\\i~eD", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0246.330] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="O7#:AcmO1z|6fm;!\"m4*3w}SBu&3\\i~eD", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0246.330] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="O7#:AcmO1z|6fm;!\"m4*3w}SBu&3\\i~eD", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="O7#:AcmO1z|6fm;!\"m4*3w}SBu&3\\i~eD", lpUsedDefaultChar=0x0) returned 33 [0246.330] GetCurrentThreadId () returned 0x1130 [0246.330] GetCurrentThreadId () returned 0x1130 [0246.330] GetCurrentThreadId () returned 0x1130 [0246.330] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.330] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0246.330] GetCurrentThreadId () returned 0x1130 [0246.330] GetCurrentThreadId () returned 0x1130 [0246.330] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] malloc (_Size=0x64) returned 0x1d1338 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] GetCurrentThreadId () returned 0x1130 [0246.331] free (_Block=0x1d1338) [0246.331] malloc (_Size=0x60) returned 0x1d1338 [0246.331] free (_Block=0x1d1338) [0246.332] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.332] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc7c [0246.332] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.332] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.332] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc7c [0246.332] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.332] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc7c, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc7c, lpOverlapped=0x0) returned 1 [0246.382] malloc (_Size=0x8c) returned 0x1d1338 [0246.383] malloc (_Size=0xfc) returned 0x31d78e8 [0246.383] malloc (_Size=0x40) returned 0x1d14e8 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] malloc (_Size=0xa5c) returned 0x31e40b0 [0246.383] malloc (_Size=0x40) returned 0x1d7470 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.383] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] malloc (_Size=0xc) returned 0x31e1df0 [0246.384] malloc (_Size=0x720) returned 0x31d2860 [0246.384] malloc (_Size=0xe3c) returned 0x1d9aa8 [0246.384] free (_Block=0x31d2860) [0246.384] malloc (_Size=0x15ac) returned 0x1da8f0 [0246.384] free (_Block=0x1d9aa8) [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.384] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] free (_Block=0x31e40b0) [0246.385] free (_Block=0x1d14e8) [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] GetCurrentThreadId () returned 0x1130 [0246.385] free (_Block=0x1da8f0) [0246.386] free (_Block=0x31e1df0) [0246.386] free (_Block=0x1d7470) [0246.386] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x1103, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1103, lpOverlapped=0x0) returned 1 [0246.387] free (_Block=0x31d78e8) [0246.387] free (_Block=0x1d1338) [0246.387] CloseHandle (hObject=0x2b4) returned 1 [0246.388] CloseHandle (hObject=0x404) returned 1 [0246.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=8) returned 1 [0246.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=4) returned 1 [0246.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=8) returned 1 [0246.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=4) returned 1 [0246.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=8) returned 1 [0246.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=4) returned 1 [0246.388] SetLastError (dwErrCode=0x0) [0246.388] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", lpFilePart=0x19f9f8*="d445d1cd-ecdf-2830-df9e-3f187e431898.xml") returned 0x62 [0246.388] GetLastError () returned 0x0 [0246.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=8) returned 1 [0246.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=4) returned 1 [0246.389] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=8) returned 1 [0246.389] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=4) returned 1 [0246.389] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.389] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml")) returned 1 [0246.390] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x16, wMilliseconds=0x15e)) [0246.390] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0246.390] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0246.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0246.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.391] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0246.391] CloseHandle (hObject=0x404) returned 1 [0246.391] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d445d1cd-ecdf-2830-df9e-3f187e431898.xml]omgp:[O7#:AcmO1z|6fm;!\"m4*3w}SBu&3\\i~eD]", cchWideChar=87, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 87 [0246.391] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d445d1cd-ecdf-2830-df9e-3f187e431898.xml]omgp:[O7#:AcmO1z|6fm;!\"m4*3w}SBu&3\\i~eD]", cchWideChar=87, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 87 [0246.391] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d445d1cd-ecdf-2830-df9e-3f187e431898.xml]omgp:[O7#:AcmO1z|6fm;!\"m4*3w}SBu&3\\i~eD]", cchWideChar=87, lpMultiByteStr=0x253b0b0, cbMultiByte=87, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[d445d1cd-ecdf-2830-df9e-3f187e431898.xml]omgp:[O7#:AcmO1z|6fm;!\"m4*3w}SBu&3\\i~eD]", lpUsedDefaultChar=0x0) returned 87 [0246.400] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0246.400] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw=") returned 172 [0246.400] GetCurrentThreadId () returned 0x1130 [0246.400] GetCurrentThreadId () returned 0x1130 [0246.400] GetCurrentThreadId () returned 0x1130 [0246.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.400] SetLastError (dwErrCode=0x0) [0246.400] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320") returned 0x85 [0246.400] GetLastError () returned 0x0 [0246.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.400] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.400] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.401] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].wannacash ncov v310320")) returned 0x20 [0246.401] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [570].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.401] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0246.401] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.401] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1103 [0246.401] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.401] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0246.401] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.401] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.401] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.401] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.402] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.402] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.402] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.402] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3") returned 197 [0246.402] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.402] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3") returned 197 [0246.402] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1103 [0246.402] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.402] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.402] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SGGyVrYOL2kJfkuXx6foGLuc27TFCuqGDbVYfHkoTJpOA1C9/DaeHJBsKoqs29fFVy3HusgnHLZeAhYOAEaotBcSJndZ/OV0gzNedUMwdkv6riBFEHedpxZuhyuKpsW6ZdGQz72sSgpX8Rz9f3mhEr8H9gC0FHjuW+rlYasy5Xw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.402] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0246.402] CloseHandle (hObject=0x404) returned 1 [0246.402] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=8) returned 1 [0246.402] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=4) returned 1 [0246.402] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=8) returned 1 [0246.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=4) returned 1 [0246.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=8) returned 1 [0246.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=4) returned 1 [0246.403] SetLastError (dwErrCode=0x0) [0246.403] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", lpFilePart=0x19fa34*="d445d1cd-ecdf-2830-df9e-3f187e431898.xml") returned 0x62 [0246.403] GetLastError () returned 0x0 [0246.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=8) returned 1 [0246.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=4) returned 1 [0246.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=8) returned 1 [0246.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml", cchCount2=4) returned 1 [0246.403] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.403] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml")) returned 0 [0246.403] GetLastError () returned 0x2 [0246.403] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d445d1cd-ecdf-2830-df9e-3f187e431898.xml")) returned 0xffffffff [0246.403] SetLastError (dwErrCode=0x2) [0246.403] GetLastError () returned 0x2 [0246.403] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0246.403] LocalFree (hMem=0x92fe20) returned 0x0 [0246.404] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0246.404] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0246.404] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml")) returned 0x20 [0246.404] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34131036977) returned 1 [0246.404] GetCurrentThreadId () returned 0x1130 [0246.404] GetCurrentThreadId () returned 0x1130 [0246.404] GetCurrentThreadId () returned 0x1130 [0246.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ENoOeh*6m|1q|{vR+,Q?!WX\"{G\\!Tq", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0246.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ENoOeh*6m|1q|{vR+,Q?!WX\"{G\\!Tq", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0246.404] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ENoOeh*6m|1q|{vR+,Q?!WX\"{G\\!Tq", cchWideChar=30, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ENoOeh*6m|1q|{vR+,Q?!WX\"{G\\!Tq", lpUsedDefaultChar=0x0) returned 30 [0246.405] GetCurrentThreadId () returned 0x1130 [0246.405] GetCurrentThreadId () returned 0x1130 [0246.405] GetCurrentThreadId () returned 0x1130 [0246.405] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.405] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0246.405] GetCurrentThreadId () returned 0x1130 [0246.405] GetCurrentThreadId () returned 0x1130 [0246.405] GetCurrentThreadId () returned 0x1130 [0246.405] GetCurrentThreadId () returned 0x1130 [0246.405] GetCurrentThreadId () returned 0x1130 [0246.405] GetCurrentThreadId () returned 0x1130 [0246.405] GetCurrentThreadId () returned 0x1130 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] malloc (_Size=0x64) returned 0x1d1338 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] GetCurrentThreadId () returned 0x1130 [0246.406] free (_Block=0x1d1338) [0246.406] malloc (_Size=0x60) returned 0x1d1338 [0246.406] free (_Block=0x1d1338) [0246.406] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.406] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xace [0246.406] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.407] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.407] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xace [0246.407] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.407] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xace, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xace, lpOverlapped=0x0) returned 1 [0246.419] malloc (_Size=0x8c) returned 0x1d1338 [0246.419] malloc (_Size=0xfc) returned 0x31d7c00 [0246.419] malloc (_Size=0x40) returned 0x1d14e8 [0246.419] GetCurrentThreadId () returned 0x1130 [0246.419] GetCurrentThreadId () returned 0x1130 [0246.419] GetCurrentThreadId () returned 0x1130 [0246.419] GetCurrentThreadId () returned 0x1130 [0246.419] GetCurrentThreadId () returned 0x1130 [0246.419] GetCurrentThreadId () returned 0x1130 [0246.419] GetCurrentThreadId () returned 0x1130 [0246.419] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] malloc (_Size=0xa5c) returned 0x31e40b0 [0246.420] malloc (_Size=0x40) returned 0x1d7470 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] GetCurrentThreadId () returned 0x1130 [0246.420] malloc (_Size=0xc) returned 0x31e1d18 [0246.420] malloc (_Size=0x720) returned 0x31d2860 [0246.420] malloc (_Size=0xe3c) returned 0x1d9aa8 [0246.420] free (_Block=0x31d2860) [0246.420] malloc (_Size=0x13a4) returned 0x1da8f0 [0246.421] free (_Block=0x1d9aa8) [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] free (_Block=0x31e40b0) [0246.421] free (_Block=0x1d14e8) [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.421] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] GetCurrentThreadId () returned 0x1130 [0246.422] free (_Block=0x1da8f0) [0246.422] free (_Block=0x31e1d18) [0246.422] free (_Block=0x1d7470) [0246.422] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b72d8*, nNumberOfBytesToWrite=0xeba, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b72d8*, lpNumberOfBytesWritten=0x19fbbc*=0xeba, lpOverlapped=0x0) returned 1 [0246.424] free (_Block=0x31d7c00) [0246.424] free (_Block=0x1d1338) [0246.424] CloseHandle (hObject=0x2b4) returned 1 [0246.424] CloseHandle (hObject=0x404) returned 1 [0246.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=8) returned 1 [0246.424] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=4) returned 1 [0246.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=8) returned 1 [0246.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=4) returned 1 [0246.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=8) returned 1 [0246.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=4) returned 1 [0246.425] SetLastError (dwErrCode=0x0) [0246.425] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", lpFilePart=0x19f9f8*="d508ba05-d8aa-2836-484d-3833d22fe185.xml") returned 0x62 [0246.425] GetLastError () returned 0x0 [0246.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=8) returned 1 [0246.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=4) returned 1 [0246.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=8) returned 1 [0246.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=4) returned 1 [0246.425] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.425] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml")) returned 1 [0246.459] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x16, wMilliseconds=0x1ac)) [0246.460] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0246.460] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.460] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0246.460] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.460] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0246.460] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.460] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0246.460] CloseHandle (hObject=0x404) returned 1 [0246.460] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d508ba05-d8aa-2836-484d-3833d22fe185.xml]omgp:[ENoOeh*6m|1q|{vR+,Q?!WX\"{G\\!Tq]", cchWideChar=84, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 84 [0246.460] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d508ba05-d8aa-2836-484d-3833d22fe185.xml]omgp:[ENoOeh*6m|1q|{vR+,Q?!WX\"{G\\!Tq]", cchWideChar=84, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 84 [0246.461] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d508ba05-d8aa-2836-484d-3833d22fe185.xml]omgp:[ENoOeh*6m|1q|{vR+,Q?!WX\"{G\\!Tq]", cchWideChar=84, lpMultiByteStr=0x251e0e8, cbMultiByte=84, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[d508ba05-d8aa-2836-484d-3833d22fe185.xml]omgp:[ENoOeh*6m|1q|{vR+,Q?!WX\"{G\\!Tq] ÙQ\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 84 [0246.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0246.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM=") returned 172 [0246.469] GetCurrentThreadId () returned 0x1130 [0246.469] GetCurrentThreadId () returned 0x1130 [0246.469] GetCurrentThreadId () returned 0x1130 [0246.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.469] SetLastError (dwErrCode=0x0) [0246.469] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320") returned 0x85 [0246.469] GetLastError () returned 0x0 [0246.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.469] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.469] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].wannacash ncov v310320")) returned 0x20 [0246.470] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [571].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.470] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0246.470] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.470] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xeba [0246.470] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.470] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0246.470] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.470] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.470] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.470] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.471] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.471] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3") returned 197 [0246.471] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.471] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3") returned 197 [0246.471] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xeba [0246.471] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.471] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.471] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:usXBnYeDFOvs6XP21xBvdqNB8aE3iCkn3uYmK0+S2OcqKhYb1sMU0OGZkUMXKYHEx1r+UqKZ6+O4nId/RDmG+TDc5pIxwBKi5JnMZZgGuFr565gPzWMAlA2uyuu1dvRoM4NG/RTVAqFIRCZ96lo470ESWEh40DZSQ17RtOdjnxM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.471] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0246.471] CloseHandle (hObject=0x404) returned 1 [0246.471] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=8) returned 1 [0246.471] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=4) returned 1 [0246.471] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=8) returned 1 [0246.471] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=4) returned 1 [0246.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=8) returned 1 [0246.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=4) returned 1 [0246.472] SetLastError (dwErrCode=0x0) [0246.472] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", lpFilePart=0x19fa34*="d508ba05-d8aa-2836-484d-3833d22fe185.xml") returned 0x62 [0246.472] GetLastError () returned 0x0 [0246.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=8) returned 1 [0246.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=4) returned 1 [0246.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=8) returned 1 [0246.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml", cchCount2=4) returned 1 [0246.472] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.472] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml")) returned 0 [0246.472] GetLastError () returned 0x2 [0246.472] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\d508ba05-d8aa-2836-484d-3833d22fe185.xml")) returned 0xffffffff [0246.472] SetLastError (dwErrCode=0x2) [0246.472] GetLastError () returned 0x2 [0246.472] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0246.472] LocalFree (hMem=0x92fe20) returned 0x0 [0246.472] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0246.473] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0246.473] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml")) returned 0x20 [0246.474] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34137990161) returned 1 [0246.474] GetCurrentThreadId () returned 0x1130 [0246.474] GetCurrentThreadId () returned 0x1130 [0246.474] GetCurrentThreadId () returned 0x1130 [0246.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!4q%Q4^z~RL.@khVg.9o?a|vsA`o3", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0246.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!4q%Q4^z~RL.@khVg.9o?a|vsA`o3", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0246.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!4q%Q4^z~RL.@khVg.9o?a|vsA`o3", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="!4q%Q4^z~RL.@khVg.9o?a|vsA`o3", lpUsedDefaultChar=0x0) returned 29 [0246.474] GetCurrentThreadId () returned 0x1130 [0246.474] GetCurrentThreadId () returned 0x1130 [0246.474] GetCurrentThreadId () returned 0x1130 [0246.474] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.474] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] GetCurrentThreadId () returned 0x1130 [0246.475] malloc (_Size=0x64) returned 0x1d1338 [0246.476] GetCurrentThreadId () returned 0x1130 [0246.476] GetCurrentThreadId () returned 0x1130 [0246.476] GetCurrentThreadId () returned 0x1130 [0246.476] GetCurrentThreadId () returned 0x1130 [0246.476] GetCurrentThreadId () returned 0x1130 [0246.476] GetCurrentThreadId () returned 0x1130 [0246.476] free (_Block=0x1d1338) [0246.476] malloc (_Size=0x60) returned 0x1d1338 [0246.476] free (_Block=0x1d1338) [0246.476] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.476] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc77 [0246.476] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.476] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.476] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc77 [0246.477] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0246.477] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc77, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc77, lpOverlapped=0x0) returned 1 [0246.479] malloc (_Size=0x8c) returned 0x1d1338 [0246.479] malloc (_Size=0xfc) returned 0x31d78e8 [0246.479] malloc (_Size=0x40) returned 0x1d14e8 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] malloc (_Size=0xa5c) returned 0x31e40b0 [0246.479] malloc (_Size=0x40) returned 0x1d7470 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.479] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] malloc (_Size=0xc) returned 0x31e1d18 [0246.480] malloc (_Size=0x720) returned 0x31d2860 [0246.480] malloc (_Size=0xe3c) returned 0x1d9aa8 [0246.480] free (_Block=0x31d2860) [0246.480] malloc (_Size=0x15ac) returned 0x1da8f0 [0246.480] free (_Block=0x1d9aa8) [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.480] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] free (_Block=0x31e40b0) [0246.481] free (_Block=0x1d14e8) [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.481] GetCurrentThreadId () returned 0x1130 [0246.482] free (_Block=0x1da8f0) [0246.482] free (_Block=0x31e1d18) [0246.482] free (_Block=0x1d7470) [0246.482] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x1103, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1103, lpOverlapped=0x0) returned 1 [0246.483] free (_Block=0x31d78e8) [0246.483] free (_Block=0x1d1338) [0246.483] CloseHandle (hObject=0x2b4) returned 1 [0246.484] CloseHandle (hObject=0x404) returned 1 [0246.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=8) returned 1 [0246.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=4) returned 1 [0246.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=8) returned 1 [0246.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=4) returned 1 [0246.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=8) returned 1 [0246.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=4) returned 1 [0246.484] SetLastError (dwErrCode=0x0) [0246.484] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", lpFilePart=0x19f9f8*="dc5bc54e-ee99-04c5-63a5-669bf0666354.xml") returned 0x62 [0246.484] GetLastError () returned 0x0 [0246.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=8) returned 1 [0246.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=4) returned 1 [0246.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=8) returned 1 [0246.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=4) returned 1 [0246.485] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.485] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml")) returned 1 [0246.486] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x16, wMilliseconds=0x1bc)) [0246.486] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0246.486] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.487] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0246.487] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.487] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0246.487] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0246.487] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0246.487] CloseHandle (hObject=0x404) returned 1 [0246.487] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[dc5bc54e-ee99-04c5-63a5-669bf0666354.xml]omgp:[!4q%Q4^z~RL.@khVg.9o?a|vsA`o3]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0246.487] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[dc5bc54e-ee99-04c5-63a5-669bf0666354.xml]omgp:[!4q%Q4^z~RL.@khVg.9o?a|vsA`o3]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0246.487] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[dc5bc54e-ee99-04c5-63a5-669bf0666354.xml]omgp:[!4q%Q4^z~RL.@khVg.9o?a|vsA`o3]", cchWideChar=83, lpMultiByteStr=0x251e148, cbMultiByte=83, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[dc5bc54e-ee99-04c5-63a5-669bf0666354.xml]omgp:[!4q%Q4^z~RL.@khVg.9o?a|vsA`o3]", lpUsedDefaultChar=0x0) returned 83 [0246.495] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0246.495] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U=") returned 172 [0246.495] GetCurrentThreadId () returned 0x1130 [0246.495] GetCurrentThreadId () returned 0x1130 [0246.495] GetCurrentThreadId () returned 0x1130 [0246.495] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.495] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.496] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.496] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.496] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.496] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.496] SetLastError (dwErrCode=0x0) [0246.496] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320") returned 0x85 [0246.496] GetLastError () returned 0x0 [0246.496] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.496] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.496] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0246.496] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0246.496] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.496] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].wannacash ncov v310320")) returned 0x20 [0246.496] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\Файл зашифрован. Пиши. Почта clubnika@elude.in [572].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0246.496] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0246.497] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.497] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1103 [0246.497] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0246.497] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0246.497] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.497] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.497] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.497] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.497] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.497] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.497] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.497] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3") returned 197 [0246.497] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0246.497] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3") returned 197 [0246.497] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1103 [0246.497] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.497] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0246.498] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FdjiejMrk919y7e6Jsu3gV90IC5+xHHkpCBI9eVQROLb5QxgFgR426Tfn4j/uF2uL89dIzuPXN/BxwfccAhi+HznxQwQ1ENgvnRzlVrQ/smieg0w7HLat4nbdR6H1J4zSosvUF5tYMLqY+CIF2PSDY7ISw/QXPr4jiPkituwU0U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0246.498] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0246.498] CloseHandle (hObject=0x404) returned 1 [0246.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=8) returned 1 [0246.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=4) returned 1 [0246.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=8) returned 1 [0246.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=4) returned 1 [0246.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=8) returned 1 [0246.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=4) returned 1 [0246.498] SetLastError (dwErrCode=0x0) [0246.498] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", lpFilePart=0x19fa34*="dc5bc54e-ee99-04c5-63a5-669bf0666354.xml") returned 0x62 [0246.498] GetLastError () returned 0x0 [0246.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=8) returned 1 [0246.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=4) returned 1 [0246.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=8) returned 1 [0246.498] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml", cchCount2=4) returned 1 [0246.499] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps")) returned 0x10 [0246.499] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml")) returned 0 [0246.499] GetLastError () returned 0x2 [0246.499] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\dc5bc54e-ee99-04c5-63a5-669bf0666354.xml")) returned 0xffffffff [0246.499] SetLastError (dwErrCode=0x2) [0246.499] GetLastError () returned 0x2 [0246.499] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0246.499] LocalFree (hMem=0x92fe20) returned 0x0 [0246.499] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0246.499] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0246.500] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\ClipSVC\\Archive\\Apps\\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\clipsvc\\archive\\apps\\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml")) returned 0x20 [0246.500] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34140592761) returned 1 [0246.500] GetCurrentThreadId () returned 0x1130 [0246.500] GetCurrentThreadId () returned 0x1130 [0246.500] GetCurrentThreadId () returned 0x1130 [0246.500] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="x`\\H#TE.^I8D5;vH9!mG.2upl3S}xh%R4XAeWk", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0247.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$cS\"4*r:Woy<;+h<;vVxoP8№T;N@6d>upl3S}xh%R4XAeWk", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0247.097] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="$cS\"4*r:Woy<;+h<;vVxoP8№T;N@6d>upl3S}xh%R4XAeWk", cchWideChar=47, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$cS\"4*r:Woy<;+h<;vVxoP8â\x84\x96T;N@6d>upl3S}xh%R4XAeWk", lpUsedDefaultChar=0x0) returned 49 [0247.097] GetCurrentThreadId () returned 0x1130 [0247.097] GetCurrentThreadId () returned 0x1130 [0247.097] GetCurrentThreadId () returned 0x1130 [0247.097] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-09-26.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.097] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] GetCurrentThreadId () returned 0x1130 [0247.098] malloc (_Size=0x64) returned 0x1d1338 [0247.099] GetCurrentThreadId () returned 0x1130 [0247.099] GetCurrentThreadId () returned 0x1130 [0247.099] GetCurrentThreadId () returned 0x1130 [0247.099] GetCurrentThreadId () returned 0x1130 [0247.099] GetCurrentThreadId () returned 0x1130 [0247.099] GetCurrentThreadId () returned 0x1130 [0247.099] free (_Block=0x1d1338) [0247.099] malloc (_Size=0x60) returned 0x1d1338 [0247.099] free (_Block=0x1d1338) [0247.099] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.099] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3c8e [0247.099] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.099] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.099] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3c8e [0247.099] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.099] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x3c8e, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x3c8e, lpOverlapped=0x0) returned 1 [0247.103] malloc (_Size=0x8c) returned 0x1d1338 [0247.103] malloc (_Size=0xfc) returned 0x31d7f18 [0247.103] malloc (_Size=0x40) returned 0x1d14e8 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] GetCurrentThreadId () returned 0x1130 [0247.103] malloc (_Size=0xa5c) returned 0x31e40b0 [0247.104] malloc (_Size=0x40) returned 0x1d7470 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] GetCurrentThreadId () returned 0x1130 [0247.104] malloc (_Size=0xc) returned 0x31e1ca0 [0247.104] malloc (_Size=0x720) returned 0x31d2860 [0247.104] malloc (_Size=0xe3c) returned 0x1d9aa8 [0247.104] free (_Block=0x31d2860) [0247.104] malloc (_Size=0x15ac) returned 0x1da8f0 [0247.104] free (_Block=0x1d9aa8) [0247.104] malloc (_Size=0x23e4) returned 0x1dbea8 [0247.104] free (_Block=0x1da8f0) [0247.104] malloc (_Size=0x3274) returned 0x3a60048 [0247.105] free (_Block=0x1dbea8) [0247.105] malloc (_Size=0x4820) returned 0x1d9aa8 [0247.105] free (_Block=0x3a60048) [0247.105] malloc (_Size=0x64e4) returned 0x3a60048 [0247.105] free (_Block=0x1d9aa8) [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] free (_Block=0x31e40b0) [0247.106] free (_Block=0x1d14e8) [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.106] GetCurrentThreadId () returned 0x1130 [0247.107] GetCurrentThreadId () returned 0x1130 [0247.107] GetCurrentThreadId () returned 0x1130 [0247.107] GetCurrentThreadId () returned 0x1130 [0247.107] GetCurrentThreadId () returned 0x1130 [0247.107] GetCurrentThreadId () returned 0x1130 [0247.107] GetCurrentThreadId () returned 0x1130 [0247.107] GetCurrentThreadId () returned 0x1130 [0247.107] GetCurrentThreadId () returned 0x1130 [0247.107] GetCurrentThreadId () returned 0x1130 [0247.107] free (_Block=0x3a60048) [0247.107] free (_Block=0x31e1ca0) [0247.107] free (_Block=0x1d7470) [0247.108] WriteFile (in: hFile=0x2b4, lpBuffer=0x39be208*, nNumberOfBytesToWrite=0x521c, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39be208*, lpNumberOfBytesWritten=0x19fbbc*=0x521c, lpOverlapped=0x0) returned 1 [0247.109] free (_Block=0x31d7f18) [0247.109] free (_Block=0x1d1338) [0247.109] CloseHandle (hObject=0x2b4) returned 1 [0247.110] CloseHandle (hObject=0x404) returned 1 [0247.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=8) returned 1 [0247.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=4) returned 1 [0247.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=8) returned 1 [0247.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=4) returned 1 [0247.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=8) returned 1 [0247.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=4) returned 1 [0247.110] SetLastError (dwErrCode=0x0) [0247.110] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", lpFilePart=0x19f9f8*="energy-report-2017-09-26.xml") returned 0x5e [0247.110] GetLastError () returned 0x0 [0247.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=8) returned 1 [0247.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=4) returned 1 [0247.110] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=8) returned 1 [0247.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=4) returned 1 [0247.111] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics")) returned 0x10 [0247.111] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-09-26.xml")) returned 1 [0247.112] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x17, wMilliseconds=0x45)) [0247.112] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0247.112] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.113] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0247.113] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0247.113] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0247.113] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0247.113] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0247.113] CloseHandle (hObject=0x404) returned 1 [0247.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[energy-report-2017-09-26.xml]omgp:[$cS\"4*r:Woy<;+h<;vVxoP8№T;N@6d>upl3S}xh%R4XAeWk]", cchWideChar=89, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 89 [0247.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[energy-report-2017-09-26.xml]omgp:[$cS\"4*r:Woy<;+h<;vVxoP8№T;N@6d>upl3S}xh%R4XAeWk]", cchWideChar=89, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 89 [0247.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[energy-report-2017-09-26.xml]omgp:[$cS\"4*r:Woy<;+h<;vVxoP8№T;N@6d>upl3S}xh%R4XAeWk]", cchWideChar=89, lpMultiByteStr=0x253b180, cbMultiByte=89, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[energy-report-2017-09-26.xml]omgp:[$cS\"4*r:Woy<;+h<;vVxoP8?T;N@6d>upl3S}xh%R4XAeWk]", lpUsedDefaultChar=0x0) returned 89 [0247.217] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0247.217] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo=") returned 172 [0247.217] GetCurrentThreadId () returned 0x1130 [0247.217] GetCurrentThreadId () returned 0x1130 [0247.217] GetCurrentThreadId () returned 0x1130 [0247.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.217] SetLastError (dwErrCode=0x0) [0247.217] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320") returned 0x8d [0247.217] GetLastError () returned 0x0 [0247.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.217] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.218] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics")) returned 0x10 [0247.218] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].wannacash ncov v310320")) returned 0x20 [0247.218] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [585].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.218] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0247.218] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0247.218] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x521c [0247.219] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0247.219] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0247.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.219] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.219] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0247.219] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3") returned 197 [0247.219] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0247.219] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3") returned 197 [0247.219] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x521c [0247.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.219] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YIsMG1F1Xt10gNtnhpMWuvKBGskJJER/Khr4pIa8v38DYAoHC7R3YHbH7hpClh0yugkVkMBTlxEzyjy9ZV0EJY9I/irbUEaF8bFyHmAvSq4XR+Poipd+iqD8GJUfYuG0bWXNpbPgoYwcqUA36/ho+AChBRyCvLS9OjOQZ9yDXTo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.219] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0247.220] CloseHandle (hObject=0x404) returned 1 [0247.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=8) returned 1 [0247.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=4) returned 1 [0247.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=8) returned 1 [0247.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=4) returned 1 [0247.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=8) returned 1 [0247.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=4) returned 1 [0247.220] SetLastError (dwErrCode=0x0) [0247.220] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", lpFilePart=0x19fa34*="energy-report-2017-09-26.xml") returned 0x5e [0247.220] GetLastError () returned 0x0 [0247.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=8) returned 1 [0247.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=4) returned 1 [0247.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=8) returned 1 [0247.220] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml", cchCount2=4) returned 1 [0247.220] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics")) returned 0x10 [0247.221] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-09-26.xml")) returned 0 [0247.221] GetLastError () returned 0x2 [0247.221] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2017-09-26.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-2017-09-26.xml")) returned 0xffffffff [0247.221] SetLastError (dwErrCode=0x2) [0247.221] GetLastError () returned 0x2 [0247.221] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0247.221] LocalFree (hMem=0x92fe20) returned 0x0 [0247.221] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0247.221] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0247.222] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml")) returned 0x20 [0247.222] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34212801301) returned 1 [0247.222] GetCurrentThreadId () returned 0x1130 [0247.222] GetCurrentThreadId () returned 0x1130 [0247.222] GetCurrentThreadId () returned 0x1130 [0247.222] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="+dG5C$nz=zB:1+K|z=6h№*R7$2L^n", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0247.222] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="+dG5C$nz=zB:1+K|z=6h№*R7$2L^n", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0247.222] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="+dG5C$nz=zB:1+K|z=6h№*R7$2L^n", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="+dG5C$nz=zB:1+K|z=6hâ\x84\x96*R7$2L^n", lpUsedDefaultChar=0x0) returned 31 [0247.222] GetCurrentThreadId () returned 0x1130 [0247.222] GetCurrentThreadId () returned 0x1130 [0247.222] GetCurrentThreadId () returned 0x1130 [0247.222] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.222] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0247.223] GetCurrentThreadId () returned 0x1130 [0247.223] GetCurrentThreadId () returned 0x1130 [0247.223] GetCurrentThreadId () returned 0x1130 [0247.223] GetCurrentThreadId () returned 0x1130 [0247.223] GetCurrentThreadId () returned 0x1130 [0247.223] GetCurrentThreadId () returned 0x1130 [0247.223] GetCurrentThreadId () returned 0x1130 [0247.223] GetCurrentThreadId () returned 0x1130 [0247.223] GetCurrentThreadId () returned 0x1130 [0247.223] GetCurrentThreadId () returned 0x1130 [0247.223] GetCurrentThreadId () returned 0x1130 [0247.224] GetCurrentThreadId () returned 0x1130 [0247.224] GetCurrentThreadId () returned 0x1130 [0247.224] malloc (_Size=0x64) returned 0x1d1338 [0247.224] GetCurrentThreadId () returned 0x1130 [0247.224] GetCurrentThreadId () returned 0x1130 [0247.224] GetCurrentThreadId () returned 0x1130 [0247.224] GetCurrentThreadId () returned 0x1130 [0247.224] GetCurrentThreadId () returned 0x1130 [0247.224] GetCurrentThreadId () returned 0x1130 [0247.224] free (_Block=0x1d1338) [0247.224] malloc (_Size=0x60) returned 0x1d1338 [0247.224] free (_Block=0x1d1338) [0247.224] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.224] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3c8e [0247.224] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.224] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.225] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3c8e [0247.225] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.225] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x3c8e, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x3c8e, lpOverlapped=0x0) returned 1 [0247.227] malloc (_Size=0x8c) returned 0x1d1338 [0247.227] malloc (_Size=0xfc) returned 0x31d7e10 [0247.227] malloc (_Size=0x40) returned 0x1d14e8 [0247.227] GetCurrentThreadId () returned 0x1130 [0247.227] GetCurrentThreadId () returned 0x1130 [0247.227] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] malloc (_Size=0xa5c) returned 0x31e40b0 [0247.228] malloc (_Size=0x40) returned 0x1d7470 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] GetCurrentThreadId () returned 0x1130 [0247.228] malloc (_Size=0xc) returned 0x31e1ca0 [0247.228] malloc (_Size=0x720) returned 0x31d2860 [0247.229] malloc (_Size=0xe3c) returned 0x1d9aa8 [0247.229] free (_Block=0x31d2860) [0247.229] malloc (_Size=0x15ac) returned 0x1da8f0 [0247.229] free (_Block=0x1d9aa8) [0247.229] malloc (_Size=0x23e4) returned 0x1dbea8 [0247.229] free (_Block=0x1da8f0) [0247.230] malloc (_Size=0x3274) returned 0x3a60048 [0247.230] free (_Block=0x1dbea8) [0247.230] malloc (_Size=0x4820) returned 0x1d9aa8 [0247.230] free (_Block=0x3a60048) [0247.230] malloc (_Size=0x64e4) returned 0x3a60048 [0247.230] free (_Block=0x1d9aa8) [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] free (_Block=0x31e40b0) [0247.231] free (_Block=0x1d14e8) [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.231] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] GetCurrentThreadId () returned 0x1130 [0247.232] free (_Block=0x3a60048) [0247.233] free (_Block=0x31e1ca0) [0247.233] free (_Block=0x1d7470) [0247.233] WriteFile (in: hFile=0x2b4, lpBuffer=0x39be208*, nNumberOfBytesToWrite=0x521c, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39be208*, lpNumberOfBytesWritten=0x19fbbc*=0x521c, lpOverlapped=0x0) returned 1 [0247.234] free (_Block=0x31d7e10) [0247.234] free (_Block=0x1d1338) [0247.234] CloseHandle (hObject=0x2b4) returned 1 [0247.234] CloseHandle (hObject=0x404) returned 1 [0247.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=8) returned 1 [0247.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=4) returned 1 [0247.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=8) returned 1 [0247.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=4) returned 1 [0247.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=8) returned 1 [0247.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=4) returned 1 [0247.235] SetLastError (dwErrCode=0x0) [0247.235] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", lpFilePart=0x19f9f8*="energy-report-latest.xml") returned 0x5a [0247.235] GetLastError () returned 0x0 [0247.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=8) returned 1 [0247.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=4) returned 1 [0247.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=8) returned 1 [0247.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=4) returned 1 [0247.235] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics")) returned 0x10 [0247.235] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml")) returned 1 [0247.237] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x17, wMilliseconds=0xc2)) [0247.237] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0247.237] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.237] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0247.237] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0247.237] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0247.238] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0247.238] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0247.238] CloseHandle (hObject=0x404) returned 1 [0247.238] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[energy-report-latest.xml]omgp:[+dG5C$nz=zB:1+K|z=6h№*R7$2L^n]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0247.238] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[energy-report-latest.xml]omgp:[+dG5C$nz=zB:1+K|z=6h№*R7$2L^n]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0247.238] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[energy-report-latest.xml]omgp:[+dG5C$nz=zB:1+K|z=6h№*R7$2L^n]", cchWideChar=67, lpMultiByteStr=0x2541d78, cbMultiByte=67, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[energy-report-latest.xml]omgp:[+dG5C$nz=zB:1+K|z=6h?*R7$2L^n]", lpUsedDefaultChar=0x0) returned 67 [0247.247] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0247.247] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg=") returned 172 [0247.247] GetCurrentThreadId () returned 0x1130 [0247.247] GetCurrentThreadId () returned 0x1130 [0247.247] GetCurrentThreadId () returned 0x1130 [0247.247] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.247] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.248] SetLastError (dwErrCode=0x0) [0247.248] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320") returned 0x8d [0247.248] GetLastError () returned 0x0 [0247.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.248] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.248] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics")) returned 0x10 [0247.249] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].wannacash ncov v310320")) returned 0x20 [0247.249] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [586].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.249] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0247.249] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0247.249] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x521c [0247.249] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0247.249] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0247.249] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.250] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.250] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.250] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.250] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0247.250] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3") returned 197 [0247.250] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0247.250] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3") returned 197 [0247.250] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x521c [0247.250] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.250] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.250] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:syXv+DeSbE1H8Srz6KSmhJUfE4tsy4o96u1CMOLwD2+8mEAtgkZm1yUm68YHOrAonddSo2pyBNUG5VFwl7n837LcSZ9j36jiiFRdpA/fotDC1/wgphCpVgL9hlYyUm4E6MWa7AXMg3k19eD68G0QhINBmgpIYId20kflNalB5Dg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.250] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0247.250] CloseHandle (hObject=0x404) returned 1 [0247.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=8) returned 1 [0247.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=4) returned 1 [0247.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=8) returned 1 [0247.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=4) returned 1 [0247.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=8) returned 1 [0247.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=4) returned 1 [0247.251] SetLastError (dwErrCode=0x0) [0247.251] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", lpFilePart=0x19fa34*="energy-report-latest.xml") returned 0x5a [0247.251] GetLastError () returned 0x0 [0247.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=8) returned 1 [0247.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=4) returned 1 [0247.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=8) returned 1 [0247.251] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml", cchCount2=4) returned 1 [0247.251] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics")) returned 0x10 [0247.251] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml")) returned 0 [0247.252] GetLastError () returned 0x2 [0247.252] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report-latest.xml")) returned 0xffffffff [0247.252] SetLastError (dwErrCode=0x2) [0247.252] GetLastError () returned 0x2 [0247.252] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0247.252] LocalFree (hMem=0x92fe20) returned 0x0 [0247.252] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0247.252] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0247.252] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html")) returned 0x20 [0247.313] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34221887359) returned 1 [0247.313] GetCurrentThreadId () returned 0x1130 [0247.313] GetCurrentThreadId () returned 0x1130 [0247.313] GetCurrentThreadId () returned 0x1130 [0247.313] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=")v)@33mh6~>bO1Lzi-l)?Fcnp^H`%", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0247.313] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=")v)@33mh6~>bO1Lzi-l)?Fcnp^H`%", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0247.313] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=")v)@33mh6~>bO1Lzi-l)?Fcnp^H`%", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=")v)@33mh6~>bO1Lzi-l)?Fcnp^H`%", lpUsedDefaultChar=0x0) returned 29 [0247.313] GetCurrentThreadId () returned 0x1130 [0247.313] GetCurrentThreadId () returned 0x1130 [0247.313] GetCurrentThreadId () returned 0x1130 [0247.313] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.313] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.314] GetCurrentThreadId () returned 0x1130 [0247.315] malloc (_Size=0x64) returned 0x1d1338 [0247.315] GetCurrentThreadId () returned 0x1130 [0247.315] GetCurrentThreadId () returned 0x1130 [0247.315] GetCurrentThreadId () returned 0x1130 [0247.315] GetCurrentThreadId () returned 0x1130 [0247.315] GetCurrentThreadId () returned 0x1130 [0247.315] GetCurrentThreadId () returned 0x1130 [0247.315] free (_Block=0x1d1338) [0247.315] malloc (_Size=0x60) returned 0x1d1338 [0247.315] free (_Block=0x1d1338) [0247.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3641 [0247.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.316] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3641 [0247.316] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.316] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x3641, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x3641, lpOverlapped=0x0) returned 1 [0247.318] malloc (_Size=0x8c) returned 0x1d1338 [0247.318] malloc (_Size=0xfc) returned 0x31d76d8 [0247.318] malloc (_Size=0x40) returned 0x1d14e8 [0247.318] GetCurrentThreadId () returned 0x1130 [0247.318] GetCurrentThreadId () returned 0x1130 [0247.318] GetCurrentThreadId () returned 0x1130 [0247.318] GetCurrentThreadId () returned 0x1130 [0247.318] GetCurrentThreadId () returned 0x1130 [0247.318] GetCurrentThreadId () returned 0x1130 [0247.318] GetCurrentThreadId () returned 0x1130 [0247.318] GetCurrentThreadId () returned 0x1130 [0247.318] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] malloc (_Size=0xa5c) returned 0x31e40b0 [0247.319] malloc (_Size=0x40) returned 0x1d7470 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] GetCurrentThreadId () returned 0x1130 [0247.319] malloc (_Size=0xc) returned 0x31e1eb0 [0247.319] malloc (_Size=0x720) returned 0x31d2860 [0247.319] malloc (_Size=0xe3c) returned 0x1d9aa8 [0247.320] free (_Block=0x31d2860) [0247.320] malloc (_Size=0x15ac) returned 0x1da8f0 [0247.320] free (_Block=0x1d9aa8) [0247.320] malloc (_Size=0x23e4) returned 0x1dbea8 [0247.320] free (_Block=0x1da8f0) [0247.320] malloc (_Size=0x3274) returned 0x3a60048 [0247.321] free (_Block=0x1dbea8) [0247.321] malloc (_Size=0x4820) returned 0x1d9aa8 [0247.321] free (_Block=0x3a60048) [0247.321] malloc (_Size=0x6230) returned 0x3a60048 [0247.322] free (_Block=0x1d9aa8) [0247.322] GetCurrentThreadId () returned 0x1130 [0247.322] GetCurrentThreadId () returned 0x1130 [0247.322] GetCurrentThreadId () returned 0x1130 [0247.322] GetCurrentThreadId () returned 0x1130 [0247.322] GetCurrentThreadId () returned 0x1130 [0247.322] GetCurrentThreadId () returned 0x1130 [0247.322] GetCurrentThreadId () returned 0x1130 [0247.322] GetCurrentThreadId () returned 0x1130 [0247.322] GetCurrentThreadId () returned 0x1130 [0247.322] GetCurrentThreadId () returned 0x1130 [0247.322] GetCurrentThreadId () returned 0x1130 [0247.322] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] free (_Block=0x31e40b0) [0247.323] free (_Block=0x1d14e8) [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.323] GetCurrentThreadId () returned 0x1130 [0247.324] GetCurrentThreadId () returned 0x1130 [0247.324] GetCurrentThreadId () returned 0x1130 [0247.324] GetCurrentThreadId () returned 0x1130 [0247.324] free (_Block=0x3a60048) [0247.324] free (_Block=0x31e1eb0) [0247.324] free (_Block=0x1d7470) [0247.324] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd608*, nNumberOfBytesToWrite=0x49a2, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd608*, lpNumberOfBytesWritten=0x19fbbc*=0x49a2, lpOverlapped=0x0) returned 1 [0247.326] free (_Block=0x31d76d8) [0247.327] free (_Block=0x1d1338) [0247.327] CloseHandle (hObject=0x2b4) returned 1 [0247.327] CloseHandle (hObject=0x404) returned 1 [0247.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=8) returned 1 [0247.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=4) returned 1 [0247.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=8) returned 1 [0247.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=4) returned 1 [0247.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=8) returned 1 [0247.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=4) returned 1 [0247.328] SetLastError (dwErrCode=0x0) [0247.328] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", lpFilePart=0x19f9f8*="energy-report.html") returned 0x54 [0247.328] GetLastError () returned 0x0 [0247.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=8) returned 1 [0247.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=4) returned 1 [0247.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=8) returned 1 [0247.328] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=4) returned 1 [0247.328] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics")) returned 0x10 [0247.328] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html")) returned 1 [0247.330] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x17, wMilliseconds=0x120)) [0247.330] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0247.330] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.331] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0247.331] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0247.331] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0247.331] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0247.331] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0247.331] CloseHandle (hObject=0x404) returned 1 [0247.331] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[energy-report.html]omgp:[)v)@33mh6~>bO1Lzi-l)?Fcnp^H`%]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0247.331] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[energy-report.html]omgp:[)v)@33mh6~>bO1Lzi-l)?Fcnp^H`%]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0247.331] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[energy-report.html]omgp:[)v)@33mh6~>bO1Lzi-l)?Fcnp^H`%]", cchWideChar=61, lpMultiByteStr=0x2541be8, cbMultiByte=61, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[energy-report.html]omgp:[)v)@33mh6~>bO1Lzi-l)?Fcnp^H`%]", lpUsedDefaultChar=0x0) returned 61 [0247.340] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0247.341] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE=") returned 172 [0247.341] GetCurrentThreadId () returned 0x1130 [0247.341] GetCurrentThreadId () returned 0x1130 [0247.341] GetCurrentThreadId () returned 0x1130 [0247.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.341] SetLastError (dwErrCode=0x0) [0247.341] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320") returned 0x8d [0247.341] GetLastError () returned 0x0 [0247.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.341] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics")) returned 0x10 [0247.342] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].wannacash ncov v310320")) returned 0x20 [0247.342] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\Файл зашифрован. Пиши. Почта clubnika@elude.in [587].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.342] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0247.342] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0247.342] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x49a2 [0247.342] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0247.342] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0247.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0247.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3") returned 197 [0247.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0247.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3") returned 197 [0247.343] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x49a2 [0247.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:e8l5lv71X3LDmtL+0JaB9VHvXMkK0q3qfFhFEH6q2uxMSxFLX83C4G470ph8MvoQQOC5Fmw0AC4FPJnlSkqlzqVvKQs+S9bHoVqvimu31O4ML6Tt3PkBVwuiqqhOUhik9Nqv0xc7vSuYYbbJocQlykNjJn6rqaT9rMm4ZF8xJlE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.343] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0247.343] CloseHandle (hObject=0x404) returned 1 [0247.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=8) returned 1 [0247.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=4) returned 1 [0247.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=8) returned 1 [0247.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=4) returned 1 [0247.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=8) returned 1 [0247.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=4) returned 1 [0247.344] SetLastError (dwErrCode=0x0) [0247.344] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", lpFilePart=0x19fa34*="energy-report.html") returned 0x54 [0247.344] GetLastError () returned 0x0 [0247.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=8) returned 1 [0247.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=4) returned 1 [0247.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=8) returned 1 [0247.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", cchCount2=4) returned 1 [0247.344] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics")) returned 0x10 [0247.344] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html")) returned 0 [0247.344] GetLastError () returned 0x2 [0247.344] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html")) returned 0xffffffff [0247.345] SetLastError (dwErrCode=0x2) [0247.345] GetLastError () returned 0x2 [0247.345] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0247.345] LocalFree (hMem=0x92fe20) returned 0x0 [0247.345] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0247.345] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0247.345] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\sleepstudy\\sleepstudy-report-latest.xml")) returned 0x20 [0247.391] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34229713323) returned 1 [0247.391] GetCurrentThreadId () returned 0x1130 [0247.391] GetCurrentThreadId () returned 0x1130 [0247.391] GetCurrentThreadId () returned 0x1130 [0247.391] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!U`)YXi$G/boyCM;~SxRglH|glEW>9&onx,-6N:R", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0247.391] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!U`)YXi$G/boyCM;~SxRglH|glEW>9&onx,-6N:R", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0247.391] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="!U`)YXi$G/boyCM;~SxRglH|glEW>9&onx,-6N:R", cchWideChar=40, lpMultiByteStr=0x2524fd0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="!U`)YXi$G/boyCM;~SxRglH|glEW>9&onx,-6N:R", lpUsedDefaultChar=0x0) returned 40 [0247.391] GetCurrentThreadId () returned 0x1130 [0247.391] GetCurrentThreadId () returned 0x1130 [0247.391] GetCurrentThreadId () returned 0x1130 [0247.391] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\sleepstudy\\sleepstudy-report-latest.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.392] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\sleepstudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0247.402] GetCurrentThreadId () returned 0x1130 [0247.402] GetCurrentThreadId () returned 0x1130 [0247.402] GetCurrentThreadId () returned 0x1130 [0247.402] GetCurrentThreadId () returned 0x1130 [0247.402] GetCurrentThreadId () returned 0x1130 [0247.402] GetCurrentThreadId () returned 0x1130 [0247.402] GetCurrentThreadId () returned 0x1130 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] malloc (_Size=0x64) returned 0x1d1338 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] GetCurrentThreadId () returned 0x1130 [0247.403] free (_Block=0x1d1338) [0247.403] malloc (_Size=0x60) returned 0x1d1338 [0247.403] free (_Block=0x1d1338) [0247.403] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.404] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x6229 [0247.404] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.404] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.404] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x6229 [0247.404] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0247.404] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x6229, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x6229, lpOverlapped=0x0) returned 1 [0247.406] malloc (_Size=0x8c) returned 0x1d1338 [0247.406] malloc (_Size=0xfc) returned 0x31d79f0 [0247.406] malloc (_Size=0x40) returned 0x1d14e8 [0247.406] GetCurrentThreadId () returned 0x1130 [0247.406] GetCurrentThreadId () returned 0x1130 [0247.406] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] malloc (_Size=0xa5c) returned 0x31e40b0 [0247.407] malloc (_Size=0x40) returned 0x1d7470 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] GetCurrentThreadId () returned 0x1130 [0247.407] malloc (_Size=0xc) returned 0x31e1ca0 [0247.408] malloc (_Size=0x720) returned 0x31d2860 [0247.408] malloc (_Size=0xe3c) returned 0x1d9aa8 [0247.408] free (_Block=0x31d2860) [0247.408] malloc (_Size=0x15ac) returned 0x1da8f0 [0247.408] free (_Block=0x1d9aa8) [0247.408] malloc (_Size=0x23e4) returned 0x1dbea8 [0247.409] free (_Block=0x1da8f0) [0247.409] malloc (_Size=0x3274) returned 0x3a60048 [0247.409] free (_Block=0x1dbea8) [0247.409] malloc (_Size=0x4820) returned 0x1d9aa8 [0247.409] free (_Block=0x3a60048) [0247.409] malloc (_Size=0x64e4) returned 0x3a60048 [0247.409] free (_Block=0x1d9aa8) [0247.410] malloc (_Size=0x8920) returned 0x3a66538 [0247.410] free (_Block=0x3a60048) [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] free (_Block=0x31e40b0) [0247.412] free (_Block=0x1d14e8) [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.412] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] GetCurrentThreadId () returned 0x1130 [0247.413] free (_Block=0x3a66538) [0247.414] free (_Block=0x31e1ca0) [0247.414] free (_Block=0x1d7470) [0247.414] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c2e08*, nNumberOfBytesToWrite=0x850c, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c2e08*, lpNumberOfBytesWritten=0x19fbbc*=0x850c, lpOverlapped=0x0) returned 1 [0247.416] free (_Block=0x31d79f0) [0247.416] free (_Block=0x1d1338) [0247.416] CloseHandle (hObject=0x2b4) returned 1 [0247.417] CloseHandle (hObject=0x404) returned 1 [0247.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=8) returned 1 [0247.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=4) returned 1 [0247.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=8) returned 1 [0247.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=4) returned 1 [0247.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=8) returned 1 [0247.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=4) returned 1 [0247.417] SetLastError (dwErrCode=0x0) [0247.417] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", lpFilePart=0x19f9f8*="sleepstudy-report-latest.xml") returned 0x4c [0247.417] GetLastError () returned 0x0 [0247.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=8) returned 1 [0247.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=4) returned 1 [0247.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=8) returned 1 [0247.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=4) returned 1 [0247.417] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy" (normalized: "c:\\users\\all users\\microsoft\\windows\\sleepstudy")) returned 0x10 [0247.418] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\sleepstudy\\sleepstudy-report-latest.xml")) returned 1 [0247.419] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x17, wMilliseconds=0x17e)) [0247.419] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0247.419] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.420] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0247.420] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0247.420] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0247.420] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0247.420] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0247.421] CloseHandle (hObject=0x404) returned 1 [0247.421] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[sleepstudy-report-latest.xml]omgp:[!U`)YXi$G/boyCM;~SxRglH|glEW>9&onx,-6N:R]", cchWideChar=82, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 82 [0247.421] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[sleepstudy-report-latest.xml]omgp:[!U`)YXi$G/boyCM;~SxRglH|glEW>9&onx,-6N:R]", cchWideChar=82, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 82 [0247.421] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[sleepstudy-report-latest.xml]omgp:[!U`)YXi$G/boyCM;~SxRglH|glEW>9&onx,-6N:R]", cchWideChar=82, lpMultiByteStr=0x251e148, cbMultiByte=82, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[sleepstudy-report-latest.xml]omgp:[!U`)YXi$G/boyCM;~SxRglH|glEW>9&onx,-6N:R]", lpUsedDefaultChar=0x0) returned 82 [0247.432] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0247.432] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ=") returned 172 [0247.432] GetCurrentThreadId () returned 0x1130 [0247.432] GetCurrentThreadId () returned 0x1130 [0247.432] GetCurrentThreadId () returned 0x1130 [0247.432] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.432] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.432] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.432] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.433] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.433] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.433] SetLastError (dwErrCode=0x0) [0247.433] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320") returned 0x7b [0247.433] GetLastError () returned 0x0 [0247.433] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.433] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.433] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0247.433] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0247.433] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy" (normalized: "c:\\users\\all users\\microsoft\\windows\\sleepstudy")) returned 0x10 [0247.433] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\sleepstudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].wannacash ncov v310320")) returned 0x20 [0247.433] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].WANNACASH NCOV v310320" (normalized: "c:\\users\\all users\\microsoft\\windows\\sleepstudy\\Файл зашифрован. Пиши. Почта clubnika@elude.in [588].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0247.434] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0247.434] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0247.434] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x850c [0247.434] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0247.434] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0247.434] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.434] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.434] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.434] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.434] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0247.434] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3") returned 197 [0247.435] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0247.435] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3") returned 197 [0247.435] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x850c [0247.435] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.435] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0247.435] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:uW/VVWLcO5cXVSUlE88/P5z1WtRVc0kyIvAu3ttjqDejgzqrziuAUm/vdly7VK3OdcRmeCqp24KVnFFWni0BF38+Zbx5ueNRH4Oz60kmaEIWbwPiyJh6KMH8CdAS6DAOC5RQsSdlJvbq/TLBDfQC7KPWyFuiOx83uZRpiFVANXQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0247.435] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0247.435] CloseHandle (hObject=0x404) returned 1 [0247.435] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=8) returned 1 [0247.435] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=4) returned 1 [0247.435] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=8) returned 1 [0247.435] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=4) returned 1 [0247.435] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=8) returned 1 [0247.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=4) returned 1 [0247.436] SetLastError (dwErrCode=0x0) [0247.436] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", lpFilePart=0x19fa34*="sleepstudy-report-latest.xml") returned 0x4c [0247.436] GetLastError () returned 0x0 [0247.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=8) returned 1 [0247.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=4) returned 1 [0247.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=8) returned 1 [0247.436] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml", cchCount2=4) returned 1 [0247.436] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy" (normalized: "c:\\users\\all users\\microsoft\\windows\\sleepstudy")) returned 0x10 [0247.436] DeleteFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\sleepstudy\\sleepstudy-report-latest.xml")) returned 0 [0247.436] GetLastError () returned 0x2 [0247.436] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\SleepStudy\\sleepstudy-report-latest.xml" (normalized: "c:\\users\\all users\\microsoft\\windows\\sleepstudy\\sleepstudy-report-latest.xml")) returned 0xffffffff [0247.436] SetLastError (dwErrCode=0x2) [0247.436] GetLastError () returned 0x2 [0247.436] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0247.436] LocalFree (hMem=0x92fe20) returned 0x0 [0247.436] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0247.437] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0247.437] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Office 2016 Tools\\Database Compare 2016.lnk" (normalized: "c:\\users\\all users\\microsoft\\windows\\start menu\\programs\\microsoft office 2016 tools\\database compare 2016.lnk")) returned 0x20 [0247.475] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34238120454) returned 1 [0247.475] GetCurrentThreadId () returned 0x1130 [0247.475] GetCurrentThreadId () returned 0x1130 [0247.475] GetCurrentThreadId () returned 0x1130 [0247.475] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=">sRx3LVabZj~U.|№HcRx3LVabZj~U.|№HcRx3LVabZj~U.|№HcRx3LVabZj~U.|â\x84\x96HcRx3LVabZj~U.|№HcRx3LVabZj~U.|№HcRx3LVabZj~U.|№HcRx3LVabZj~U.|?Hc{K№?3v&FT{K^z", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0252.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#ef;!S!.Q_fq\"hE->{K№?3v&FT{K^z", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0252.298] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#ef;!S!.Q_fq\"hE->{K№?3v&FT{K^z", cchWideChar=30, lpMultiByteStr=0x250f7e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="#ef;!S!.Q_fq\"hE->{Kâ\x84\x96?3v&FT{K^z", lpUsedDefaultChar=0x0) returned 32 [0252.298] GetCurrentThreadId () returned 0x1130 [0252.298] GetCurrentThreadId () returned 0x1130 [0252.298] GetCurrentThreadId () returned 0x1130 [0252.298] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.298] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] malloc (_Size=0x64) returned 0x1d1338 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.299] GetCurrentThreadId () returned 0x1130 [0252.300] GetCurrentThreadId () returned 0x1130 [0252.300] GetCurrentThreadId () returned 0x1130 [0252.300] GetCurrentThreadId () returned 0x1130 [0252.300] free (_Block=0x1d1338) [0252.300] malloc (_Size=0x60) returned 0x1d1338 [0252.300] free (_Block=0x1d1338) [0252.300] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.300] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc8d [0252.300] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.300] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.300] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc8d [0252.300] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.300] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xc8d, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xc8d, lpOverlapped=0x0) returned 1 [0252.327] malloc (_Size=0x8c) returned 0x1d1338 [0252.327] malloc (_Size=0xfc) returned 0x31d74c8 [0252.327] malloc (_Size=0x40) returned 0x1d14e8 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] GetCurrentThreadId () returned 0x1130 [0252.327] malloc (_Size=0xa5c) returned 0x31e40b0 [0252.327] malloc (_Size=0x40) returned 0x1d7470 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] GetCurrentThreadId () returned 0x1130 [0252.328] malloc (_Size=0xc) returned 0x31e1dc0 [0252.328] malloc (_Size=0x720) returned 0x31d2860 [0252.328] malloc (_Size=0xe3c) returned 0x1d9aa8 [0252.329] free (_Block=0x31d2860) [0252.329] malloc (_Size=0x15ac) returned 0x1da8f0 [0252.329] free (_Block=0x1d9aa8) [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] GetCurrentThreadId () returned 0x1130 [0252.329] free (_Block=0x31e40b0) [0252.330] free (_Block=0x1d14e8) [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] GetCurrentThreadId () returned 0x1130 [0252.330] free (_Block=0x1da8f0) [0252.330] free (_Block=0x31e1dc0) [0252.331] free (_Block=0x1d7470) [0252.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b74d8*, nNumberOfBytesToWrite=0x111c, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b74d8*, lpNumberOfBytesWritten=0x19fbbc*=0x111c, lpOverlapped=0x0) returned 1 [0252.332] free (_Block=0x31d74c8) [0252.332] free (_Block=0x1d1338) [0252.332] CloseHandle (hObject=0x2b4) returned 1 [0252.332] CloseHandle (hObject=0x404) returned 1 [0252.332] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=8) returned 1 [0252.332] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=4) returned 1 [0252.332] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=8) returned 1 [0252.332] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=4) returned 1 [0252.332] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=8) returned 1 [0252.332] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=4) returned 1 [0252.332] SetLastError (dwErrCode=0x0) [0252.333] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", lpFilePart=0x19f9f8*="icon_128.png") returned 0x7c [0252.333] GetLastError () returned 0x0 [0252.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=8) returned 1 [0252.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=4) returned 1 [0252.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=8) returned 1 [0252.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=4) returned 1 [0252.333] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.333] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png")) returned 1 [0252.334] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1c, wMilliseconds=0x124)) [0252.335] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0252.335] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.335] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0252.335] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.335] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0252.335] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.335] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0252.335] CloseHandle (hObject=0x404) returned 1 [0252.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[icon_128.png]omgp:[#ef;!S!.Q_fq\"hE->{K№?3v&FT{K^z]", cchWideChar=56, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0252.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[icon_128.png]omgp:[#ef;!S!.Q_fq\"hE->{K№?3v&FT{K^z]", cchWideChar=56, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0252.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[icon_128.png]omgp:[#ef;!S!.Q_fq\"hE->{K№?3v&FT{K^z]", cchWideChar=56, lpMultiByteStr=0x2516b18, cbMultiByte=56, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[icon_128.png]omgp:[#ef;!S!.Q_fq\"hE->{K??3v&FT{K^z]", lpUsedDefaultChar=0x0) returned 56 [0252.342] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0252.342] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw=") returned 172 [0252.342] GetCurrentThreadId () returned 0x1130 [0252.342] GetCurrentThreadId () returned 0x1130 [0252.342] GetCurrentThreadId () returned 0x1130 [0252.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.343] SetLastError (dwErrCode=0x0) [0252.343] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320") returned 0xbb [0252.343] GetLastError () returned 0x0 [0252.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.343] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.343] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].wannacash ncov v310320")) returned 0x20 [0252.343] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [618].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.343] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0252.343] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.344] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x111c [0252.344] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.344] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0252.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.344] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.344] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.344] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3") returned 197 [0252.344] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.344] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3") returned 197 [0252.344] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x111c [0252.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:cxjk/S87a3Qb7KET0hQT87Jd5Z8dpBdSKYv83mthJx7wltuArQt/ghARDnEOfUdRVAUTpWnL0DkO0ea+Mt/b+jYhfkkjQkM84i7wIh9nNBoNXxhLggS0bf8wnifzX+j1CGGdkw7Z2PmGRBPs0ate93slvVnjipigOByi815aqzw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.344] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0252.344] CloseHandle (hObject=0x404) returned 1 [0252.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=8) returned 1 [0252.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=4) returned 1 [0252.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=8) returned 1 [0252.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=4) returned 1 [0252.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=8) returned 1 [0252.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=4) returned 1 [0252.345] SetLastError (dwErrCode=0x0) [0252.345] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", lpFilePart=0x19fa34*="icon_128.png") returned 0x7c [0252.345] GetLastError () returned 0x0 [0252.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=8) returned 1 [0252.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=4) returned 1 [0252.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=8) returned 1 [0252.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", cchCount2=4) returned 1 [0252.345] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.345] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png")) returned 0 [0252.345] GetLastError () returned 0x2 [0252.345] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png")) returned 0xffffffff [0252.345] SetLastError (dwErrCode=0x2) [0252.345] GetLastError () returned 0x2 [0252.345] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0252.345] LocalFree (hMem=0x92fe20) returned 0x0 [0252.346] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0252.346] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0252.346] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png")) returned 0x20 [0252.347] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34725299894) returned 1 [0252.347] GetCurrentThreadId () returned 0x1130 [0252.347] GetCurrentThreadId () returned 0x1130 [0252.347] GetCurrentThreadId () returned 0x1130 [0252.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MmAdr2:R`;B2P?6\"2T*<8YYx$Vk).b^_)AB+*wtr*X@e<", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0252.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MmAdr2:R`;B2P?6\"2T*<8YYx$Vk).b^_)AB+*wtr*X@e<", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0252.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MmAdr2:R`;B2P?6\"2T*<8YYx$Vk).b^_)AB+*wtr*X@e<", cchWideChar=45, lpMultiByteStr=0x25337d8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MmAdr2:R`;B2P?6\"2T*<8YYx$Vk).b^_)AB+*wtr*X@e<", lpUsedDefaultChar=0x0) returned 45 [0252.347] GetCurrentThreadId () returned 0x1130 [0252.347] GetCurrentThreadId () returned 0x1130 [0252.347] GetCurrentThreadId () returned 0x1130 [0252.347] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.347] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] malloc (_Size=0x64) returned 0x1d1338 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.348] GetCurrentThreadId () returned 0x1130 [0252.349] GetCurrentThreadId () returned 0x1130 [0252.349] free (_Block=0x1d1338) [0252.349] malloc (_Size=0x60) returned 0x1d1338 [0252.349] free (_Block=0x1d1338) [0252.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8f [0252.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8f [0252.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.349] ReadFile (in: hFile=0x404, lpBuffer=0x243e988, nNumberOfBytesToRead=0x8f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x243e988*, lpNumberOfBytesRead=0x19fbc8*=0x8f, lpOverlapped=0x0) returned 1 [0252.350] malloc (_Size=0x8c) returned 0x1d1338 [0252.350] malloc (_Size=0xfc) returned 0x31d73c0 [0252.350] malloc (_Size=0x40) returned 0x1d14e8 [0252.350] GetCurrentThreadId () returned 0x1130 [0252.350] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] malloc (_Size=0xa5c) returned 0x31e40b0 [0252.351] malloc (_Size=0x40) returned 0x1d7470 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] malloc (_Size=0xc) returned 0x31e1dc0 [0252.351] malloc (_Size=0x108) returned 0x1d74b8 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.351] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] free (_Block=0x31e40b0) [0252.352] free (_Block=0x1d14e8) [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.352] GetCurrentThreadId () returned 0x1130 [0252.353] GetCurrentThreadId () returned 0x1130 [0252.353] GetCurrentThreadId () returned 0x1130 [0252.353] GetCurrentThreadId () returned 0x1130 [0252.353] free (_Block=0x1d74b8) [0252.353] free (_Block=0x31e1dc0) [0252.353] free (_Block=0x1d7470) [0252.353] WriteFile (in: hFile=0x2b4, lpBuffer=0x24b5e68*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24b5e68*, lpNumberOfBytesWritten=0x19fbbc*=0xdc, lpOverlapped=0x0) returned 1 [0252.354] free (_Block=0x31d73c0) [0252.354] free (_Block=0x1d1338) [0252.354] CloseHandle (hObject=0x2b4) returned 1 [0252.354] CloseHandle (hObject=0x404) returned 1 [0252.354] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=8) returned 1 [0252.354] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=4) returned 1 [0252.355] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=8) returned 1 [0252.355] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=4) returned 1 [0252.355] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=8) returned 1 [0252.355] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=4) returned 1 [0252.355] SetLastError (dwErrCode=0x0) [0252.355] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", lpFilePart=0x19f9f8*="icon_16.png") returned 0x7b [0252.355] GetLastError () returned 0x0 [0252.355] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=8) returned 1 [0252.355] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=4) returned 1 [0252.355] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=8) returned 1 [0252.355] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=4) returned 1 [0252.355] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.355] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png")) returned 1 [0252.356] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1c, wMilliseconds=0x143)) [0252.356] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0252.356] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.357] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0252.357] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.357] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0252.357] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.357] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0252.357] CloseHandle (hObject=0x404) returned 1 [0252.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[icon_16.png]omgp:[MmAdr2:R`;B2P?6\"2T*<8YYx$Vk).b^_)AB+*wtr*X@e<]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0252.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[icon_16.png]omgp:[MmAdr2:R`;B2P?6\"2T*<8YYx$Vk).b^_)AB+*wtr*X@e<]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0252.357] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[icon_16.png]omgp:[MmAdr2:R`;B2P?6\"2T*<8YYx$Vk).b^_)AB+*wtr*X@e<]", cchWideChar=70, lpMultiByteStr=0x252c6b0, cbMultiByte=70, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[icon_16.png]omgp:[MmAdr2:R`;B2P?6\"2T*<8YYx$Vk).b^_)AB+*wtr*X@e<]", lpUsedDefaultChar=0x0) returned 70 [0252.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0252.363] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA=") returned 172 [0252.363] GetCurrentThreadId () returned 0x1130 [0252.363] GetCurrentThreadId () returned 0x1130 [0252.363] GetCurrentThreadId () returned 0x1130 [0252.363] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.363] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.363] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.363] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.364] SetLastError (dwErrCode=0x0) [0252.364] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320") returned 0xbb [0252.364] GetLastError () returned 0x0 [0252.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.364] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.364] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].wannacash ncov v310320")) returned 0x20 [0252.364] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [619].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.364] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0252.364] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.364] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xdc [0252.365] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.365] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0252.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.365] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.365] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.365] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.365] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.365] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3") returned 197 [0252.365] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.365] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3") returned 197 [0252.365] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xdc [0252.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.365] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UtLAyrU6ptQXgmob2qWS7VcmCK3DJqWgBzC1gPZmzwxmy84Qhd03JysHWHMQPeSDPdyvlqpm5EMFXE41/UgEkNUD4SMHB7hEIHpSI2q08lGahEUZpcMNPsb4L5vMjQRqPOIWq8bY/9CQydk/fpTUMpEEEVl2zXbkpw0lqVpFUAA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.365] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0252.365] CloseHandle (hObject=0x404) returned 1 [0252.366] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=8) returned 1 [0252.366] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=4) returned 1 [0252.366] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=8) returned 1 [0252.366] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=4) returned 1 [0252.366] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=8) returned 1 [0252.366] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=4) returned 1 [0252.366] SetLastError (dwErrCode=0x0) [0252.366] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", lpFilePart=0x19fa34*="icon_16.png") returned 0x7b [0252.366] GetLastError () returned 0x0 [0252.366] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=8) returned 1 [0252.366] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=4) returned 1 [0252.366] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=8) returned 1 [0252.366] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", cchCount2=4) returned 1 [0252.366] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.366] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png")) returned 0 [0252.366] GetLastError () returned 0x2 [0252.366] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png")) returned 0xffffffff [0252.366] SetLastError (dwErrCode=0x2) [0252.366] GetLastError () returned 0x2 [0252.366] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0252.366] LocalFree (hMem=0x92fe20) returned 0x0 [0252.367] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0252.367] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0252.367] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html")) returned 0x20 [0252.367] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34727328548) returned 1 [0252.367] GetCurrentThreadId () returned 0x1130 [0252.367] GetCurrentThreadId () returned 0x1130 [0252.367] GetCurrentThreadId () returned 0x1130 [0252.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6^{kzXHI<6+B98!@gX№Y9№B7t=BxX(;}%JkO\\OY{,Oyq&^d4)", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0252.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6^{kzXHI<6+B98!@gX№Y9№B7t=BxX(;}%JkO\\OY{,Oyq&^d4)", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0252.367] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6^{kzXHI<6+B98!@gX№Y9№B7t=BxX(;}%JkO\\OY{,Oyq&^d4)", cchWideChar=49, lpMultiByteStr=0x2516b18, cbMultiByte=53, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="6^{kzXHI<6+B98!@gXâ\x84\x96Y9â\x84\x96B7t=BxX(;}%JkO\\OY{,Oyq&^d4)", lpUsedDefaultChar=0x0) returned 53 [0252.367] GetCurrentThreadId () returned 0x1130 [0252.367] GetCurrentThreadId () returned 0x1130 [0252.367] GetCurrentThreadId () returned 0x1130 [0252.368] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.368] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.394] GetCurrentThreadId () returned 0x1130 [0252.395] malloc (_Size=0x64) returned 0x1d1338 [0252.395] GetCurrentThreadId () returned 0x1130 [0252.395] GetCurrentThreadId () returned 0x1130 [0252.395] GetCurrentThreadId () returned 0x1130 [0252.395] GetCurrentThreadId () returned 0x1130 [0252.395] GetCurrentThreadId () returned 0x1130 [0252.395] GetCurrentThreadId () returned 0x1130 [0252.395] free (_Block=0x1d1338) [0252.395] malloc (_Size=0x60) returned 0x1d1338 [0252.395] free (_Block=0x1d1338) [0252.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5c [0252.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.396] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5c [0252.396] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.396] ReadFile (in: hFile=0x404, lpBuffer=0x253b0b0, nNumberOfBytesToRead=0x5c, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x253b0b0*, lpNumberOfBytesRead=0x19fbc8*=0x5c, lpOverlapped=0x0) returned 1 [0252.397] malloc (_Size=0x8c) returned 0x1d1338 [0252.398] malloc (_Size=0xfc) returned 0x31d78e8 [0252.398] malloc (_Size=0x40) returned 0x1d14e8 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] malloc (_Size=0xa5c) returned 0x31e40b0 [0252.398] malloc (_Size=0x40) returned 0x1d7470 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.398] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] malloc (_Size=0xc) returned 0x31e1dc0 [0252.399] malloc (_Size=0xb0) returned 0x1d74b8 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.399] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] free (_Block=0x31e40b0) [0252.400] free (_Block=0x1d14e8) [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.400] GetCurrentThreadId () returned 0x1130 [0252.401] GetCurrentThreadId () returned 0x1130 [0252.401] GetCurrentThreadId () returned 0x1130 [0252.401] free (_Block=0x1d74b8) [0252.401] free (_Block=0x31e1dc0) [0252.401] free (_Block=0x1d7470) [0252.401] WriteFile (in: hFile=0x2b4, lpBuffer=0x24c9758*, nNumberOfBytesToWrite=0x9b, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24c9758*, lpNumberOfBytesWritten=0x19fbbc*=0x9b, lpOverlapped=0x0) returned 1 [0252.402] free (_Block=0x31d78e8) [0252.402] free (_Block=0x1d1338) [0252.402] CloseHandle (hObject=0x2b4) returned 1 [0252.403] CloseHandle (hObject=0x404) returned 1 [0252.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=8) returned 1 [0252.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=4) returned 1 [0252.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=8) returned 1 [0252.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=4) returned 1 [0252.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=8) returned 1 [0252.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=4) returned 1 [0252.403] SetLastError (dwErrCode=0x0) [0252.403] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", lpFilePart=0x19f9f8*="main.html") returned 0x79 [0252.403] GetLastError () returned 0x0 [0252.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=8) returned 1 [0252.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=4) returned 1 [0252.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=8) returned 1 [0252.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=4) returned 1 [0252.403] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.403] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html")) returned 1 [0252.405] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1c, wMilliseconds=0x172)) [0252.405] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0252.405] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.405] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0252.405] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.405] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0252.405] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.405] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0252.405] CloseHandle (hObject=0x404) returned 1 [0252.406] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[main.html]omgp:[6^{kzXHI<6+B98!@gX№Y9№B7t=BxX(;}%JkO\\OY{,Oyq&^d4)]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0252.406] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[main.html]omgp:[6^{kzXHI<6+B98!@gX№Y9№B7t=BxX(;}%JkO\\OY{,Oyq&^d4)]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0252.406] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[main.html]omgp:[6^{kzXHI<6+B98!@gX№Y9№B7t=BxX(;}%JkO\\OY{,Oyq&^d4)]", cchWideChar=72, lpMultiByteStr=0x252c6b0, cbMultiByte=72, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[main.html]omgp:[6^{kzXHI<6+B98!@gX?Y9?B7t=BxX(;}%JkO\\OY{,Oyq&^d4)]", lpUsedDefaultChar=0x0) returned 72 [0252.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0252.414] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8=") returned 172 [0252.414] GetCurrentThreadId () returned 0x1130 [0252.414] GetCurrentThreadId () returned 0x1130 [0252.414] GetCurrentThreadId () returned 0x1130 [0252.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.414] SetLastError (dwErrCode=0x0) [0252.414] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320") returned 0xbb [0252.414] GetLastError () returned 0x0 [0252.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.415] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.415] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].wannacash ncov v310320")) returned 0x20 [0252.415] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [620].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.415] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0252.415] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.415] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x9b [0252.416] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.416] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0252.416] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.416] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.416] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.416] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.416] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.416] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3") returned 197 [0252.416] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.416] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3") returned 197 [0252.416] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x9b [0252.416] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.416] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.416] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:yzR3WmYHkebAJCF45DLw5N2vy1bId+0wd8es2n6X2IWnIU/fClQpmcKr/Yz3nrSntfP8k0LiWK4xNCmldhB2ZjbODDKQUxAc4eHfHApqJPbAOCqBk2OOW11j5ofk4rpisIsoHTZvqJHSsRs2aDUqC2VRszfd/bQCm1ooQt99WH8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.416] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0252.417] CloseHandle (hObject=0x404) returned 1 [0252.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=8) returned 1 [0252.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=4) returned 1 [0252.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=8) returned 1 [0252.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=4) returned 1 [0252.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=8) returned 1 [0252.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=4) returned 1 [0252.417] SetLastError (dwErrCode=0x0) [0252.417] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", lpFilePart=0x19fa34*="main.html") returned 0x79 [0252.417] GetLastError () returned 0x0 [0252.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=8) returned 1 [0252.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=4) returned 1 [0252.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=8) returned 1 [0252.417] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", cchCount2=4) returned 1 [0252.417] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.417] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html")) returned 0 [0252.418] GetLastError () returned 0x2 [0252.418] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html")) returned 0xffffffff [0252.418] SetLastError (dwErrCode=0x2) [0252.418] GetLastError () returned 0x2 [0252.418] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0252.418] LocalFree (hMem=0x92fe20) returned 0x0 [0252.418] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0252.418] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0252.418] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js")) returned 0x20 [0252.419] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34732481694) returned 1 [0252.419] GetCurrentThreadId () returned 0x1130 [0252.419] GetCurrentThreadId () returned 0x1130 [0252.419] GetCurrentThreadId () returned 0x1130 [0252.419] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="N8|;MNB`>\"(WiMZz/17.X,J_>DQu", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0252.419] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="N8|;MNB`>\"(WiMZz/17.X,J_>DQu", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0252.419] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="N8|;MNB`>\"(WiMZz/17.X,J_>DQu", cchWideChar=28, lpMultiByteStr=0x2508420, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="N8|;MNB`>\"(WiMZz/17.X,J_>DQu\x10\x80P\x02¸\x88O", lpUsedDefaultChar=0x0) returned 28 [0252.419] GetCurrentThreadId () returned 0x1130 [0252.419] GetCurrentThreadId () returned 0x1130 [0252.419] GetCurrentThreadId () returned 0x1130 [0252.419] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.419] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] GetCurrentThreadId () returned 0x1130 [0252.420] malloc (_Size=0x64) returned 0x1d1338 [0252.421] GetCurrentThreadId () returned 0x1130 [0252.421] GetCurrentThreadId () returned 0x1130 [0252.421] GetCurrentThreadId () returned 0x1130 [0252.421] GetCurrentThreadId () returned 0x1130 [0252.421] GetCurrentThreadId () returned 0x1130 [0252.421] GetCurrentThreadId () returned 0x1130 [0252.421] free (_Block=0x1d1338) [0252.421] malloc (_Size=0x60) returned 0x1d1338 [0252.421] free (_Block=0x1d1338) [0252.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5b [0252.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5b [0252.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.421] ReadFile (in: hFile=0x404, lpBuffer=0x253b0b0, nNumberOfBytesToRead=0x5b, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x253b0b0*, lpNumberOfBytesRead=0x19fbc8*=0x5b, lpOverlapped=0x0) returned 1 [0252.423] malloc (_Size=0x8c) returned 0x1d1338 [0252.423] malloc (_Size=0xfc) returned 0x31d7af8 [0252.423] malloc (_Size=0x40) returned 0x1d14e8 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] malloc (_Size=0xa5c) returned 0x31e40b0 [0252.423] malloc (_Size=0x40) returned 0x1d7470 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.423] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] malloc (_Size=0xc) returned 0x31e1e50 [0252.424] malloc (_Size=0xb0) returned 0x1d74b8 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.424] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] free (_Block=0x31e40b0) [0252.425] free (_Block=0x1d14e8) [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.425] GetCurrentThreadId () returned 0x1130 [0252.426] free (_Block=0x1d74b8) [0252.426] free (_Block=0x31e1e50) [0252.426] free (_Block=0x1d7470) [0252.426] WriteFile (in: hFile=0x2b4, lpBuffer=0x24c9808*, nNumberOfBytesToWrite=0x9b, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24c9808*, lpNumberOfBytesWritten=0x19fbbc*=0x9b, lpOverlapped=0x0) returned 1 [0252.427] free (_Block=0x31d7af8) [0252.427] free (_Block=0x1d1338) [0252.427] CloseHandle (hObject=0x2b4) returned 1 [0252.427] CloseHandle (hObject=0x404) returned 1 [0252.427] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=8) returned 1 [0252.427] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=4) returned 1 [0252.427] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=8) returned 1 [0252.427] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=4) returned 1 [0252.427] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=8) returned 1 [0252.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=4) returned 1 [0252.428] SetLastError (dwErrCode=0x0) [0252.428] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", lpFilePart=0x19f9f8*="main.js") returned 0x77 [0252.428] GetLastError () returned 0x0 [0252.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=8) returned 1 [0252.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=4) returned 1 [0252.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=8) returned 1 [0252.428] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=4) returned 1 [0252.428] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.428] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js")) returned 1 [0252.429] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1c, wMilliseconds=0x182)) [0252.429] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0252.430] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.430] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0252.430] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.430] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0252.430] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.430] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0252.430] CloseHandle (hObject=0x404) returned 1 [0252.430] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[main.js]omgp:[N8|;MNB`>\"(WiMZz/17.X,J_>DQu]", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0252.430] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[main.js]omgp:[N8|;MNB`>\"(WiMZz/17.X,J_>DQu]", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0252.430] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[main.js]omgp:[N8|;MNB`>\"(WiMZz/17.X,J_>DQu]", cchWideChar=49, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[main.js]omgp:[N8|;MNB`>\"(WiMZz/17.X,J_>DQu]", lpUsedDefaultChar=0x0) returned 49 [0252.480] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0252.480] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU=") returned 172 [0252.480] GetCurrentThreadId () returned 0x1130 [0252.481] GetCurrentThreadId () returned 0x1130 [0252.481] GetCurrentThreadId () returned 0x1130 [0252.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.481] SetLastError (dwErrCode=0x0) [0252.481] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320") returned 0xbb [0252.481] GetLastError () returned 0x0 [0252.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.481] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.481] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].wannacash ncov v310320")) returned 0x20 [0252.482] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [621].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.482] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0252.482] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.482] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x9b [0252.482] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.482] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0252.482] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.482] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.482] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.482] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.483] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3") returned 197 [0252.483] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.483] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3") returned 197 [0252.483] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x9b [0252.483] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.483] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.483] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:GBV/sSEeAvrlHiOGMwi7oDeZIgW81hYA/OO1fqMu0o0sEKivpjGepvRIXuNN2kZgYpBdVUyP4g/81ITDRzyL0Nb4oH9JK8CkL0B7PBUSSwFcvNXrnKmotXjKjUL6DH+3pJz3MQRVBaZFRlEVrdVfKGI44nNqIsSZhxMTIqwNIgU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.483] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0252.483] CloseHandle (hObject=0x404) returned 1 [0252.483] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=8) returned 1 [0252.483] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=4) returned 1 [0252.483] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=8) returned 1 [0252.483] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=4) returned 1 [0252.483] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=8) returned 1 [0252.483] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=4) returned 1 [0252.483] SetLastError (dwErrCode=0x0) [0252.484] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", lpFilePart=0x19fa34*="main.js") returned 0x77 [0252.484] GetLastError () returned 0x0 [0252.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=8) returned 1 [0252.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=4) returned 1 [0252.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=8) returned 1 [0252.484] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", cchCount2=4) returned 1 [0252.484] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0")) returned 0x10 [0252.484] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js")) returned 0 [0252.484] GetLastError () returned 0x2 [0252.484] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js")) returned 0xffffffff [0252.484] SetLastError (dwErrCode=0x2) [0252.484] GetLastError () returned 0x2 [0252.484] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0252.484] LocalFree (hMem=0x92fe20) returned 0x0 [0252.484] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0252.485] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0252.485] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png")) returned 0x20 [0252.485] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34739139476) returned 1 [0252.485] GetCurrentThreadId () returned 0x1130 [0252.485] GetCurrentThreadId () returned 0x1130 [0252.485] GetCurrentThreadId () returned 0x1130 [0252.485] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2GnT+oE,3mR8PwCxDH,%W:eMKlO2B@", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0252.485] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2GnT+oE,3mR8PwCxDH,%W:eMKlO2B@", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0252.486] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2GnT+oE,3mR8PwCxDH,%W:eMKlO2B@", cchWideChar=47, lpMultiByteStr=0x25337d8, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="2GnT+oE,3mR8PwCxDH,%W:eMKlO2B@u]", lpUsedDefaultChar=0x0) returned 47 [0252.486] GetCurrentThreadId () returned 0x1130 [0252.486] GetCurrentThreadId () returned 0x1130 [0252.486] GetCurrentThreadId () returned 0x1130 [0252.486] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.486] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0252.486] GetCurrentThreadId () returned 0x1130 [0252.486] GetCurrentThreadId () returned 0x1130 [0252.486] GetCurrentThreadId () returned 0x1130 [0252.486] GetCurrentThreadId () returned 0x1130 [0252.486] GetCurrentThreadId () returned 0x1130 [0252.486] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] malloc (_Size=0x64) returned 0x1d1338 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] GetCurrentThreadId () returned 0x1130 [0252.487] free (_Block=0x1d1338) [0252.487] malloc (_Size=0x60) returned 0x1d1338 [0252.487] free (_Block=0x1d1338) [0252.487] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.488] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1a33 [0252.488] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.488] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.488] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1a33 [0252.488] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.488] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x1a33, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x1a33, lpOverlapped=0x0) returned 1 [0252.504] malloc (_Size=0x8c) returned 0x1d1338 [0252.504] malloc (_Size=0xfc) returned 0x31d70a8 [0252.504] malloc (_Size=0x40) returned 0x1d14e8 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] malloc (_Size=0xa5c) returned 0x31e40b0 [0252.504] malloc (_Size=0x40) returned 0x1d7470 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.504] GetCurrentThreadId () returned 0x1130 [0252.505] GetCurrentThreadId () returned 0x1130 [0252.505] GetCurrentThreadId () returned 0x1130 [0252.505] GetCurrentThreadId () returned 0x1130 [0252.505] GetCurrentThreadId () returned 0x1130 [0252.505] GetCurrentThreadId () returned 0x1130 [0252.505] GetCurrentThreadId () returned 0x1130 [0252.505] GetCurrentThreadId () returned 0x1130 [0252.505] malloc (_Size=0xc) returned 0x31e1dc0 [0252.505] malloc (_Size=0x720) returned 0x31d2860 [0252.505] malloc (_Size=0xe3c) returned 0x1d9aa8 [0252.505] free (_Block=0x31d2860) [0252.505] malloc (_Size=0x15ac) returned 0x1da8f0 [0252.506] free (_Block=0x1d9aa8) [0252.506] malloc (_Size=0x23e4) returned 0x1dbea8 [0252.506] free (_Block=0x1da8f0) [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] GetCurrentThreadId () returned 0x1130 [0252.506] free (_Block=0x31e40b0) [0252.506] free (_Block=0x1d14e8) [0252.506] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] GetCurrentThreadId () returned 0x1130 [0252.507] free (_Block=0x1dbea8) [0252.508] free (_Block=0x31e1dc0) [0252.508] free (_Block=0x1d7470) [0252.508] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b9e08*, nNumberOfBytesToWrite=0x23a5, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b9e08*, lpNumberOfBytesWritten=0x19fbbc*=0x23a5, lpOverlapped=0x0) returned 1 [0252.510] free (_Block=0x31d70a8) [0252.510] free (_Block=0x1d1338) [0252.510] CloseHandle (hObject=0x2b4) returned 1 [0252.510] CloseHandle (hObject=0x404) returned 1 [0252.510] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=8) returned 1 [0252.510] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=4) returned 1 [0252.510] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=8) returned 1 [0252.510] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=4) returned 1 [0252.510] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=8) returned 1 [0252.510] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=4) returned 1 [0252.510] SetLastError (dwErrCode=0x0) [0252.510] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", lpFilePart=0x19f9f8*="128.png") returned 0x78 [0252.510] GetLastError () returned 0x0 [0252.510] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=8) returned 1 [0252.510] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=4) returned 1 [0252.511] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=8) returned 1 [0252.511] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=4) returned 1 [0252.511] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0")) returned 0x10 [0252.511] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png")) returned 1 [0252.512] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1c, wMilliseconds=0x1e0)) [0252.512] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0252.512] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.513] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0252.513] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.513] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0252.513] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.513] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0252.513] CloseHandle (hObject=0x404) returned 1 [0252.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[2GnT+oE,3mR8PwCxDH,%W:eMKlO2B@]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0252.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[2GnT+oE,3mR8PwCxDH,%W:eMKlO2B@]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0252.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[2GnT+oE,3mR8PwCxDH,%W:eMKlO2B@]", cchWideChar=68, lpMultiByteStr=0x2541be8, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[128.png]omgp:[2GnT+oE,3mR8PwCxDH,%W:eMKlO2B@]\x81\x1cT\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 68 [0252.522] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0252.522] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY=") returned 172 [0252.522] GetCurrentThreadId () returned 0x1130 [0252.522] GetCurrentThreadId () returned 0x1130 [0252.522] GetCurrentThreadId () returned 0x1130 [0252.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.522] SetLastError (dwErrCode=0x0) [0252.522] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320") returned 0xbc [0252.522] GetLastError () returned 0x0 [0252.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.522] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.522] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0")) returned 0x10 [0252.523] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].wannacash ncov v310320")) returned 0x20 [0252.523] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [622].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.523] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0252.523] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.523] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x23a5 [0252.523] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.523] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0252.523] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.523] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.523] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.524] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.524] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.524] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3") returned 197 [0252.524] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.524] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3") returned 197 [0252.524] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x23a5 [0252.524] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.524] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.524] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:e1vBX21SI5dHHKYzblULAwPzjOTHXdL3ZmXVmEDR1QTwknHQyEa96HJ2WTJ1mPhRPRMl4OdeM1Stqx6YZdn8aqQSK1DE064WbFcuemz7/+ooWvzrhV6wwJKT4jvdIIL4wAmmbWpAk45NhwveHh4qKG3vOIifiqkTqxSUC5IXfRY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.524] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0252.524] CloseHandle (hObject=0x404) returned 1 [0252.524] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=8) returned 1 [0252.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=4) returned 1 [0252.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=8) returned 1 [0252.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=4) returned 1 [0252.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=8) returned 1 [0252.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=4) returned 1 [0252.552] SetLastError (dwErrCode=0x0) [0252.552] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", lpFilePart=0x19fa34*="128.png") returned 0x78 [0252.552] GetLastError () returned 0x0 [0252.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=8) returned 1 [0252.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=4) returned 1 [0252.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=8) returned 1 [0252.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", cchCount2=4) returned 1 [0252.552] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0")) returned 0x10 [0252.552] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png")) returned 0 [0252.552] GetLastError () returned 0x2 [0252.553] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png")) returned 0xffffffff [0252.553] SetLastError (dwErrCode=0x2) [0252.553] GetLastError () returned 0x2 [0252.553] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0252.553] LocalFree (hMem=0x92fe20) returned 0x0 [0252.553] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0252.553] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0252.553] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png")) returned 0x20 [0252.554] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34745976153) returned 1 [0252.554] GetCurrentThreadId () returned 0x1130 [0252.554] GetCurrentThreadId () returned 0x1130 [0252.554] GetCurrentThreadId () returned 0x1130 [0252.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KuXlPA(@S\"B3zn:)f6~DQSfHVOsU=_kPVu&", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0252.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KuXlPA(@S\"B3zn:)f6~DQSfHVOsU=_kPVu&", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0252.554] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KuXlPA(@S\"B3zn:)f6~DQSfHVOsU=_kPVu&", cchWideChar=35, lpMultiByteStr=0x250f7e8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="KuXlPA(@S\"B3zn:)f6~DQSfHVOsU=_kPVu&", lpUsedDefaultChar=0x0) returned 35 [0252.554] GetCurrentThreadId () returned 0x1130 [0252.554] GetCurrentThreadId () returned 0x1130 [0252.554] GetCurrentThreadId () returned 0x1130 [0252.554] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.554] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] malloc (_Size=0x64) returned 0x1d1338 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.555] GetCurrentThreadId () returned 0x1130 [0252.556] GetCurrentThreadId () returned 0x1130 [0252.556] GetCurrentThreadId () returned 0x1130 [0252.556] GetCurrentThreadId () returned 0x1130 [0252.556] free (_Block=0x1d1338) [0252.556] malloc (_Size=0x60) returned 0x1d1338 [0252.556] free (_Block=0x1d1338) [0252.556] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.556] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xd4e [0252.556] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.556] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.556] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xd4e [0252.556] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.556] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xd4e, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xd4e, lpOverlapped=0x0) returned 1 [0252.571] malloc (_Size=0x8c) returned 0x1d1338 [0252.571] malloc (_Size=0xfc) returned 0x31d7af8 [0252.571] malloc (_Size=0x40) returned 0x1d14e8 [0252.571] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] malloc (_Size=0xa5c) returned 0x31e40b0 [0252.572] malloc (_Size=0x40) returned 0x1d7470 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] GetCurrentThreadId () returned 0x1130 [0252.572] malloc (_Size=0xc) returned 0x31e1ca0 [0252.573] malloc (_Size=0x720) returned 0x31d2860 [0252.573] malloc (_Size=0xe3c) returned 0x1d9aa8 [0252.573] free (_Block=0x31d2860) [0252.573] malloc (_Size=0x15ac) returned 0x1da8f0 [0252.573] free (_Block=0x1d9aa8) [0252.573] GetCurrentThreadId () returned 0x1130 [0252.573] GetCurrentThreadId () returned 0x1130 [0252.573] GetCurrentThreadId () returned 0x1130 [0252.573] GetCurrentThreadId () returned 0x1130 [0252.573] GetCurrentThreadId () returned 0x1130 [0252.573] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] free (_Block=0x31e40b0) [0252.574] free (_Block=0x1d14e8) [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.574] GetCurrentThreadId () returned 0x1130 [0252.575] GetCurrentThreadId () returned 0x1130 [0252.575] GetCurrentThreadId () returned 0x1130 [0252.575] GetCurrentThreadId () returned 0x1130 [0252.575] GetCurrentThreadId () returned 0x1130 [0252.575] GetCurrentThreadId () returned 0x1130 [0252.575] free (_Block=0x1da8f0) [0252.575] free (_Block=0x31e1ca0) [0252.575] free (_Block=0x1d7470) [0252.575] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b75d8*, nNumberOfBytesToWrite=0x1220, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b75d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1220, lpOverlapped=0x0) returned 1 [0252.576] free (_Block=0x31d7af8) [0252.577] free (_Block=0x1d1338) [0252.577] CloseHandle (hObject=0x2b4) returned 1 [0252.577] CloseHandle (hObject=0x404) returned 1 [0252.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=8) returned 1 [0252.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=4) returned 1 [0252.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=8) returned 1 [0252.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=4) returned 1 [0252.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=8) returned 1 [0252.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=4) returned 1 [0252.577] SetLastError (dwErrCode=0x0) [0252.577] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", lpFilePart=0x19f9f8*="128.png") returned 0x79 [0252.577] GetLastError () returned 0x0 [0252.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=8) returned 1 [0252.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=4) returned 1 [0252.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=8) returned 1 [0252.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=4) returned 1 [0252.577] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0")) returned 0x10 [0252.578] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png")) returned 1 [0252.579] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1c, wMilliseconds=0x21e)) [0252.579] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0252.579] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.579] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0252.579] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.579] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0252.580] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.580] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0252.580] CloseHandle (hObject=0x404) returned 1 [0252.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[KuXlPA(@S\"B3zn:)f6~DQSfHVOsU=_kPVu&]", cchWideChar=56, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0252.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[KuXlPA(@S\"B3zn:)f6~DQSfHVOsU=_kPVu&]", cchWideChar=56, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0252.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[KuXlPA(@S\"B3zn:)f6~DQSfHVOsU=_kPVu&]", cchWideChar=56, lpMultiByteStr=0x2516a88, cbMultiByte=56, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[128.png]omgp:[KuXlPA(@S\"B3zn:)f6~DQSfHVOsU=_kPVu&]", lpUsedDefaultChar=0x0) returned 56 [0252.588] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0252.589] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8=") returned 172 [0252.589] GetCurrentThreadId () returned 0x1130 [0252.589] GetCurrentThreadId () returned 0x1130 [0252.589] GetCurrentThreadId () returned 0x1130 [0252.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.589] SetLastError (dwErrCode=0x0) [0252.589] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320") returned 0xbd [0252.589] GetLastError () returned 0x0 [0252.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.589] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0")) returned 0x10 [0252.589] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].wannacash ncov v310320")) returned 0x20 [0252.590] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [623].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.590] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0252.590] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.590] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1220 [0252.590] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.590] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0252.590] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.590] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.590] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.590] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.591] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.591] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.591] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.591] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3") returned 197 [0252.591] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.591] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3") returned 197 [0252.591] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1220 [0252.591] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.591] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.591] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:EOyQZjHofgCtb1gWU58/HEQkZ6Vgr4GDr8Vw6XnDdLZsb3NENaJTYPFXK0c0ekg3kI3HfG1RP3Pw11JSkyztOUasCw5AsSCkHI0bqU/uqUzRObCS53RX+t69dEDxelp+SurfSvaPubcv9jVr7Jnx/EhM844g5PbE2n6Qu6x6Fk8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.591] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0252.591] CloseHandle (hObject=0x404) returned 1 [0252.591] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=8) returned 1 [0252.592] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=4) returned 1 [0252.592] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=8) returned 1 [0252.592] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=4) returned 1 [0252.592] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=8) returned 1 [0252.592] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=4) returned 1 [0252.592] SetLastError (dwErrCode=0x0) [0252.592] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", lpFilePart=0x19fa34*="128.png") returned 0x79 [0252.592] GetLastError () returned 0x0 [0252.592] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=8) returned 1 [0252.592] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=4) returned 1 [0252.592] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=8) returned 1 [0252.592] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", cchCount2=4) returned 1 [0252.592] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0")) returned 0x10 [0252.592] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png")) returned 0 [0252.592] GetLastError () returned 0x2 [0252.592] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png")) returned 0xffffffff [0252.592] SetLastError (dwErrCode=0x2) [0252.592] GetLastError () returned 0x2 [0252.593] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0252.593] LocalFree (hMem=0x92fe20) returned 0x0 [0252.593] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0252.593] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0252.593] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png")) returned 0x20 [0252.593] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34749962043) returned 1 [0252.594] GetCurrentThreadId () returned 0x1130 [0252.594] GetCurrentThreadId () returned 0x1130 [0252.594] GetCurrentThreadId () returned 0x1130 [0252.594] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Y&%/Q+5$DR2wU7xg;d/I?M<)24+g", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0252.594] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Y&%/Q+5$DR2wU7xg;d/I?M<)24+g", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0252.594] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Y&%/Q+5$DR2wU7xg;d/I?M<)24+g", cchWideChar=40, lpMultiByteStr=0x2525040, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Y&%/Q+5$DR2wU7xg;d/I?M<)24+g", lpUsedDefaultChar=0x0) returned 40 [0252.594] GetCurrentThreadId () returned 0x1130 [0252.594] GetCurrentThreadId () returned 0x1130 [0252.594] GetCurrentThreadId () returned 0x1130 [0252.594] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.594] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] malloc (_Size=0x64) returned 0x1d1338 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.595] GetCurrentThreadId () returned 0x1130 [0252.596] free (_Block=0x1d1338) [0252.596] malloc (_Size=0x60) returned 0x1d1338 [0252.596] free (_Block=0x1d1338) [0252.596] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.596] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1378 [0252.596] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.596] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.596] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1378 [0252.596] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.596] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x1378, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x1378, lpOverlapped=0x0) returned 1 [0252.631] malloc (_Size=0x8c) returned 0x1d1338 [0252.631] malloc (_Size=0xfc) returned 0x31d72b8 [0252.632] malloc (_Size=0x40) returned 0x1d14e8 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] malloc (_Size=0xa5c) returned 0x31e40b0 [0252.632] malloc (_Size=0x40) returned 0x1d7470 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.632] GetCurrentThreadId () returned 0x1130 [0252.633] GetCurrentThreadId () returned 0x1130 [0252.633] GetCurrentThreadId () returned 0x1130 [0252.633] GetCurrentThreadId () returned 0x1130 [0252.633] malloc (_Size=0xc) returned 0x31e1ef8 [0252.633] malloc (_Size=0x720) returned 0x31d2860 [0252.633] malloc (_Size=0xe3c) returned 0x1d9aa8 [0252.633] free (_Block=0x31d2860) [0252.633] malloc (_Size=0x15ac) returned 0x1da8f0 [0252.633] free (_Block=0x1d9aa8) [0252.633] malloc (_Size=0x2338) returned 0x1dbea8 [0252.634] free (_Block=0x1da8f0) [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] GetCurrentThreadId () returned 0x1130 [0252.634] free (_Block=0x31e40b0) [0252.634] free (_Block=0x1d14e8) [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] GetCurrentThreadId () returned 0x1130 [0252.635] free (_Block=0x1dbea8) [0252.636] free (_Block=0x31e1ef8) [0252.636] free (_Block=0x1d7470) [0252.636] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b9008*, nNumberOfBytesToWrite=0x1a81, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b9008*, lpNumberOfBytesWritten=0x19fbbc*=0x1a81, lpOverlapped=0x0) returned 1 [0252.637] free (_Block=0x31d72b8) [0252.637] free (_Block=0x1d1338) [0252.637] CloseHandle (hObject=0x2b4) returned 1 [0252.637] CloseHandle (hObject=0x404) returned 1 [0252.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=8) returned 1 [0252.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=4) returned 1 [0252.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=8) returned 1 [0252.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=4) returned 1 [0252.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=8) returned 1 [0252.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=4) returned 1 [0252.638] SetLastError (dwErrCode=0x0) [0252.638] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", lpFilePart=0x19f9f8*="128.png") returned 0x77 [0252.638] GetLastError () returned 0x0 [0252.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=8) returned 1 [0252.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=4) returned 1 [0252.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=8) returned 1 [0252.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=4) returned 1 [0252.638] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1")) returned 0x10 [0252.638] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png")) returned 1 [0252.639] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1c, wMilliseconds=0x25d)) [0252.640] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0252.640] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.640] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0252.640] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.640] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0252.640] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.640] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0252.640] CloseHandle (hObject=0x404) returned 1 [0252.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[Y&%/Q+5$DR2wU7xg;d/I?M<)24+g]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0252.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[Y&%/Q+5$DR2wU7xg;d/I?M<)24+g]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0252.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[Y&%/Q+5$DR2wU7xg;d/I?M<)24+g]", cchWideChar=61, lpMultiByteStr=0x2541be8, cbMultiByte=61, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[128.png]omgp:[Y&%/Q+5$DR2wU7xg;d/I?M<)24+g]", lpUsedDefaultChar=0x0) returned 61 [0252.648] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0252.648] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE=") returned 172 [0252.649] GetCurrentThreadId () returned 0x1130 [0252.649] GetCurrentThreadId () returned 0x1130 [0252.649] GetCurrentThreadId () returned 0x1130 [0252.649] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.649] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.649] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.649] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.649] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.649] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.649] SetLastError (dwErrCode=0x0) [0252.649] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320") returned 0xbb [0252.649] GetLastError () returned 0x0 [0252.649] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.649] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.649] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.649] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.649] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1")) returned 0x10 [0252.649] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].wannacash ncov v310320")) returned 0x20 [0252.650] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [624].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.650] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0252.650] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.650] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1a81 [0252.650] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.650] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0252.650] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.651] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.651] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.651] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.651] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.651] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3") returned 197 [0252.651] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.651] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3") returned 197 [0252.651] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1a81 [0252.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:XHTTj/IDyYSgGN2sfrP2xZr3W/juv+t2d9LAKtyoYmKBaw3bu3yW4ZMEJ6GOlb5fTqL2u9WF964g6nH1ImX6b9GoPcwOi4X5Z4lxRLv8Cc4ZjaW8185iM1S8aWsgpDQrwLkcdyih780XErPV9EP110m3ErdjjVIJ+9endcaxfSE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.651] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0252.651] CloseHandle (hObject=0x404) returned 1 [0252.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=8) returned 1 [0252.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=4) returned 1 [0252.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=8) returned 1 [0252.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=4) returned 1 [0252.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=8) returned 1 [0252.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=4) returned 1 [0252.652] SetLastError (dwErrCode=0x0) [0252.652] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", lpFilePart=0x19fa34*="128.png") returned 0x77 [0252.652] GetLastError () returned 0x0 [0252.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=8) returned 1 [0252.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=4) returned 1 [0252.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=8) returned 1 [0252.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", cchCount2=4) returned 1 [0252.652] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1")) returned 0x10 [0252.652] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png")) returned 0 [0252.652] GetLastError () returned 0x2 [0252.652] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png")) returned 0xffffffff [0252.653] SetLastError (dwErrCode=0x2) [0252.653] GetLastError () returned 0x2 [0252.653] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0252.653] LocalFree (hMem=0x92fe20) returned 0x0 [0252.653] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0252.653] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0252.653] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js")) returned 0x20 [0252.654] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34756052355) returned 1 [0252.654] GetCurrentThreadId () returned 0x1130 [0252.655] GetCurrentThreadId () returned 0x1130 [0252.655] GetCurrentThreadId () returned 0x1130 [0252.655] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&Chd;Ce\\2\\;L,@|XDv8№p-qFLT5CFA&+%V8w&,Ht/ZNN", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0252.655] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&Chd;Ce\\2\\;L,@|XDv8№p-qFLT5CFA&+%V8w&,Ht/ZNN", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0252.655] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&Chd;Ce\\2\\;L,@|XDv8№p-qFLT5CFA&+%V8w&,Ht/ZNN", cchWideChar=44, lpMultiByteStr=0x25337d8, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="&Chd;Ce\\2\\;L,@|XDv8â\x84\x96p-qFLT5CFA&+%V8w&,Ht/ZNN", lpUsedDefaultChar=0x0) returned 46 [0252.655] GetCurrentThreadId () returned 0x1130 [0252.655] GetCurrentThreadId () returned 0x1130 [0252.655] GetCurrentThreadId () returned 0x1130 [0252.655] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.655] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] malloc (_Size=0x64) returned 0x1d1338 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.656] GetCurrentThreadId () returned 0x1130 [0252.657] GetCurrentThreadId () returned 0x1130 [0252.657] GetCurrentThreadId () returned 0x1130 [0252.657] GetCurrentThreadId () returned 0x1130 [0252.657] free (_Block=0x1d1338) [0252.657] malloc (_Size=0x60) returned 0x1d1338 [0252.657] free (_Block=0x1d1338) [0252.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1103 [0252.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1103 [0252.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.657] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0x1103, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0x1103, lpOverlapped=0x0) returned 1 [0252.672] malloc (_Size=0x8c) returned 0x1d1338 [0252.672] malloc (_Size=0xfc) returned 0x31d72b8 [0252.672] malloc (_Size=0x40) returned 0x1d14e8 [0252.672] GetCurrentThreadId () returned 0x1130 [0252.672] GetCurrentThreadId () returned 0x1130 [0252.672] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] malloc (_Size=0xa5c) returned 0x31e40b0 [0252.673] malloc (_Size=0x40) returned 0x1d7470 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] GetCurrentThreadId () returned 0x1130 [0252.673] malloc (_Size=0xc) returned 0x31e1ca0 [0252.673] malloc (_Size=0x720) returned 0x31d2860 [0252.674] malloc (_Size=0xe3c) returned 0x1d9aa8 [0252.674] free (_Block=0x31d2860) [0252.674] malloc (_Size=0x15ac) returned 0x1da8f0 [0252.674] free (_Block=0x1d9aa8) [0252.674] malloc (_Size=0x1ed0) returned 0x1dbea8 [0252.674] free (_Block=0x1da8f0) [0252.674] GetCurrentThreadId () returned 0x1130 [0252.674] GetCurrentThreadId () returned 0x1130 [0252.674] GetCurrentThreadId () returned 0x1130 [0252.674] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] free (_Block=0x31e40b0) [0252.675] free (_Block=0x1d14e8) [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.675] GetCurrentThreadId () returned 0x1130 [0252.676] GetCurrentThreadId () returned 0x1130 [0252.676] GetCurrentThreadId () returned 0x1130 [0252.676] GetCurrentThreadId () returned 0x1130 [0252.676] GetCurrentThreadId () returned 0x1130 [0252.676] GetCurrentThreadId () returned 0x1130 [0252.676] GetCurrentThreadId () returned 0x1130 [0252.676] GetCurrentThreadId () returned 0x1130 [0252.676] GetCurrentThreadId () returned 0x1130 [0252.676] free (_Block=0x1dbea8) [0252.676] free (_Block=0x31e1ca0) [0252.676] free (_Block=0x1d7470) [0252.676] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b78d8*, nNumberOfBytesToWrite=0x1734, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b78d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1734, lpOverlapped=0x0) returned 1 [0252.677] free (_Block=0x31d72b8) [0252.677] free (_Block=0x1d1338) [0252.677] CloseHandle (hObject=0x2b4) returned 1 [0252.677] CloseHandle (hObject=0x404) returned 1 [0252.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=8) returned 1 [0252.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=4) returned 1 [0252.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=8) returned 1 [0252.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=4) returned 1 [0252.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=8) returned 1 [0252.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=4) returned 1 [0252.677] SetLastError (dwErrCode=0x0) [0252.677] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", lpFilePart=0x19f9f8*="contentscript_bin_prod.js") returned 0x89 [0252.677] GetLastError () returned 0x0 [0252.677] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=8) returned 1 [0252.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=4) returned 1 [0252.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=8) returned 1 [0252.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=4) returned 1 [0252.678] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1")) returned 0x10 [0252.678] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js")) returned 1 [0252.679] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1c, wMilliseconds=0x27c)) [0252.679] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0252.679] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.679] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0252.680] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.680] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0252.680] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.680] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0252.680] CloseHandle (hObject=0x404) returned 1 [0252.680] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[contentscript_bin_prod.js]omgp:[&Chd;Ce\\2\\;L,@|XDv8№p-qFLT5CFA&+%V8w&,Ht/ZNN]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0252.680] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[contentscript_bin_prod.js]omgp:[&Chd;Ce\\2\\;L,@|XDv8№p-qFLT5CFA&+%V8w&,Ht/ZNN]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0252.680] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[contentscript_bin_prod.js]omgp:[&Chd;Ce\\2\\;L,@|XDv8№p-qFLT5CFA&+%V8w&,Ht/ZNN]", cchWideChar=83, lpMultiByteStr=0x251e148, cbMultiByte=83, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[contentscript_bin_prod.js]omgp:[&Chd;Ce\\2\\;L,@|XDv8?p-qFLT5CFA&+%V8w&,Ht/ZNN]", lpUsedDefaultChar=0x0) returned 83 [0252.777] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0252.777] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM=") returned 172 [0252.777] GetCurrentThreadId () returned 0x1130 [0252.777] GetCurrentThreadId () returned 0x1130 [0252.777] GetCurrentThreadId () returned 0x1130 [0252.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.777] SetLastError (dwErrCode=0x0) [0252.777] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320") returned 0xbb [0252.777] GetLastError () returned 0x0 [0252.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.778] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.778] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.778] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1")) returned 0x10 [0252.778] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].wannacash ncov v310320")) returned 0x20 [0252.778] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [625].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.778] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0252.778] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.778] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1734 [0252.778] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.779] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0252.779] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.779] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.779] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.779] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.779] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.779] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.779] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.779] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3") returned 197 [0252.779] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.779] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3") returned 197 [0252.779] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1734 [0252.779] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.779] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.779] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:U6qeO0z7X6JduWqxbP8Rppnt3VdaX1C5b1vwMu2+hl2NcqnyjocNnbagcRSyjHDM7oIjmRCiJsvQDfm0VDVDWPkXP7MweNKv0FhQYiZ5mZx2+/U+EsVMyQXWWDgB/EN0B4/D5oU1wzL5QrqcaxbOdZgOCDtCS5gMmfi7WTHwXhM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.779] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0252.780] CloseHandle (hObject=0x404) returned 1 [0252.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=8) returned 1 [0252.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=4) returned 1 [0252.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=8) returned 1 [0252.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=4) returned 1 [0252.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=8) returned 1 [0252.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=4) returned 1 [0252.780] SetLastError (dwErrCode=0x0) [0252.780] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", lpFilePart=0x19fa34*="contentscript_bin_prod.js") returned 0x89 [0252.780] GetLastError () returned 0x0 [0252.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=8) returned 1 [0252.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=4) returned 1 [0252.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=8) returned 1 [0252.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js", cchCount2=4) returned 1 [0252.780] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1")) returned 0x10 [0252.780] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js")) returned 0 [0252.781] GetLastError () returned 0x2 [0252.781] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\contentscript_bin_prod.js")) returned 0xffffffff [0252.781] SetLastError (dwErrCode=0x2) [0252.781] GetLastError () returned 0x2 [0252.781] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0252.781] LocalFree (hMem=0x92fe20) returned 0x0 [0252.781] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0252.781] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0252.781] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js")) returned 0x20 [0252.782] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34768783411) returned 1 [0252.782] GetCurrentThreadId () returned 0x1130 [0252.782] GetCurrentThreadId () returned 0x1130 [0252.782] GetCurrentThreadId () returned 0x1130 [0252.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}QFz;LC!2lBh~5&2kwE292P!>H~^EYKP", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0252.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}QFz;LC!2lBh~5&2kwE292P!>H~^EYKP", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0252.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="}QFz;LC!2lBh~5&2kwE292P!>H~^EYKP", cchWideChar=32, lpMultiByteStr=0x250f7e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="}QFz;LC!2lBh~5&2kwE292P!>H~^EYKP", lpUsedDefaultChar=0x0) returned 32 [0252.782] GetCurrentThreadId () returned 0x1130 [0252.782] GetCurrentThreadId () returned 0x1130 [0252.782] GetCurrentThreadId () returned 0x1130 [0252.782] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.782] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] malloc (_Size=0x64) returned 0x1d1338 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.783] GetCurrentThreadId () returned 0x1130 [0252.784] GetCurrentThreadId () returned 0x1130 [0252.784] GetCurrentThreadId () returned 0x1130 [0252.784] GetCurrentThreadId () returned 0x1130 [0252.784] free (_Block=0x1d1338) [0252.784] malloc (_Size=0x60) returned 0x1d1338 [0252.784] free (_Block=0x1d1338) [0252.784] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.784] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5b6c [0252.784] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.784] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.784] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5b6c [0252.784] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0252.784] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x5b6c, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x5b6c, lpOverlapped=0x0) returned 1 [0252.800] malloc (_Size=0x8c) returned 0x1d1338 [0252.801] malloc (_Size=0xfc) returned 0x31d72b8 [0252.801] malloc (_Size=0x40) returned 0x1d14e8 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] malloc (_Size=0xa5c) returned 0x31e40b0 [0252.801] malloc (_Size=0x40) returned 0x1d7470 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.801] GetCurrentThreadId () returned 0x1130 [0252.802] GetCurrentThreadId () returned 0x1130 [0252.802] GetCurrentThreadId () returned 0x1130 [0252.802] GetCurrentThreadId () returned 0x1130 [0252.802] GetCurrentThreadId () returned 0x1130 [0252.802] GetCurrentThreadId () returned 0x1130 [0252.802] GetCurrentThreadId () returned 0x1130 [0252.802] malloc (_Size=0xc) returned 0x31e1ca0 [0252.802] malloc (_Size=0x720) returned 0x31d2860 [0252.802] malloc (_Size=0xe3c) returned 0x1d9aa8 [0252.802] free (_Block=0x31d2860) [0252.802] malloc (_Size=0x15ac) returned 0x1da8f0 [0252.803] free (_Block=0x1d9aa8) [0252.803] malloc (_Size=0x23e4) returned 0x1dbea8 [0252.803] free (_Block=0x1da8f0) [0252.803] malloc (_Size=0x3274) returned 0x3a60048 [0252.803] free (_Block=0x1dbea8) [0252.803] malloc (_Size=0x4820) returned 0x1d9aa8 [0252.803] free (_Block=0x3a60048) [0252.803] malloc (_Size=0x64e4) returned 0x3a60048 [0252.803] free (_Block=0x1d9aa8) [0252.803] malloc (_Size=0x8920) returned 0x3a66538 [0252.804] free (_Block=0x3a60048) [0252.804] GetCurrentThreadId () returned 0x1130 [0252.804] GetCurrentThreadId () returned 0x1130 [0252.804] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] free (_Block=0x31e40b0) [0252.805] free (_Block=0x1d14e8) [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.805] GetCurrentThreadId () returned 0x1130 [0252.806] GetCurrentThreadId () returned 0x1130 [0252.806] GetCurrentThreadId () returned 0x1130 [0252.806] GetCurrentThreadId () returned 0x1130 [0252.806] GetCurrentThreadId () returned 0x1130 [0252.806] GetCurrentThreadId () returned 0x1130 [0252.806] GetCurrentThreadId () returned 0x1130 [0252.806] GetCurrentThreadId () returned 0x1130 [0252.806] GetCurrentThreadId () returned 0x1130 [0252.806] GetCurrentThreadId () returned 0x1130 [0252.806] free (_Block=0x3a66538) [0252.807] free (_Block=0x31e1ca0) [0252.807] free (_Block=0x1d7470) [0252.807] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c2008*, nNumberOfBytesToWrite=0x7be8, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c2008*, lpNumberOfBytesWritten=0x19fbbc*=0x7be8, lpOverlapped=0x0) returned 1 [0252.808] free (_Block=0x31d72b8) [0252.809] free (_Block=0x1d1338) [0252.809] CloseHandle (hObject=0x2b4) returned 1 [0252.809] CloseHandle (hObject=0x404) returned 1 [0252.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=8) returned 1 [0252.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=4) returned 1 [0252.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=8) returned 1 [0252.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=4) returned 1 [0252.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=8) returned 1 [0252.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=4) returned 1 [0252.809] SetLastError (dwErrCode=0x0) [0252.809] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", lpFilePart=0x19f9f8*="eventpage_bin_prod.js") returned 0x85 [0252.809] GetLastError () returned 0x0 [0252.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=8) returned 1 [0252.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=4) returned 1 [0252.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=8) returned 1 [0252.809] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=4) returned 1 [0252.809] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1")) returned 0x10 [0252.810] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js")) returned 1 [0252.811] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1c, wMilliseconds=0x308)) [0252.811] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0252.811] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.811] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0252.811] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.812] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0252.812] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0252.812] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0252.812] CloseHandle (hObject=0x404) returned 1 [0252.812] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventpage_bin_prod.js]omgp:[}QFz;LC!2lBh~5&2kwE292P!>H~^EYKP]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0252.812] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventpage_bin_prod.js]omgp:[}QFz;LC!2lBh~5&2kwE292P!>H~^EYKP]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0252.812] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventpage_bin_prod.js]omgp:[}QFz;LC!2lBh~5&2kwE292P!>H~^EYKP]", cchWideChar=67, lpMultiByteStr=0x2541be8, cbMultiByte=67, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[eventpage_bin_prod.js]omgp:[}QFz;LC!2lBh~5&2kwE292P!>H~^EYKP]", lpUsedDefaultChar=0x0) returned 67 [0252.820] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0252.820] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ=") returned 172 [0252.820] GetCurrentThreadId () returned 0x1130 [0252.820] GetCurrentThreadId () returned 0x1130 [0252.820] GetCurrentThreadId () returned 0x1130 [0252.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.821] SetLastError (dwErrCode=0x0) [0252.821] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320") returned 0xbb [0252.821] GetLastError () returned 0x0 [0252.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0252.821] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0252.821] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1")) returned 0x10 [0252.821] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].wannacash ncov v310320")) returned 0x20 [0252.821] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [626].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0252.850] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0252.850] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.850] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x7be8 [0252.850] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0252.851] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0252.851] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.851] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.851] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.851] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.851] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.851] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.851] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.851] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3") returned 197 [0252.851] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0252.851] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3") returned 197 [0252.851] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x7be8 [0252.851] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.851] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0252.851] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:6KRt1CIch5Yz30jRdqsXkVFtw20ASrS/wFOaqpRpehq4FdwRpQaKAaXNkVAT0NMLaD7q9xdoQXn7ejkC74y7RGhJmwx3eZRuy1PTZwFYOXuw+1PLU3FYlNrzR0RP0HqKQZ2bMPlpT7ECQkbsl3eqPbWuUW+8NOwt0XNX9gzIdzQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0252.851] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0252.852] CloseHandle (hObject=0x404) returned 1 [0252.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=8) returned 1 [0252.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=4) returned 1 [0252.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=8) returned 1 [0252.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=4) returned 1 [0252.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=8) returned 1 [0252.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=4) returned 1 [0252.852] SetLastError (dwErrCode=0x0) [0252.852] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", lpFilePart=0x19fa34*="eventpage_bin_prod.js") returned 0x85 [0252.852] GetLastError () returned 0x0 [0252.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=8) returned 1 [0252.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=4) returned 1 [0252.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=8) returned 1 [0252.852] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", cchCount2=4) returned 1 [0252.852] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1")) returned 0x10 [0252.852] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js")) returned 0 [0252.853] GetLastError () returned 0x2 [0252.853] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js")) returned 0xffffffff [0252.853] SetLastError (dwErrCode=0x2) [0252.853] GetLastError () returned 0x2 [0252.853] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0252.853] LocalFree (hMem=0x92fe20) returned 0x0 [0252.853] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0252.853] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0252.854] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\page_embed_script.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\page_embed_script.js")) returned 0x20 [0252.854] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34775990916) returned 1 [0252.854] GetCurrentThreadId () returned 0x1130 [0252.854] GetCurrentThreadId () returned 0x1130 [0252.854] GetCurrentThreadId () returned 0x1130 [0252.854] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="_ImxAY<`{3{*", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0253.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="E)6;vPU>NcEg{VNE({3{*", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0253.518] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="E)6;vPU>NcEg{VNE({3{*", cchWideChar=32, lpMultiByteStr=0x250f7b8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="E)6;vPU>NcEg{VNE({3{*", lpUsedDefaultChar=0x0) returned 32 [0253.518] GetCurrentThreadId () returned 0x1130 [0253.518] GetCurrentThreadId () returned 0x1130 [0253.518] GetCurrentThreadId () returned 0x1130 [0253.518] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0253.519] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0253.519] GetCurrentThreadId () returned 0x1130 [0253.519] GetCurrentThreadId () returned 0x1130 [0253.519] GetCurrentThreadId () returned 0x1130 [0253.519] GetCurrentThreadId () returned 0x1130 [0253.519] GetCurrentThreadId () returned 0x1130 [0253.519] GetCurrentThreadId () returned 0x1130 [0253.519] GetCurrentThreadId () returned 0x1130 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] malloc (_Size=0x64) returned 0x1d1338 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] GetCurrentThreadId () returned 0x1130 [0253.520] free (_Block=0x1d1338) [0253.520] malloc (_Size=0x60) returned 0x1d1338 [0253.521] free (_Block=0x1d1338) [0253.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0253.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x112dc [0253.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0253.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0253.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x112dc [0253.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0253.521] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x112dc, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x112dc, lpOverlapped=0x0) returned 1 [0253.582] malloc (_Size=0x8c) returned 0x1d1338 [0253.582] malloc (_Size=0xfc) returned 0x31d75d0 [0253.582] malloc (_Size=0x40) returned 0x1d14e8 [0253.582] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] malloc (_Size=0xa5c) returned 0x31e40b0 [0253.583] malloc (_Size=0x40) returned 0x1d7470 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] GetCurrentThreadId () returned 0x1130 [0253.583] malloc (_Size=0xc) returned 0x31e1d18 [0253.584] malloc (_Size=0x720) returned 0x31d2860 [0253.584] malloc (_Size=0xe3c) returned 0x1d9aa8 [0253.584] free (_Block=0x31d2860) [0253.584] malloc (_Size=0x15ac) returned 0x1da8f0 [0253.584] free (_Block=0x1d9aa8) [0253.584] malloc (_Size=0x23e4) returned 0x1dbea8 [0253.584] free (_Block=0x1da8f0) [0253.585] malloc (_Size=0x3274) returned 0x3a60048 [0253.585] free (_Block=0x1dbea8) [0253.585] malloc (_Size=0x4820) returned 0x1d9aa8 [0253.585] free (_Block=0x3a60048) [0253.585] malloc (_Size=0x64e4) returned 0x3a60048 [0253.585] free (_Block=0x1d9aa8) [0253.585] malloc (_Size=0x8920) returned 0x3a66538 [0253.586] free (_Block=0x3a60048) [0253.586] malloc (_Size=0xbb90) returned 0x3a6ee60 [0253.586] free (_Block=0x3a66538) [0253.588] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0253.589] free (_Block=0x3a6ee60) [0253.589] malloc (_Size=0x1533c) returned 0x3a60048 [0253.590] free (_Block=0x3a7a9f8) [0253.590] malloc (_Size=0x1c704) returned 0x3a75390 [0253.590] free (_Block=0x3a60048) [0253.590] GetCurrentThreadId () returned 0x1130 [0253.590] GetCurrentThreadId () returned 0x1130 [0253.590] GetCurrentThreadId () returned 0x1130 [0253.590] GetCurrentThreadId () returned 0x1130 [0253.590] GetCurrentThreadId () returned 0x1130 [0253.590] GetCurrentThreadId () returned 0x1130 [0253.590] GetCurrentThreadId () returned 0x1130 [0253.590] GetCurrentThreadId () returned 0x1130 [0253.590] GetCurrentThreadId () returned 0x1130 [0253.590] GetCurrentThreadId () returned 0x1130 [0253.590] GetCurrentThreadId () returned 0x1130 [0253.590] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] free (_Block=0x31e40b0) [0253.591] free (_Block=0x1d14e8) [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.591] GetCurrentThreadId () returned 0x1130 [0253.592] GetCurrentThreadId () returned 0x1130 [0253.592] GetCurrentThreadId () returned 0x1130 [0253.592] free (_Block=0x3a75390) [0253.592] free (_Block=0x31e1d18) [0253.592] free (_Block=0x1d7470) [0253.592] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d8e08*, nNumberOfBytesToWrite=0x17453, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d8e08*, lpNumberOfBytesWritten=0x19fbbc*=0x17453, lpOverlapped=0x0) returned 1 [0253.595] free (_Block=0x31d75d0) [0253.595] free (_Block=0x1d1338) [0253.595] CloseHandle (hObject=0x2b4) returned 1 [0253.596] CloseHandle (hObject=0x404) returned 1 [0253.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=8) returned 1 [0253.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=4) returned 1 [0253.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=8) returned 1 [0253.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=4) returned 1 [0253.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=8) returned 1 [0253.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=4) returned 1 [0253.596] SetLastError (dwErrCode=0x0) [0253.596] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", lpFilePart=0x19f9f8*="flapper.gif") returned 0x86 [0253.596] GetLastError () returned 0x0 [0253.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=8) returned 1 [0253.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=4) returned 1 [0253.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=8) returned 1 [0253.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=4) returned 1 [0253.596] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images")) returned 0x10 [0253.596] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif")) returned 1 [0253.597] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1d, wMilliseconds=0x22e)) [0253.597] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0253.598] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0253.598] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0253.598] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0253.598] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0253.598] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0253.598] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0253.598] CloseHandle (hObject=0x404) returned 1 [0253.598] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[flapper.gif]omgp:[E)6;vPU>NcEg{VNE({3{*]", cchWideChar=57, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 57 [0253.598] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[flapper.gif]omgp:[E)6;vPU>NcEg{VNE({3{*]", cchWideChar=57, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 57 [0253.598] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[flapper.gif]omgp:[E)6;vPU>NcEg{VNE({3{*]", cchWideChar=57, lpMultiByteStr=0x2516b60, cbMultiByte=57, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[flapper.gif]omgp:[E)6;vPU>NcEg{VNE({3{*]", lpUsedDefaultChar=0x0) returned 57 [0253.607] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0253.607] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14=") returned 172 [0253.607] GetCurrentThreadId () returned 0x1130 [0253.607] GetCurrentThreadId () returned 0x1130 [0253.607] GetCurrentThreadId () returned 0x1130 [0253.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0253.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0253.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0253.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0253.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0253.607] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0253.608] SetLastError (dwErrCode=0x0) [0253.608] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320") returned 0xc6 [0253.608] GetLastError () returned 0x0 [0253.608] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0253.608] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0253.608] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0253.608] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0253.608] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images")) returned 0x10 [0253.608] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].wannacash ncov v310320")) returned 0x20 [0253.608] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [632].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0253.608] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0253.608] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0253.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x17453 [0253.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0253.609] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0253.609] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.609] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.609] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0253.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.609] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0253.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0253.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3") returned 197 [0253.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0253.609] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3") returned 197 [0253.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x17453 [0253.609] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.609] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.609] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SKc6CztBHALgSj61rzaVF+q66WuPiVg3AsiSy+yl+9uo9OQ5xl7dW1cwhZYqXfrrtLjr//k5dp37SRBk5iTrHDX0wUPj44n3vcmTSEL0e8+fMS2wIHlS07sBzxubUed2AK5DsNjTqywSbs52OExEeeSe7WBBl1DJiW6WNNX2r14= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0253.609] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0253.610] CloseHandle (hObject=0x404) returned 1 [0253.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=8) returned 1 [0253.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=4) returned 1 [0253.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=8) returned 1 [0253.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=4) returned 1 [0253.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=8) returned 1 [0253.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=4) returned 1 [0253.610] SetLastError (dwErrCode=0x0) [0253.610] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", lpFilePart=0x19fa34*="flapper.gif") returned 0x86 [0253.610] GetLastError () returned 0x0 [0253.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=8) returned 1 [0253.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=4) returned 1 [0253.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=8) returned 1 [0253.610] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif", cchCount2=4) returned 1 [0253.610] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images")) returned 0x10 [0253.610] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif")) returned 0 [0253.611] GetLastError () returned 0x2 [0253.611] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\flapper.gif")) returned 0xffffffff [0253.611] SetLastError (dwErrCode=0x2) [0253.611] GetLastError () returned 0x2 [0253.611] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0253.611] LocalFree (hMem=0x92fe20) returned 0x0 [0253.611] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0253.611] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0253.611] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_128.png")) returned 0x20 [0253.612] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34851843765) returned 1 [0253.612] GetCurrentThreadId () returned 0x1130 [0253.612] GetCurrentThreadId () returned 0x1130 [0253.612] GetCurrentThreadId () returned 0x1130 [0253.612] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="S2j-di№,2y8y:&pP#g#`Lg6{Z<", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0253.708] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4O-~p8=aTa;$+k^\\AC6#V\"gi~E>№,2y8y:&pP#g#`Lg6{Z<", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0253.708] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4O-~p8=aTa;$+k^\\AC6#V\"gi~E>№,2y8y:&pP#g#`Lg6{Z<", cchWideChar=47, lpMultiByteStr=0x2533798, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4O-~p8=aTa;$+k^\\AC6#V\"gi~E>â\x84\x96,2y8y:&pP#g#`Lg6{Z<", lpUsedDefaultChar=0x0) returned 49 [0253.708] GetCurrentThreadId () returned 0x1130 [0253.708] GetCurrentThreadId () returned 0x1130 [0253.709] GetCurrentThreadId () returned 0x1130 [0253.709] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0253.709] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0253.709] GetCurrentThreadId () returned 0x1130 [0253.709] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] malloc (_Size=0x64) returned 0x1d1338 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] GetCurrentThreadId () returned 0x1130 [0253.710] free (_Block=0x1d1338) [0253.710] malloc (_Size=0x60) returned 0x1d1338 [0253.711] free (_Block=0x1d1338) [0253.711] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0253.711] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x22c [0253.711] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0253.711] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0253.711] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x22c [0253.711] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0253.711] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x22c, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x22c, lpOverlapped=0x0) returned 1 [0253.762] malloc (_Size=0x8c) returned 0x1d1338 [0253.762] malloc (_Size=0xfc) returned 0x31d78e8 [0253.762] malloc (_Size=0x40) returned 0x1d14e8 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] GetCurrentThreadId () returned 0x1130 [0253.762] malloc (_Size=0xa5c) returned 0x31e40b0 [0253.763] malloc (_Size=0x40) returned 0x1d7470 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] malloc (_Size=0xc) returned 0x31e1e50 [0253.763] malloc (_Size=0x414) returned 0x31e4b18 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.763] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] free (_Block=0x31e40b0) [0253.764] free (_Block=0x1d14e8) [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.764] GetCurrentThreadId () returned 0x1130 [0253.765] free (_Block=0x31e4b18) [0253.765] free (_Block=0x31e1e50) [0253.765] free (_Block=0x1d7470) [0253.765] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bdaf8*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bdaf8*, lpNumberOfBytesWritten=0x19fbbc*=0x30c, lpOverlapped=0x0) returned 1 [0253.766] free (_Block=0x31d78e8) [0253.766] free (_Block=0x1d1338) [0253.766] CloseHandle (hObject=0x2b4) returned 1 [0253.766] CloseHandle (hObject=0x404) returned 1 [0253.766] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=8) returned 1 [0253.766] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=4) returned 1 [0253.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=8) returned 1 [0253.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=4) returned 1 [0253.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=8) returned 1 [0253.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=4) returned 1 [0253.767] SetLastError (dwErrCode=0x0) [0253.767] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", lpFilePart=0x19f9f8*="icon_16.png") returned 0x86 [0253.767] GetLastError () returned 0x0 [0253.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=8) returned 1 [0253.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=4) returned 1 [0253.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=8) returned 1 [0253.767] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=4) returned 1 [0253.767] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images")) returned 0x10 [0253.767] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png")) returned 1 [0253.769] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1d, wMilliseconds=0x2da)) [0253.769] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0253.769] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0253.769] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0253.769] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0253.769] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0253.769] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0253.769] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0253.769] CloseHandle (hObject=0x404) returned 1 [0253.769] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[icon_16.png]omgp:[4O-~p8=aTa;$+k^\\AC6#V\"gi~E>№,2y8y:&pP#g#`Lg6{Z<]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0253.769] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[icon_16.png]omgp:[4O-~p8=aTa;$+k^\\AC6#V\"gi~E>№,2y8y:&pP#g#`Lg6{Z<]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0253.769] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[icon_16.png]omgp:[4O-~p8=aTa;$+k^\\AC6#V\"gi~E>№,2y8y:&pP#g#`Lg6{Z<]", cchWideChar=72, lpMultiByteStr=0x252c6b0, cbMultiByte=72, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[icon_16.png]omgp:[4O-~p8=aTa;$+k^\\AC6#V\"gi~E>?,2y8y:&pP#g#`Lg6{Z<]", lpUsedDefaultChar=0x0) returned 72 [0253.780] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0253.780] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI=") returned 172 [0253.780] GetCurrentThreadId () returned 0x1130 [0253.780] GetCurrentThreadId () returned 0x1130 [0253.780] GetCurrentThreadId () returned 0x1130 [0253.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0253.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0253.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0253.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0253.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0253.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0253.781] SetLastError (dwErrCode=0x0) [0253.781] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320") returned 0xc6 [0253.781] GetLastError () returned 0x0 [0253.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0253.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0253.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0253.781] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0253.781] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images")) returned 0x10 [0253.781] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].wannacash ncov v310320")) returned 0x20 [0253.781] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\Файл зашифрован. Пиши. Почта clubnika@elude.in [634].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0253.782] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0253.782] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0253.782] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x30c [0253.782] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0253.782] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0253.782] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.782] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.782] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0253.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.782] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0253.782] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0253.782] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3") returned 197 [0253.782] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0253.782] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3") returned 197 [0253.782] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x30c [0253.782] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.783] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0253.783] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:mOp/pEXnL2Z5CdMp0s5oT9QghemCkU73EkxW5IWKgzUSsBqn/uob1eASlF/T6RADsc+hcYU82J15bvZbLIanNN+0xVEIYsIdPGGJwp5ERCFx4PSuwXvYQHbO9pGCo1QZ3J4SKre8gajMmiK8NECidblSuzDr2PnxxOXtojd1jGI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0253.783] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0253.783] CloseHandle (hObject=0x404) returned 1 [0253.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=8) returned 1 [0253.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=4) returned 1 [0253.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=8) returned 1 [0253.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=4) returned 1 [0253.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=8) returned 1 [0253.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=4) returned 1 [0253.783] SetLastError (dwErrCode=0x0) [0253.783] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", lpFilePart=0x19fa34*="icon_16.png") returned 0x86 [0253.783] GetLastError () returned 0x0 [0253.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=8) returned 1 [0253.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=4) returned 1 [0253.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=8) returned 1 [0253.783] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png", cchCount2=4) returned 1 [0253.784] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images")) returned 0x10 [0253.784] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png")) returned 0 [0253.784] GetLastError () returned 0x2 [0253.784] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\icon_16.png")) returned 0xffffffff [0253.784] SetLastError (dwErrCode=0x2) [0253.784] GetLastError () returned 0x2 [0253.784] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0253.784] LocalFree (hMem=0x92fe20) returned 0x0 [0253.784] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0253.784] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0253.785] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.3_0\\images\\topbar_floating_button.png")) returned 0x20 [0253.785] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34869142932) returned 1 [0253.785] GetCurrentThreadId () returned 0x1130 [0253.785] GetCurrentThreadId () returned 0x1130 [0253.785] GetCurrentThreadId () returned 0x1130 [0253.785] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="{ufVa>qp,vpG№:&w=m.jJY&l*FOj", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0254.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4Hpze+pBkAnZd\"rb>№:&w=m.jJY&l*FOj", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0254.138] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4Hpze+pBkAnZd\"rb>№:&w=m.jJY&l*FOj", cchWideChar=33, lpMultiByteStr=0x250f7b8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4Hpze+pBkAnZd\"rb>â\x84\x96:&w=m.jJY&l*FOj", lpUsedDefaultChar=0x0) returned 35 [0254.138] GetCurrentThreadId () returned 0x1130 [0254.138] GetCurrentThreadId () returned 0x1130 [0254.138] GetCurrentThreadId () returned 0x1130 [0254.138] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.139] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.139] GetCurrentThreadId () returned 0x1130 [0254.140] malloc (_Size=0x64) returned 0x1d1338 [0254.140] GetCurrentThreadId () returned 0x1130 [0254.140] GetCurrentThreadId () returned 0x1130 [0254.140] GetCurrentThreadId () returned 0x1130 [0254.140] GetCurrentThreadId () returned 0x1130 [0254.140] GetCurrentThreadId () returned 0x1130 [0254.140] GetCurrentThreadId () returned 0x1130 [0254.140] free (_Block=0x1d1338) [0254.140] malloc (_Size=0x60) returned 0x1d1338 [0254.140] free (_Block=0x1d1338) [0254.140] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.140] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x180f [0254.140] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.140] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.140] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x180f [0254.141] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.141] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x180f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x180f, lpOverlapped=0x0) returned 1 [0254.186] malloc (_Size=0x8c) returned 0x1d1338 [0254.186] malloc (_Size=0xfc) returned 0x31d75d0 [0254.186] malloc (_Size=0x40) returned 0x1d14e8 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] malloc (_Size=0xa5c) returned 0x31e40b0 [0254.186] malloc (_Size=0x40) returned 0x1d7470 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.186] GetCurrentThreadId () returned 0x1130 [0254.187] GetCurrentThreadId () returned 0x1130 [0254.187] GetCurrentThreadId () returned 0x1130 [0254.187] GetCurrentThreadId () returned 0x1130 [0254.187] GetCurrentThreadId () returned 0x1130 [0254.187] GetCurrentThreadId () returned 0x1130 [0254.187] GetCurrentThreadId () returned 0x1130 [0254.187] GetCurrentThreadId () returned 0x1130 [0254.187] GetCurrentThreadId () returned 0x1130 [0254.187] GetCurrentThreadId () returned 0x1130 [0254.187] GetCurrentThreadId () returned 0x1130 [0254.187] malloc (_Size=0xc) returned 0x31e1e20 [0254.187] malloc (_Size=0x720) returned 0x31d2860 [0254.187] malloc (_Size=0xe3c) returned 0x1d9aa8 [0254.188] free (_Block=0x31d2860) [0254.188] malloc (_Size=0x15ac) returned 0x1da8f0 [0254.188] free (_Block=0x1d9aa8) [0254.188] malloc (_Size=0x23e4) returned 0x1dbea8 [0254.188] free (_Block=0x1da8f0) [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.188] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] free (_Block=0x31e40b0) [0254.189] free (_Block=0x1d14e8) [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] GetCurrentThreadId () returned 0x1130 [0254.189] free (_Block=0x1dbea8) [0254.190] free (_Block=0x31e1e20) [0254.190] free (_Block=0x1d7470) [0254.190] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b9908*, nNumberOfBytesToWrite=0x20ad, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b9908*, lpNumberOfBytesWritten=0x19fbbc*=0x20ad, lpOverlapped=0x0) returned 1 [0254.191] free (_Block=0x31d75d0) [0254.191] free (_Block=0x1d1338) [0254.191] CloseHandle (hObject=0x2b4) returned 1 [0254.191] CloseHandle (hObject=0x404) returned 1 [0254.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=8) returned 1 [0254.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=4) returned 1 [0254.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=8) returned 1 [0254.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=4) returned 1 [0254.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=8) returned 1 [0254.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=4) returned 1 [0254.192] SetLastError (dwErrCode=0x0) [0254.192] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", lpFilePart=0x19f9f8*="128.png") returned 0x77 [0254.192] GetLastError () returned 0x0 [0254.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=8) returned 1 [0254.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=4) returned 1 [0254.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=8) returned 1 [0254.192] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=4) returned 1 [0254.192] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0")) returned 0x10 [0254.192] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png")) returned 1 [0254.194] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1e, wMilliseconds=0x97)) [0254.194] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0254.194] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.194] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0254.194] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0254.194] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0254.194] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0254.194] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0254.194] CloseHandle (hObject=0x404) returned 1 [0254.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[4Hpze+pBkAnZd\"rb>№:&w=m.jJY&l*FOj]", cchWideChar=54, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0254.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[4Hpze+pBkAnZd\"rb>№:&w=m.jJY&l*FOj]", cchWideChar=54, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0254.194] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[128.png]omgp:[4Hpze+pBkAnZd\"rb>№:&w=m.jJY&l*FOj]", cchWideChar=54, lpMultiByteStr=0x2516a88, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[128.png]omgp:[4Hpze+pBkAnZd\"rb>?:&w=m.jJY&l*FOj]", lpUsedDefaultChar=0x0) returned 54 [0254.203] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0254.203] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM=") returned 172 [0254.203] GetCurrentThreadId () returned 0x1130 [0254.203] GetCurrentThreadId () returned 0x1130 [0254.203] GetCurrentThreadId () returned 0x1130 [0254.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.203] SetLastError (dwErrCode=0x0) [0254.204] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320") returned 0xbb [0254.204] GetLastError () returned 0x0 [0254.204] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.204] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.204] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.204] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.204] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0")) returned 0x10 [0254.204] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].wannacash ncov v310320")) returned 0x20 [0254.204] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [640].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0254.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0254.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x20ad [0254.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0254.205] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0254.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0254.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3") returned 197 [0254.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0254.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3") returned 197 [0254.205] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x20ad [0254.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:E3RIRkd+g6HlFwbjz3kCJ87mX13mk0CZolGhLHRKvpdAQoXu6U9Vo2HkTve3kjtU6ibYXMLJTBlHtMPHsrhh2cf7ugppMlG5RYhsuVLBeX9Rm1xgQ/KgKy9AHxvqiJKISJj1ApWJO7uMy0RqX7exZvFD/pP4/QsEPNgksT4gRGM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.205] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0254.205] CloseHandle (hObject=0x404) returned 1 [0254.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=8) returned 1 [0254.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=4) returned 1 [0254.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=8) returned 1 [0254.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=4) returned 1 [0254.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=8) returned 1 [0254.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=4) returned 1 [0254.206] SetLastError (dwErrCode=0x0) [0254.206] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", lpFilePart=0x19fa34*="128.png") returned 0x77 [0254.206] GetLastError () returned 0x0 [0254.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=8) returned 1 [0254.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=4) returned 1 [0254.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=8) returned 1 [0254.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", cchCount2=4) returned 1 [0254.206] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0")) returned 0x10 [0254.206] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png")) returned 0 [0254.206] GetLastError () returned 0x2 [0254.206] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png")) returned 0xffffffff [0254.206] SetLastError (dwErrCode=0x2) [0254.206] GetLastError () returned 0x2 [0254.207] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0254.207] LocalFree (hMem=0x92fe20) returned 0x0 [0254.207] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0254.207] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0254.207] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js")) returned 0x20 [0254.207] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34911362735) returned 1 [0254.208] GetCurrentThreadId () returned 0x1130 [0254.208] GetCurrentThreadId () returned 0x1130 [0254.208] GetCurrentThreadId () returned 0x1130 [0254.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="L(,**!@Np.@6t$\"zo?h6/\\)qB&*KE|", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0254.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="L(,**!@Np.@6t$\"zo?h6/\\)qB&*KE|", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0254.208] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="L(,**!@Np.@6t$\"zo?h6/\\)qB&*KE|", cchWideChar=30, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="L(,**!@Np.@6t$\"zo?h6/\\)qB&*KE|", lpUsedDefaultChar=0x0) returned 30 [0254.208] GetCurrentThreadId () returned 0x1130 [0254.208] GetCurrentThreadId () returned 0x1130 [0254.208] GetCurrentThreadId () returned 0x1130 [0254.208] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.208] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] malloc (_Size=0x64) returned 0x1d1338 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] GetCurrentThreadId () returned 0x1130 [0254.209] free (_Block=0x1d1338) [0254.209] malloc (_Size=0x60) returned 0x1d1338 [0254.210] free (_Block=0x1d1338) [0254.210] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.210] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8edf5 [0254.210] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.210] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fe20000 [0254.220] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.220] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8edf5 [0254.220] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.220] ReadFile (in: hFile=0x404, lpBuffer=0x7fe20018, nNumberOfBytesToRead=0x8edf5, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fe20018*, lpNumberOfBytesRead=0x19fbc8*=0x8edf5, lpOverlapped=0x0) returned 1 [0254.277] malloc (_Size=0x8c) returned 0x1d1338 [0254.277] malloc (_Size=0xfc) returned 0x31d77e0 [0254.277] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd90000 [0254.285] malloc (_Size=0x40) returned 0x1d14e8 [0254.285] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] malloc (_Size=0xa5c) returned 0x31e40b0 [0254.286] malloc (_Size=0x40) returned 0x1d7470 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] GetCurrentThreadId () returned 0x1130 [0254.286] malloc (_Size=0xc) returned 0x31e1d18 [0254.286] malloc (_Size=0x720) returned 0x31d2860 [0254.286] malloc (_Size=0xe3c) returned 0x1d9aa8 [0254.287] free (_Block=0x31d2860) [0254.287] malloc (_Size=0x15ac) returned 0x1da8f0 [0254.287] free (_Block=0x1d9aa8) [0254.287] malloc (_Size=0x23e4) returned 0x1dbea8 [0254.287] free (_Block=0x1da8f0) [0254.287] malloc (_Size=0x3274) returned 0x3a60048 [0254.287] free (_Block=0x1dbea8) [0254.287] malloc (_Size=0x4820) returned 0x1d9aa8 [0254.287] free (_Block=0x3a60048) [0254.287] malloc (_Size=0x64e4) returned 0x3a60048 [0254.288] free (_Block=0x1d9aa8) [0254.288] malloc (_Size=0x8920) returned 0x3a66538 [0254.288] free (_Block=0x3a60048) [0254.288] malloc (_Size=0xbb90) returned 0x3a6ee60 [0254.288] free (_Block=0x3a66538) [0254.288] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0254.289] free (_Block=0x3a6ee60) [0254.289] malloc (_Size=0x1533c) returned 0x3a60048 [0254.289] free (_Block=0x3a7a9f8) [0254.289] malloc (_Size=0x1c704) returned 0x3a75390 [0254.289] free (_Block=0x3a60048) [0254.289] malloc (_Size=0x265c8) returned 0x3a91aa0 [0254.289] free (_Block=0x3a75390) [0254.289] malloc (_Size=0x33758) returned 0x31e4b18 [0254.292] free (_Block=0x3a91aa0) [0254.292] malloc (_Size=0x45104) returned 0x3a60048 [0254.292] free (_Block=0x31e4b18) [0254.293] malloc (_Size=0x5c874) returned 0x31e4b18 [0254.295] free (_Block=0x3a60048) [0254.296] malloc (_Size=0x7bac8) returned 0x3a60048 [0254.296] free (_Block=0x31e4b18) [0254.299] malloc (_Size=0xa5358) returned 0xa0f020 [0254.303] free (_Block=0x3a60048) [0254.304] malloc (_Size=0xdcbac) returned 0x2d1a020 [0254.362] free (_Block=0xa0f020) [0254.367] VirtualAlloc (lpAddress=0x0, dwSize=0xd0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fcc0000 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] free (_Block=0x31e40b0) [0254.382] free (_Block=0x1d14e8) [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.382] GetCurrentThreadId () returned 0x1130 [0254.383] GetCurrentThreadId () returned 0x1130 [0254.383] GetCurrentThreadId () returned 0x1130 [0254.383] GetCurrentThreadId () returned 0x1130 [0254.383] GetCurrentThreadId () returned 0x1130 [0254.383] GetCurrentThreadId () returned 0x1130 [0254.384] free (_Block=0x2d1a020) [0254.389] free (_Block=0x31e1d18) [0254.389] free (_Block=0x1d7470) [0254.389] WriteFile (in: hFile=0x2b4, lpBuffer=0x7fcc0018*, nNumberOfBytesToWrite=0xc17b9, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fcc0018*, lpNumberOfBytesWritten=0x19fbbc*=0xc17b9, lpOverlapped=0x0) returned 1 [0254.453] free (_Block=0x31d77e0) [0254.453] free (_Block=0x1d1338) [0254.453] VirtualFree (lpAddress=0x7fcc0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.457] VirtualFree (lpAddress=0x7fd90000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.460] VirtualFree (lpAddress=0x7fe20000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0254.460] CloseHandle (hObject=0x2b4) returned 1 [0254.460] CloseHandle (hObject=0x404) returned 1 [0254.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=8) returned 1 [0254.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=4) returned 1 [0254.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=8) returned 1 [0254.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=4) returned 1 [0254.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=8) returned 1 [0254.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=4) returned 1 [0254.460] SetLastError (dwErrCode=0x0) [0254.461] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", lpFilePart=0x19f9f8*="angular.js") returned 0x83 [0254.461] GetLastError () returned 0x0 [0254.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=8) returned 1 [0254.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=4) returned 1 [0254.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=8) returned 1 [0254.461] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=4) returned 1 [0254.461] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.461] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js")) returned 1 [0254.467] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1e, wMilliseconds=0x1b1)) [0254.467] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0254.467] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0254.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0254.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0254.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0254.468] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0254.468] CloseHandle (hObject=0x404) returned 1 [0254.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[angular.js]omgp:[L(,**!@Np.@6t$\"zo?h6/\\)qB&*KE|]", cchWideChar=54, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0254.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[angular.js]omgp:[L(,**!@Np.@6t$\"zo?h6/\\)qB&*KE|]", cchWideChar=54, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0254.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[angular.js]omgp:[L(,**!@Np.@6t$\"zo?h6/\\)qB&*KE|]", cchWideChar=54, lpMultiByteStr=0x2516ad0, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[angular.js]omgp:[L(,**!@Np.@6t$\"zo?h6/\\)qB&*KE|]", lpUsedDefaultChar=0x0) returned 54 [0254.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0254.474] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA=") returned 172 [0254.474] GetCurrentThreadId () returned 0x1130 [0254.474] GetCurrentThreadId () returned 0x1130 [0254.474] GetCurrentThreadId () returned 0x1130 [0254.474] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.474] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.474] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.474] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.474] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.474] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.474] SetLastError (dwErrCode=0x0) [0254.474] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320") returned 0xc4 [0254.474] GetLastError () returned 0x0 [0254.474] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.474] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.475] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.475] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.475] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.475] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].wannacash ncov v310320")) returned 0x20 [0254.475] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [641].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.475] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0254.475] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0254.475] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xc17b9 [0254.475] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0254.475] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0254.475] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.475] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.475] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.476] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.476] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0254.476] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3") returned 197 [0254.476] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0254.476] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3") returned 197 [0254.476] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xc17b9 [0254.476] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.476] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.476] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:KRoPS6icOuCjG9Y9JlS5pYZRt4OwT1egNdbxQz6vxtrTQBxqPtBQQmW9awjB2qMjmuaHr98t4YALh4kFFxQjxnLyh2c0iJjkIGKXB3dhGTBd9W1E5YuF3A8XOEYmleoTTyiyt7jb3KdKSUHB9vptnNlghWShC+s+kUU2lsWsiUA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.476] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0254.476] CloseHandle (hObject=0x404) returned 1 [0254.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=8) returned 1 [0254.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=4) returned 1 [0254.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=8) returned 1 [0254.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=4) returned 1 [0254.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=8) returned 1 [0254.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=4) returned 1 [0254.476] SetLastError (dwErrCode=0x0) [0254.476] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", lpFilePart=0x19fa34*="angular.js") returned 0x83 [0254.476] GetLastError () returned 0x0 [0254.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=8) returned 1 [0254.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=4) returned 1 [0254.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=8) returned 1 [0254.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js", cchCount2=4) returned 1 [0254.477] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.477] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js")) returned 0 [0254.477] GetLastError () returned 0x2 [0254.477] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\angular.js")) returned 0xffffffff [0254.477] SetLastError (dwErrCode=0x2) [0254.477] GetLastError () returned 0x2 [0254.477] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0254.477] LocalFree (hMem=0x92fe20) returned 0x0 [0254.477] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0254.478] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0254.478] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js")) returned 0x20 [0254.478] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34938450862) returned 1 [0254.478] GetCurrentThreadId () returned 0x1130 [0254.478] GetCurrentThreadId () returned 0x1130 [0254.478] GetCurrentThreadId () returned 0x1130 [0254.479] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cSr+haz+8euW%l,C-xFf~L^\"us\"W.j`V^dzSq$bFpGy", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0254.479] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cSr+haz+8euW%l,C-xFf~L^\"us\"W.j`V^dzSq$bFpGy", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0254.479] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="cSr+haz+8euW%l,C-xFf~L^\"us\"W.j`V^dzSq$bFpGy", cchWideChar=43, lpMultiByteStr=0x2525040, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cSr+haz+8euW%l,C-xFf~L^\"us\"W.j`V^dzSq$bFpGy", lpUsedDefaultChar=0x0) returned 43 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.479] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.479] GetCurrentThreadId () returned 0x1130 [0254.480] GetCurrentThreadId () returned 0x1130 [0254.480] GetCurrentThreadId () returned 0x1130 [0254.480] malloc (_Size=0x64) returned 0x1d1338 [0254.480] GetCurrentThreadId () returned 0x1130 [0254.480] GetCurrentThreadId () returned 0x1130 [0254.480] GetCurrentThreadId () returned 0x1130 [0254.480] GetCurrentThreadId () returned 0x1130 [0254.480] GetCurrentThreadId () returned 0x1130 [0254.480] GetCurrentThreadId () returned 0x1130 [0254.480] free (_Block=0x1d1338) [0254.480] malloc (_Size=0x60) returned 0x1d1338 [0254.480] free (_Block=0x1d1338) [0254.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x665 [0254.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x665 [0254.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.480] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x665, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x665, lpOverlapped=0x0) returned 1 [0254.527] malloc (_Size=0x8c) returned 0x1d1338 [0254.527] malloc (_Size=0xfc) returned 0x31d71b0 [0254.527] malloc (_Size=0x40) returned 0x1d14e8 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.527] GetCurrentThreadId () returned 0x1130 [0254.528] malloc (_Size=0xa5c) returned 0x31e40b0 [0254.528] malloc (_Size=0x40) returned 0x1d7470 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] GetCurrentThreadId () returned 0x1130 [0254.528] malloc (_Size=0xc) returned 0x31e1dc0 [0254.528] malloc (_Size=0x720) returned 0x31d2860 [0254.528] malloc (_Size=0xb84) returned 0x1d9aa8 [0254.529] free (_Block=0x31d2860) [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] GetCurrentThreadId () returned 0x1130 [0254.529] free (_Block=0x31e40b0) [0254.530] free (_Block=0x1d14e8) [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] GetCurrentThreadId () returned 0x1130 [0254.530] free (_Block=0x1d9aa8) [0254.531] free (_Block=0x31e1dc0) [0254.531] free (_Block=0x1d7470) [0254.531] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c66f8*, nNumberOfBytesToWrite=0x8cf, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c66f8*, lpNumberOfBytesWritten=0x19fbbc*=0x8cf, lpOverlapped=0x0) returned 1 [0254.532] free (_Block=0x31d71b0) [0254.532] free (_Block=0x1d1338) [0254.532] CloseHandle (hObject=0x2b4) returned 1 [0254.533] CloseHandle (hObject=0x404) returned 1 [0254.533] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=8) returned 1 [0254.533] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=4) returned 1 [0254.533] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=8) returned 1 [0254.533] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=4) returned 1 [0254.533] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=8) returned 1 [0254.533] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=4) returned 1 [0254.533] SetLastError (dwErrCode=0x0) [0254.533] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", lpFilePart=0x19f9f8*="background_script.js") returned 0x8d [0254.533] GetLastError () returned 0x0 [0254.533] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=8) returned 1 [0254.533] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=4) returned 1 [0254.533] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=8) returned 1 [0254.533] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=4) returned 1 [0254.533] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.534] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js")) returned 1 [0254.535] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1e, wMilliseconds=0x1ef)) [0254.535] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0254.535] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.535] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0254.535] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0254.535] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0254.536] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0254.536] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0254.536] CloseHandle (hObject=0x404) returned 1 [0254.536] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[background_script.js]omgp:[cSr+haz+8euW%l,C-xFf~L^\"us\"W.j`V^dzSq$bFpGy]", cchWideChar=77, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0254.536] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[background_script.js]omgp:[cSr+haz+8euW%l,C-xFf~L^\"us\"W.j`V^dzSq$bFpGy]", cchWideChar=77, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0254.536] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[background_script.js]omgp:[cSr+haz+8euW%l,C-xFf~L^\"us\"W.j`V^dzSq$bFpGy]", cchWideChar=77, lpMultiByteStr=0x251e0e8, cbMultiByte=77, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[background_script.js]omgp:[cSr+haz+8euW%l,C-xFf~L^\"us\"W.j`V^dzSq$bFpGy]", lpUsedDefaultChar=0x0) returned 77 [0254.546] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0254.546] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A=") returned 172 [0254.546] GetCurrentThreadId () returned 0x1130 [0254.546] GetCurrentThreadId () returned 0x1130 [0254.546] GetCurrentThreadId () returned 0x1130 [0254.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.546] SetLastError (dwErrCode=0x0) [0254.546] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320") returned 0xc4 [0254.546] GetLastError () returned 0x0 [0254.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.546] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.547] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].wannacash ncov v310320")) returned 0x20 [0254.547] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [642].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0254.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0254.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x8cf [0254.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0254.547] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0254.547] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.547] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.547] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.547] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.548] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.548] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.548] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0254.548] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3") returned 197 [0254.548] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0254.548] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3") returned 197 [0254.548] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x8cf [0254.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:QTle4rsplLtjAegzR6Tgs0kZ1CLG4ax3CNPY39st4GOWkRsUFgBe/qxAUMoQzjiO12pXC7ANom88BwciNzlYrUk3k6VOgUlmRNfaffGOnM85QBK5aa9o68vL9KFIWM5oGtA9zdy4hQSi3RRm3SKlXemi7goJf77GA0B5xWhu/0A= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.548] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0254.548] CloseHandle (hObject=0x404) returned 1 [0254.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=8) returned 1 [0254.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=4) returned 1 [0254.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=8) returned 1 [0254.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=4) returned 1 [0254.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=8) returned 1 [0254.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=4) returned 1 [0254.549] SetLastError (dwErrCode=0x0) [0254.549] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", lpFilePart=0x19fa34*="background_script.js") returned 0x8d [0254.549] GetLastError () returned 0x0 [0254.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=8) returned 1 [0254.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=4) returned 1 [0254.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=8) returned 1 [0254.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js", cchCount2=4) returned 1 [0254.549] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.549] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js")) returned 0 [0254.549] GetLastError () returned 0x2 [0254.549] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\background_script.js")) returned 0xffffffff [0254.549] SetLastError (dwErrCode=0x2) [0254.549] GetLastError () returned 0x2 [0254.549] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0254.549] LocalFree (hMem=0x92fe20) returned 0x0 [0254.549] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0254.550] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0254.550] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js")) returned 0x20 [0254.551] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34945711077) returned 1 [0254.551] GetCurrentThreadId () returned 0x1130 [0254.551] GetCurrentThreadId () returned 0x1130 [0254.551] GetCurrentThreadId () returned 0x1130 [0254.551] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gGmH@~Rc&cUTl8Z?F$(RAx.pMD7/O", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0254.551] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gGmH@~Rc&cUTl8Z?F$(RAx.pMD7/O", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0254.551] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="gGmH@~Rc&cUTl8Z?F$(RAx.pMD7/O", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gGmH@~Rc&cUTl8Z?F$(RAx.pMD7/O", lpUsedDefaultChar=0x0) returned 29 [0254.551] GetCurrentThreadId () returned 0x1130 [0254.551] GetCurrentThreadId () returned 0x1130 [0254.551] GetCurrentThreadId () returned 0x1130 [0254.551] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.552] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.552] GetCurrentThreadId () returned 0x1130 [0254.553] malloc (_Size=0x64) returned 0x1d1338 [0254.553] GetCurrentThreadId () returned 0x1130 [0254.553] GetCurrentThreadId () returned 0x1130 [0254.553] GetCurrentThreadId () returned 0x1130 [0254.553] GetCurrentThreadId () returned 0x1130 [0254.553] GetCurrentThreadId () returned 0x1130 [0254.553] GetCurrentThreadId () returned 0x1130 [0254.553] free (_Block=0x1d1338) [0254.553] malloc (_Size=0x60) returned 0x1d1338 [0254.553] free (_Block=0x1d1338) [0254.553] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.553] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x28d7c [0254.553] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.553] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x28d7c [0254.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.554] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x28d7c, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x28d7c, lpOverlapped=0x0) returned 1 [0254.557] malloc (_Size=0x8c) returned 0x1d1338 [0254.557] malloc (_Size=0xfc) returned 0x31d72b8 [0254.557] malloc (_Size=0x40) returned 0x1d14e8 [0254.557] GetCurrentThreadId () returned 0x1130 [0254.557] GetCurrentThreadId () returned 0x1130 [0254.557] GetCurrentThreadId () returned 0x1130 [0254.557] GetCurrentThreadId () returned 0x1130 [0254.557] GetCurrentThreadId () returned 0x1130 [0254.557] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] malloc (_Size=0xa5c) returned 0x31e40b0 [0254.558] malloc (_Size=0x40) returned 0x1d7470 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] GetCurrentThreadId () returned 0x1130 [0254.558] malloc (_Size=0xc) returned 0x31e1ee0 [0254.558] malloc (_Size=0x720) returned 0x31d2860 [0254.558] malloc (_Size=0xe3c) returned 0x1d9aa8 [0254.559] free (_Block=0x31d2860) [0254.559] malloc (_Size=0x15ac) returned 0x1da8f0 [0254.559] free (_Block=0x1d9aa8) [0254.559] malloc (_Size=0x23e4) returned 0x1dbea8 [0254.559] free (_Block=0x1da8f0) [0254.559] malloc (_Size=0x3274) returned 0x3a60048 [0254.560] free (_Block=0x1dbea8) [0254.560] malloc (_Size=0x4820) returned 0x1d9aa8 [0254.560] free (_Block=0x3a60048) [0254.560] malloc (_Size=0x64e4) returned 0x3a60048 [0254.560] free (_Block=0x1d9aa8) [0254.560] malloc (_Size=0x8920) returned 0x3a66538 [0254.561] free (_Block=0x3a60048) [0254.562] malloc (_Size=0xbb90) returned 0x3a6ee60 [0254.562] free (_Block=0x3a66538) [0254.563] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0254.563] free (_Block=0x3a6ee60) [0254.564] malloc (_Size=0x1533c) returned 0x3a60048 [0254.564] free (_Block=0x3a7a9f8) [0254.564] malloc (_Size=0x1c704) returned 0x3a75390 [0254.564] free (_Block=0x3a60048) [0254.564] malloc (_Size=0x265c8) returned 0x3a91aa0 [0254.566] free (_Block=0x3a75390) [0254.566] malloc (_Size=0x33758) returned 0x31e4b18 [0254.569] free (_Block=0x3a91aa0) [0254.570] malloc (_Size=0x45104) returned 0x3a60048 [0254.708] free (_Block=0x31e4b18) [0254.708] GetCurrentThreadId () returned 0x1130 [0254.708] GetCurrentThreadId () returned 0x1130 [0254.708] GetCurrentThreadId () returned 0x1130 [0254.708] GetCurrentThreadId () returned 0x1130 [0254.708] GetCurrentThreadId () returned 0x1130 [0254.708] GetCurrentThreadId () returned 0x1130 [0254.708] GetCurrentThreadId () returned 0x1130 [0254.708] GetCurrentThreadId () returned 0x1130 [0254.708] GetCurrentThreadId () returned 0x1130 [0254.708] GetCurrentThreadId () returned 0x1130 [0254.708] GetCurrentThreadId () returned 0x1130 [0254.708] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] free (_Block=0x31e40b0) [0254.709] free (_Block=0x1d14e8) [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.709] GetCurrentThreadId () returned 0x1130 [0254.710] GetCurrentThreadId () returned 0x1130 [0254.710] free (_Block=0x3a60048) [0254.710] free (_Block=0x31e1ee0) [0254.710] free (_Block=0x1d7470) [0254.710] WriteFile (in: hFile=0x2b4, lpBuffer=0x3a08408*, nNumberOfBytesToWrite=0x3750a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x3a08408*, lpNumberOfBytesWritten=0x19fbbc*=0x3750a, lpOverlapped=0x0) returned 1 [0254.713] free (_Block=0x31d72b8) [0254.713] free (_Block=0x1d1338) [0254.714] CloseHandle (hObject=0x2b4) returned 1 [0254.714] CloseHandle (hObject=0x404) returned 1 [0254.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=8) returned 1 [0254.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=4) returned 1 [0254.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=8) returned 1 [0254.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=4) returned 1 [0254.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=8) returned 1 [0254.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=4) returned 1 [0254.714] SetLastError (dwErrCode=0x0) [0254.714] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", lpFilePart=0x19f9f8*="cast_game_sender.js") returned 0x8c [0254.714] GetLastError () returned 0x0 [0254.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=8) returned 1 [0254.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=4) returned 1 [0254.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=8) returned 1 [0254.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=4) returned 1 [0254.714] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.715] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js")) returned 1 [0254.718] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1e, wMilliseconds=0x2ab)) [0254.718] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0254.718] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.718] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0254.718] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0254.718] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0254.718] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0254.718] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0254.720] CloseHandle (hObject=0x404) returned 1 [0254.720] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cast_game_sender.js]omgp:[gGmH@~Rc&cUTl8Z?F$(RAx.pMD7/O]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0254.720] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cast_game_sender.js]omgp:[gGmH@~Rc&cUTl8Z?F$(RAx.pMD7/O]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0254.720] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cast_game_sender.js]omgp:[gGmH@~Rc&cUTl8Z?F$(RAx.pMD7/O]", cchWideChar=62, lpMultiByteStr=0x2541be8, cbMultiByte=62, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[cast_game_sender.js]omgp:[gGmH@~Rc&cUTl8Z?F$(RAx.pMD7/O]", lpUsedDefaultChar=0x0) returned 62 [0254.730] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0254.730] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA=") returned 172 [0254.730] GetCurrentThreadId () returned 0x1130 [0254.730] GetCurrentThreadId () returned 0x1130 [0254.730] GetCurrentThreadId () returned 0x1130 [0254.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.730] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.730] SetLastError (dwErrCode=0x0) [0254.731] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320") returned 0xc4 [0254.731] GetLastError () returned 0x0 [0254.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.731] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.731] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.731] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].wannacash ncov v310320")) returned 0x20 [0254.731] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [643].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.732] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0254.732] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0254.732] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x3750a [0254.732] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0254.732] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0254.732] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.732] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.732] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.732] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.732] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.732] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.732] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0254.732] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3") returned 197 [0254.732] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0254.732] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3") returned 197 [0254.733] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x3750a [0254.733] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.733] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.733] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zSjjoWA/k7OgWFNNgByE8l6ulY2Xh1z8nKA2EFKivW6j2PB6tDSHcXBu7DGbqBpuGWVt9JQ4SKARFljx95rzQLOdZkL9YRycBjAqWd4w9usllPcgMGKr8meutNrW1h1WE5hctr+Dycq5dTioUtekXz/tRQHrqxS7iRS/+1ccMxA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.733] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0254.733] CloseHandle (hObject=0x404) returned 1 [0254.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=8) returned 1 [0254.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=4) returned 1 [0254.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=8) returned 1 [0254.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=4) returned 1 [0254.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=8) returned 1 [0254.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=4) returned 1 [0254.733] SetLastError (dwErrCode=0x0) [0254.733] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", lpFilePart=0x19fa34*="cast_game_sender.js") returned 0x8c [0254.734] GetLastError () returned 0x0 [0254.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=8) returned 1 [0254.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=4) returned 1 [0254.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=8) returned 1 [0254.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js", cchCount2=4) returned 1 [0254.734] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.734] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js")) returned 0 [0254.734] GetLastError () returned 0x2 [0254.734] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_game_sender.js")) returned 0xffffffff [0254.734] SetLastError (dwErrCode=0x2) [0254.734] GetLastError () returned 0x2 [0254.734] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0254.734] LocalFree (hMem=0x92fe20) returned 0x0 [0254.734] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0254.735] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0254.735] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html")) returned 0x20 [0254.735] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34964132098) returned 1 [0254.735] GetCurrentThreadId () returned 0x1130 [0254.735] GetCurrentThreadId () returned 0x1130 [0254.735] GetCurrentThreadId () returned 0x1130 [0254.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="W9(uCfsLs?i-/w^5Ps#P@|%Flz\\^A!8ey+vUQ*R№Y№7№z{%1", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0254.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="W9(uCfsLs?i-/w^5Ps#P@|%Flz\\^A!8ey+vUQ*R№Y№7№z{%1", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0254.736] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="W9(uCfsLs?i-/w^5Ps#P@|%Flz\\^A!8ey+vUQ*R№Y№7№z{%1", cchWideChar=48, lpMultiByteStr=0x2516968, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="W9(uCfsLs?i-/w^5Ps#P@|%Flz\\^A!8ey+vUQ*Râ\x84\x96Yâ\x84\x967â\x84\x96z{%1", lpUsedDefaultChar=0x0) returned 54 [0254.736] GetCurrentThreadId () returned 0x1130 [0254.736] GetCurrentThreadId () returned 0x1130 [0254.736] GetCurrentThreadId () returned 0x1130 [0254.736] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.736] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] GetCurrentThreadId () returned 0x1130 [0254.737] malloc (_Size=0x64) returned 0x1d1338 [0254.738] GetCurrentThreadId () returned 0x1130 [0254.738] GetCurrentThreadId () returned 0x1130 [0254.738] GetCurrentThreadId () returned 0x1130 [0254.738] GetCurrentThreadId () returned 0x1130 [0254.738] GetCurrentThreadId () returned 0x1130 [0254.738] GetCurrentThreadId () returned 0x1130 [0254.738] free (_Block=0x1d1338) [0254.738] malloc (_Size=0x60) returned 0x1d1338 [0254.738] free (_Block=0x1d1338) [0254.738] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.738] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x119b1 [0254.738] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.738] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.738] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x119b1 [0254.738] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0254.739] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x119b1, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x119b1, lpOverlapped=0x0) returned 1 [0254.807] malloc (_Size=0x8c) returned 0x1d1338 [0254.807] malloc (_Size=0xfc) returned 0x31d7c00 [0254.808] malloc (_Size=0x40) returned 0x1d14e8 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] GetCurrentThreadId () returned 0x1130 [0254.808] malloc (_Size=0xa5c) returned 0x1d9aa8 [0254.809] malloc (_Size=0x40) returned 0x1d7470 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.809] GetCurrentThreadId () returned 0x1130 [0254.810] malloc (_Size=0xc) returned 0x31e1d18 [0254.810] malloc (_Size=0x720) returned 0x31d2860 [0254.810] malloc (_Size=0xe3c) returned 0x1da510 [0254.810] free (_Block=0x31d2860) [0254.810] malloc (_Size=0x15ac) returned 0x1db358 [0254.810] free (_Block=0x1da510) [0254.810] malloc (_Size=0x23e4) returned 0x1dc910 [0254.810] free (_Block=0x1db358) [0254.810] malloc (_Size=0x3274) returned 0x31e40b0 [0254.810] free (_Block=0x1dc910) [0254.812] malloc (_Size=0x4820) returned 0x1da510 [0254.812] free (_Block=0x31e40b0) [0254.813] malloc (_Size=0x64e4) returned 0x31e40b0 [0254.813] free (_Block=0x1da510) [0254.814] malloc (_Size=0x8920) returned 0x31ea5a0 [0254.814] free (_Block=0x31e40b0) [0254.814] malloc (_Size=0xbb90) returned 0x31f2ec8 [0254.815] free (_Block=0x31ea5a0) [0254.815] malloc (_Size=0xfc90) returned 0x31fea60 [0254.815] free (_Block=0x31f2ec8) [0254.815] malloc (_Size=0x1533c) returned 0x31e40b0 [0254.815] free (_Block=0x31fea60) [0254.815] malloc (_Size=0x1c704) returned 0x31f93f8 [0254.815] free (_Block=0x31e40b0) [0254.815] GetCurrentThreadId () returned 0x1130 [0254.815] GetCurrentThreadId () returned 0x1130 [0254.815] GetCurrentThreadId () returned 0x1130 [0254.815] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] free (_Block=0x1d9aa8) [0254.816] free (_Block=0x1d14e8) [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.816] GetCurrentThreadId () returned 0x1130 [0254.817] GetCurrentThreadId () returned 0x1130 [0254.817] GetCurrentThreadId () returned 0x1130 [0254.817] GetCurrentThreadId () returned 0x1130 [0254.817] GetCurrentThreadId () returned 0x1130 [0254.817] GetCurrentThreadId () returned 0x1130 [0254.817] GetCurrentThreadId () returned 0x1130 [0254.817] GetCurrentThreadId () returned 0x1130 [0254.817] GetCurrentThreadId () returned 0x1130 [0254.817] free (_Block=0x31f93f8) [0254.817] free (_Block=0x31e1d18) [0254.817] free (_Block=0x1d7470) [0254.817] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d9c08*, nNumberOfBytesToWrite=0x17d9f, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d9c08*, lpNumberOfBytesWritten=0x19fbbc*=0x17d9f, lpOverlapped=0x0) returned 1 [0254.819] free (_Block=0x31d7c00) [0254.819] free (_Block=0x1d1338) [0254.819] CloseHandle (hObject=0x2b4) returned 1 [0254.820] CloseHandle (hObject=0x404) returned 1 [0254.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=8) returned 1 [0254.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=4) returned 1 [0254.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=8) returned 1 [0254.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=4) returned 1 [0254.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=8) returned 1 [0254.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=4) returned 1 [0254.820] SetLastError (dwErrCode=0x0) [0254.820] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", lpFilePart=0x19f9f8*="cast_route_details.html") returned 0x90 [0254.820] GetLastError () returned 0x0 [0254.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=8) returned 1 [0254.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=4) returned 1 [0254.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=8) returned 1 [0254.820] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=4) returned 1 [0254.820] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.820] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html")) returned 1 [0254.823] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x1e, wMilliseconds=0x318)) [0254.823] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0254.823] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.824] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0254.824] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0254.824] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0254.824] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0254.824] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0254.824] CloseHandle (hObject=0x404) returned 1 [0254.824] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cast_route_details.html]omgp:[W9(uCfsLs?i-/w^5Ps#P@|%Flz\\^A!8ey+vUQ*R№Y№7№z{%1]", cchWideChar=85, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 85 [0254.824] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cast_route_details.html]omgp:[W9(uCfsLs?i-/w^5Ps#P@|%Flz\\^A!8ey+vUQ*R№Y№7№z{%1]", cchWideChar=85, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 85 [0254.824] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cast_route_details.html]omgp:[W9(uCfsLs?i-/w^5Ps#P@|%Flz\\^A!8ey+vUQ*R№Y№7№z{%1]", cchWideChar=85, lpMultiByteStr=0x253b0b0, cbMultiByte=85, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[cast_route_details.html]omgp:[W9(uCfsLs?i-/w^5Ps#P@|%Flz\\^A!8ey+vUQ*R?Y?7?z{%1]", lpUsedDefaultChar=0x0) returned 85 [0254.833] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0254.833] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk=") returned 172 [0254.833] GetCurrentThreadId () returned 0x1130 [0254.833] GetCurrentThreadId () returned 0x1130 [0254.833] GetCurrentThreadId () returned 0x1130 [0254.833] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.833] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.833] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.833] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.833] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.834] SetLastError (dwErrCode=0x0) [0254.834] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320") returned 0xc4 [0254.834] GetLastError () returned 0x0 [0254.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0254.834] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0254.834] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.834] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].wannacash ncov v310320")) returned 0x20 [0254.834] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [644].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0254.834] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0254.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0254.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x17d9f [0254.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0254.835] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0254.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.835] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.835] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.835] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.835] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0254.835] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3") returned 197 [0254.835] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0254.835] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3") returned 197 [0254.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x17d9f [0254.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.836] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0254.836] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:mnPhzt2higa71w/eDCOmABepngAsdjUKh81zrEcWlRKNOrvXB1wfihESc/QLddEAoRhHZVfVRHBCoD4VBnZhvBTCtuRDaQSErTEgUifIWk7ZvNlMVzMQnrJpNa4WsFRPELWlueOpG10HeqINDE/RN+BPIxLEolxcR8b+PYEz9mk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0254.836] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0254.836] CloseHandle (hObject=0x404) returned 1 [0254.836] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=8) returned 1 [0254.836] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=4) returned 1 [0254.836] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=8) returned 1 [0254.836] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=4) returned 1 [0254.836] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=8) returned 1 [0254.836] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=4) returned 1 [0254.836] SetLastError (dwErrCode=0x0) [0254.836] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", lpFilePart=0x19fa34*="cast_route_details.html") returned 0x90 [0254.836] GetLastError () returned 0x0 [0254.836] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=8) returned 1 [0254.836] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=4) returned 1 [0254.836] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=8) returned 1 [0254.836] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html", cchCount2=4) returned 1 [0254.837] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0254.837] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html")) returned 0 [0254.837] GetLastError () returned 0x2 [0254.837] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.html")) returned 0xffffffff [0254.839] SetLastError (dwErrCode=0x2) [0254.839] GetLastError () returned 0x2 [0254.839] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0254.839] LocalFree (hMem=0x92fe20) returned 0x0 [0254.839] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0254.840] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0254.840] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\cast_route_details.js")) returned 0x20 [0254.840] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=34974625292) returned 1 [0254.840] GetCurrentThreadId () returned 0x1130 [0254.840] GetCurrentThreadId () returned 0x1130 [0254.840] GetCurrentThreadId () returned 0x1130 [0254.840] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\H`?KN.>5.T<2n4I(zr^6wZWAh!6q4VgkQU\\9M7W=a", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0256.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="G<6MOZh\"A>Ah!6q4VgkQU\\9M7W=a", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0256.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="G<6MOZh\"A>Ah!6q4VgkQU\\9M7W=a", cchWideChar=28, lpMultiByteStr=0x2508420, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="G<6MOZh\"A>Ah!6q4VgkQU\\9M7W=a\x10\x80P\x02¸\x88O", lpUsedDefaultChar=0x0) returned 28 [0256.204] GetCurrentThreadId () returned 0x1130 [0256.204] GetCurrentThreadId () returned 0x1130 [0256.204] GetCurrentThreadId () returned 0x1130 [0256.204] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.204] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0256.204] GetCurrentThreadId () returned 0x1130 [0256.204] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] malloc (_Size=0x64) returned 0x1d1338 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] GetCurrentThreadId () returned 0x1130 [0256.205] free (_Block=0x1d1338) [0256.205] malloc (_Size=0x60) returned 0x1d1338 [0256.205] free (_Block=0x1d1338) [0256.206] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.206] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2919 [0256.206] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.206] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.206] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2919 [0256.206] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.206] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2919, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2919, lpOverlapped=0x0) returned 1 [0256.251] malloc (_Size=0x8c) returned 0x1d1338 [0256.251] malloc (_Size=0xfc) returned 0x31d70a8 [0256.251] malloc (_Size=0x40) returned 0x1d14e8 [0256.251] GetCurrentThreadId () returned 0x1130 [0256.251] GetCurrentThreadId () returned 0x1130 [0256.251] GetCurrentThreadId () returned 0x1130 [0256.251] GetCurrentThreadId () returned 0x1130 [0256.251] GetCurrentThreadId () returned 0x1130 [0256.251] GetCurrentThreadId () returned 0x1130 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.252] malloc (_Size=0xa5c) returned 0x1d9aa8 [0256.252] malloc (_Size=0x40) returned 0x1d7470 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.252] GetCurrentThreadId () returned 0x1130 [0256.253] GetCurrentThreadId () returned 0x1130 [0256.253] GetCurrentThreadId () returned 0x1130 [0256.253] GetCurrentThreadId () returned 0x1130 [0256.253] GetCurrentThreadId () returned 0x1130 [0256.253] GetCurrentThreadId () returned 0x1130 [0256.253] GetCurrentThreadId () returned 0x1130 [0256.253] malloc (_Size=0xc) returned 0x31e1dc0 [0256.253] malloc (_Size=0x720) returned 0x31d2860 [0256.253] malloc (_Size=0xe3c) returned 0x1da510 [0256.253] free (_Block=0x31d2860) [0256.253] malloc (_Size=0x15ac) returned 0x1db358 [0256.253] free (_Block=0x1da510) [0256.253] malloc (_Size=0x23e4) returned 0x1dc910 [0256.253] free (_Block=0x1db358) [0256.254] malloc (_Size=0x3274) returned 0x31e40b0 [0256.255] free (_Block=0x1dc910) [0256.255] malloc (_Size=0x4820) returned 0x1da510 [0256.255] free (_Block=0x31e40b0) [0256.255] GetCurrentThreadId () returned 0x1130 [0256.255] GetCurrentThreadId () returned 0x1130 [0256.255] GetCurrentThreadId () returned 0x1130 [0256.255] GetCurrentThreadId () returned 0x1130 [0256.255] GetCurrentThreadId () returned 0x1130 [0256.255] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] free (_Block=0x1d9aa8) [0256.256] free (_Block=0x1d14e8) [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.256] GetCurrentThreadId () returned 0x1130 [0256.257] GetCurrentThreadId () returned 0x1130 [0256.257] GetCurrentThreadId () returned 0x1130 [0256.257] GetCurrentThreadId () returned 0x1130 [0256.257] GetCurrentThreadId () returned 0x1130 [0256.257] GetCurrentThreadId () returned 0x1130 [0256.257] GetCurrentThreadId () returned 0x1130 [0256.257] free (_Block=0x1da510) [0256.257] free (_Block=0x31e1dc0) [0256.257] free (_Block=0x1d7470) [0256.257] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bbb08*, nNumberOfBytesToWrite=0x37c8, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bbb08*, lpNumberOfBytesWritten=0x19fbbc*=0x37c8, lpOverlapped=0x0) returned 1 [0256.260] free (_Block=0x31d70a8) [0256.260] free (_Block=0x1d1338) [0256.260] CloseHandle (hObject=0x2b4) returned 1 [0256.260] CloseHandle (hObject=0x404) returned 1 [0256.260] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=8) returned 1 [0256.260] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=4) returned 1 [0256.260] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=8) returned 1 [0256.260] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=4) returned 1 [0256.260] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=8) returned 1 [0256.260] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=4) returned 1 [0256.260] SetLastError (dwErrCode=0x0) [0256.260] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", lpFilePart=0x19f9f8*="feedback_script.js") returned 0x8b [0256.260] GetLastError () returned 0x0 [0256.261] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=8) returned 1 [0256.261] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=4) returned 1 [0256.261] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=8) returned 1 [0256.261] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=4) returned 1 [0256.261] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.261] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js")) returned 1 [0256.262] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x20, wMilliseconds=0xe5)) [0256.262] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0256.263] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.263] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0256.263] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0256.263] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0256.263] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0256.263] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0256.263] CloseHandle (hObject=0x404) returned 1 [0256.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[feedback_script.js]omgp:[G<6MOZh\"A>Ah!6q4VgkQU\\9M7W=a]", cchWideChar=60, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 60 [0256.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[feedback_script.js]omgp:[G<6MOZh\"A>Ah!6q4VgkQU\\9M7W=a]", cchWideChar=60, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 60 [0256.263] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[feedback_script.js]omgp:[G<6MOZh\"A>Ah!6q4VgkQU\\9M7W=a]", cchWideChar=60, lpMultiByteStr=0x2516968, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[feedback_script.js]omgp:[G<6MOZh\"A>Ah!6q4VgkQU\\9M7W=a]\x11kQ\x02\x01", lpUsedDefaultChar=0x0) returned 60 [0256.272] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0256.272] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ=") returned 172 [0256.272] GetCurrentThreadId () returned 0x1130 [0256.272] GetCurrentThreadId () returned 0x1130 [0256.272] GetCurrentThreadId () returned 0x1130 [0256.272] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.272] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.272] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.272] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.272] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.273] SetLastError (dwErrCode=0x0) [0256.273] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320") returned 0xc4 [0256.273] GetLastError () returned 0x0 [0256.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.273] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.273] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].wannacash ncov v310320")) returned 0x20 [0256.273] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [660].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.274] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0256.274] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0256.274] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x37c8 [0256.274] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0256.274] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0256.274] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.274] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.274] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.274] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.274] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.275] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.275] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0256.275] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3") returned 197 [0256.275] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0256.275] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3") returned 197 [0256.275] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x37c8 [0256.275] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.276] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.276] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:kCMcI/4Y4CuXOdcxGPoWkXXcVsKmBH4yus9f8jGO5Wd/rrhXzacfUVpOe58ZlDPoXfBMZF+8Q0E3QTjuXeI1RSewbMqcXB/GBnsaeD8TLCW2ds4LPTs/OBwZdbK97kow+NhLaJzRuq/m3a7z1uly77JsH8YKUI0ADek9MlrnYBQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.276] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0256.276] CloseHandle (hObject=0x404) returned 1 [0256.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=8) returned 1 [0256.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=4) returned 1 [0256.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=8) returned 1 [0256.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=4) returned 1 [0256.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=8) returned 1 [0256.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=4) returned 1 [0256.276] SetLastError (dwErrCode=0x0) [0256.276] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", lpFilePart=0x19fa34*="feedback_script.js") returned 0x8b [0256.276] GetLastError () returned 0x0 [0256.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=8) returned 1 [0256.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=4) returned 1 [0256.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=8) returned 1 [0256.277] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js", cchCount2=4) returned 1 [0256.277] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.277] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js")) returned 0 [0256.277] GetLastError () returned 0x2 [0256.277] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\feedback_script.js")) returned 0xffffffff [0256.277] SetLastError (dwErrCode=0x2) [0256.277] GetLastError () returned 0x2 [0256.277] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0256.277] LocalFree (hMem=0x92fe20) returned 0x0 [0256.277] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0256.277] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0256.278] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css")) returned 0x20 [0256.278] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35118407889) returned 1 [0256.278] GetCurrentThreadId () returned 0x1130 [0256.278] GetCurrentThreadId () returned 0x1130 [0256.278] GetCurrentThreadId () returned 0x1130 [0256.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FBz7U%-NuRcDK>\\,z.lr=,En_16`)69", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0256.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FBz7U%-NuRcDK>\\,z.lr=,En_16`)69", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0256.278] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FBz7U%-NuRcDK>\\,z.lr=,En_16`)69", cchWideChar=31, lpMultiByteStr=0x250f7e8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FBz7U%-NuRcDK>\\,z.lr=,En_16`)69", lpUsedDefaultChar=0x0) returned 31 [0256.278] GetCurrentThreadId () returned 0x1130 [0256.278] GetCurrentThreadId () returned 0x1130 [0256.278] GetCurrentThreadId () returned 0x1130 [0256.278] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.279] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0256.279] GetCurrentThreadId () returned 0x1130 [0256.279] GetCurrentThreadId () returned 0x1130 [0256.279] GetCurrentThreadId () returned 0x1130 [0256.279] GetCurrentThreadId () returned 0x1130 [0256.279] GetCurrentThreadId () returned 0x1130 [0256.279] GetCurrentThreadId () returned 0x1130 [0256.279] GetCurrentThreadId () returned 0x1130 [0256.279] GetCurrentThreadId () returned 0x1130 [0256.279] GetCurrentThreadId () returned 0x1130 [0256.280] GetCurrentThreadId () returned 0x1130 [0256.280] GetCurrentThreadId () returned 0x1130 [0256.280] GetCurrentThreadId () returned 0x1130 [0256.280] GetCurrentThreadId () returned 0x1130 [0256.280] malloc (_Size=0x64) returned 0x1d1338 [0256.280] GetCurrentThreadId () returned 0x1130 [0256.280] GetCurrentThreadId () returned 0x1130 [0256.280] GetCurrentThreadId () returned 0x1130 [0256.280] GetCurrentThreadId () returned 0x1130 [0256.280] GetCurrentThreadId () returned 0x1130 [0256.280] GetCurrentThreadId () returned 0x1130 [0256.280] free (_Block=0x1d1338) [0256.280] malloc (_Size=0x60) returned 0x1d1338 [0256.280] free (_Block=0x1d1338) [0256.280] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.280] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x59fef [0256.281] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.281] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fe50000 [0256.285] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.285] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x59fef [0256.285] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.285] ReadFile (in: hFile=0x404, lpBuffer=0x7fe50018, nNumberOfBytesToRead=0x59fef, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fe50018*, lpNumberOfBytesRead=0x19fbc8*=0x59fef, lpOverlapped=0x0) returned 1 [0256.325] malloc (_Size=0x8c) returned 0x1d1338 [0256.325] malloc (_Size=0xfc) returned 0x31d7e10 [0256.326] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fdf0000 [0256.333] malloc (_Size=0x40) returned 0x1d14e8 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] GetCurrentThreadId () returned 0x1130 [0256.334] malloc (_Size=0xa5c) returned 0x1d9aa8 [0256.334] malloc (_Size=0x40) returned 0x1d7470 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] GetCurrentThreadId () returned 0x1130 [0256.335] malloc (_Size=0xc) returned 0x31e1df0 [0256.335] malloc (_Size=0x720) returned 0x31d2860 [0256.335] malloc (_Size=0xe3c) returned 0x1da510 [0256.335] free (_Block=0x31d2860) [0256.335] malloc (_Size=0x15ac) returned 0x1db358 [0256.335] free (_Block=0x1da510) [0256.335] malloc (_Size=0x23e4) returned 0x1dc910 [0256.336] free (_Block=0x1db358) [0256.336] malloc (_Size=0x3274) returned 0x31e40b0 [0256.336] free (_Block=0x1dc910) [0256.336] malloc (_Size=0x4820) returned 0x1da510 [0256.336] free (_Block=0x31e40b0) [0256.336] malloc (_Size=0x64e4) returned 0x31e40b0 [0256.336] free (_Block=0x1da510) [0256.337] malloc (_Size=0x8920) returned 0x31ea5a0 [0256.337] free (_Block=0x31e40b0) [0256.337] malloc (_Size=0xbb90) returned 0x31f2ec8 [0256.337] free (_Block=0x31ea5a0) [0256.338] malloc (_Size=0xfc90) returned 0x31fea60 [0256.339] free (_Block=0x31f2ec8) [0256.340] malloc (_Size=0x1533c) returned 0x31e40b0 [0256.340] free (_Block=0x31fea60) [0256.340] malloc (_Size=0x1c704) returned 0x31f93f8 [0256.340] free (_Block=0x31e40b0) [0256.341] malloc (_Size=0x265c8) returned 0x3a60048 [0256.341] free (_Block=0x31f93f8) [0256.342] malloc (_Size=0x33758) returned 0x31e40b0 [0256.342] free (_Block=0x3a60048) [0256.342] malloc (_Size=0x45104) returned 0x3a60048 [0256.342] free (_Block=0x31e40b0) [0256.344] malloc (_Size=0x5c874) returned 0x31e40b0 [0256.347] free (_Block=0x3a60048) [0256.348] malloc (_Size=0x7bac8) returned 0x3a60048 [0256.349] free (_Block=0x31e40b0) [0256.352] VirtualAlloc (lpAddress=0x0, dwSize=0x80000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd70000 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] GetCurrentThreadId () returned 0x1130 [0256.360] free (_Block=0x1d9aa8) [0256.361] free (_Block=0x1d14e8) [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.361] GetCurrentThreadId () returned 0x1130 [0256.362] free (_Block=0x3a60048) [0256.362] free (_Block=0x31e1df0) [0256.362] free (_Block=0x1d7470) [0256.362] WriteFile (in: hFile=0x2b4, lpBuffer=0x7fd70018*, nNumberOfBytesToWrite=0x79e00, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fd70018*, lpNumberOfBytesWritten=0x19fbbc*=0x79e00, lpOverlapped=0x0) returned 1 [0256.417] free (_Block=0x31d7e10) [0256.418] free (_Block=0x1d1338) [0256.418] VirtualFree (lpAddress=0x7fd70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.421] VirtualFree (lpAddress=0x7fdf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.421] VirtualFree (lpAddress=0x7fe50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.422] CloseHandle (hObject=0x2b4) returned 1 [0256.422] CloseHandle (hObject=0x404) returned 1 [0256.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=8) returned 1 [0256.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=4) returned 1 [0256.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=8) returned 1 [0256.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=4) returned 1 [0256.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=8) returned 1 [0256.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=4) returned 1 [0256.422] SetLastError (dwErrCode=0x0) [0256.422] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", lpFilePart=0x19f9f8*="material_css_min.css") returned 0x8d [0256.422] GetLastError () returned 0x0 [0256.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=8) returned 1 [0256.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=4) returned 1 [0256.422] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=8) returned 1 [0256.423] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=4) returned 1 [0256.423] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.423] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css")) returned 1 [0256.427] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x20, wMilliseconds=0x182)) [0256.428] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0256.428] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.428] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0256.428] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0256.428] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0256.428] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0256.428] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0256.428] CloseHandle (hObject=0x404) returned 1 [0256.428] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[material_css_min.css]omgp:[FBz7U%-NuRcDK>\\,z.lr=,En_16`)69]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0256.428] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[material_css_min.css]omgp:[FBz7U%-NuRcDK>\\,z.lr=,En_16`)69]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0256.428] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[material_css_min.css]omgp:[FBz7U%-NuRcDK>\\,z.lr=,En_16`)69]", cchWideChar=65, lpMultiByteStr=0x2541d78, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[material_css_min.css]omgp:[FBz7U%-NuRcDK>\\,z.lr=,En_16`)69]", lpUsedDefaultChar=0x0) returned 65 [0256.437] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0256.437] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs=") returned 172 [0256.437] GetCurrentThreadId () returned 0x1130 [0256.437] GetCurrentThreadId () returned 0x1130 [0256.437] GetCurrentThreadId () returned 0x1130 [0256.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.438] SetLastError (dwErrCode=0x0) [0256.438] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320") returned 0xc4 [0256.438] GetLastError () returned 0x0 [0256.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.438] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.438] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].wannacash ncov v310320")) returned 0x20 [0256.438] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [661].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.439] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0256.439] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0256.439] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x79e00 [0256.439] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0256.439] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0256.439] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.439] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.439] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.439] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.439] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0256.439] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3") returned 197 [0256.439] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0256.439] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3") returned 197 [0256.439] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x79e00 [0256.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ppEysHh9tbqmnXGHmT7mWy0IO12PyEqoUsNgFP43+1NbzkkLDxxzyRjladcNJTNdMof8J4x/dKlR1l1tDrTWhydWpTBJvGcHo5Aa//RI5Ou0lmOUey7EyCW9e4/qsS9qXqAVfgNLf2/ZXJMpgSGDHM60rgw9qDIMtfmDTsNq4Cs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.440] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0256.440] CloseHandle (hObject=0x404) returned 1 [0256.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=8) returned 1 [0256.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=4) returned 1 [0256.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=8) returned 1 [0256.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=4) returned 1 [0256.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=8) returned 1 [0256.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=4) returned 1 [0256.440] SetLastError (dwErrCode=0x0) [0256.440] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", lpFilePart=0x19fa34*="material_css_min.css") returned 0x8d [0256.440] GetLastError () returned 0x0 [0256.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=8) returned 1 [0256.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=4) returned 1 [0256.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=8) returned 1 [0256.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css", cchCount2=4) returned 1 [0256.441] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.441] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css")) returned 0 [0256.441] GetLastError () returned 0x2 [0256.441] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\material_css_min.css")) returned 0xffffffff [0256.441] SetLastError (dwErrCode=0x2) [0256.441] GetLastError () returned 0x2 [0256.441] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0256.441] LocalFree (hMem=0x92fe20) returned 0x0 [0256.441] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0256.442] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0256.442] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js")) returned 0x20 [0256.442] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35134857070) returned 1 [0256.442] GetCurrentThreadId () returned 0x1130 [0256.443] GetCurrentThreadId () returned 0x1130 [0256.443] GetCurrentThreadId () returned 0x1130 [0256.443] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="uM3UZ~9DkvbYw}aOlBXWqe7x_.W", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0256.443] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="uM3UZ~9DkvbYw}aOlBXWqe7x_.W", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0256.443] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="uM3UZ~9DkvbYw}aOlBXWqe7x_.W", cchWideChar=27, lpMultiByteStr=0x2508f10, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="uM3UZ~9DkvbYw}aOlBXWqe7x_.W", lpUsedDefaultChar=0x0) returned 27 [0256.443] GetCurrentThreadId () returned 0x1130 [0256.443] GetCurrentThreadId () returned 0x1130 [0256.443] GetCurrentThreadId () returned 0x1130 [0256.443] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.443] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] malloc (_Size=0x64) returned 0x1d1338 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] GetCurrentThreadId () returned 0x1130 [0256.444] free (_Block=0x1d1338) [0256.445] malloc (_Size=0x60) returned 0x1d1338 [0256.445] free (_Block=0x1d1338) [0256.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x78a2 [0256.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x78a2 [0256.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.445] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x78a2, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x78a2, lpOverlapped=0x0) returned 1 [0256.450] malloc (_Size=0x8c) returned 0x1d1338 [0256.450] malloc (_Size=0xfc) returned 0x31d78e8 [0256.450] malloc (_Size=0x40) returned 0x1d14e8 [0256.450] GetCurrentThreadId () returned 0x1130 [0256.450] GetCurrentThreadId () returned 0x1130 [0256.450] GetCurrentThreadId () returned 0x1130 [0256.450] GetCurrentThreadId () returned 0x1130 [0256.450] GetCurrentThreadId () returned 0x1130 [0256.450] GetCurrentThreadId () returned 0x1130 [0256.450] GetCurrentThreadId () returned 0x1130 [0256.450] GetCurrentThreadId () returned 0x1130 [0256.450] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] malloc (_Size=0xa5c) returned 0x31e40b0 [0256.451] malloc (_Size=0x40) returned 0x1d7470 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] GetCurrentThreadId () returned 0x1130 [0256.451] malloc (_Size=0xc) returned 0x31e1e50 [0256.451] malloc (_Size=0x720) returned 0x31d2860 [0256.451] malloc (_Size=0xe3c) returned 0x1d9aa8 [0256.451] free (_Block=0x31d2860) [0256.451] malloc (_Size=0x15ac) returned 0x1da8f0 [0256.452] free (_Block=0x1d9aa8) [0256.452] malloc (_Size=0x23e4) returned 0x1dbea8 [0256.452] free (_Block=0x1da8f0) [0256.452] malloc (_Size=0x3274) returned 0x3a60048 [0256.452] free (_Block=0x1dbea8) [0256.453] malloc (_Size=0x4820) returned 0x1d9aa8 [0256.453] free (_Block=0x3a60048) [0256.453] malloc (_Size=0x64e4) returned 0x3a60048 [0256.454] free (_Block=0x1d9aa8) [0256.454] malloc (_Size=0x8920) returned 0x3a66538 [0256.455] free (_Block=0x3a60048) [0256.455] malloc (_Size=0xbb90) returned 0x3a6ee60 [0256.455] free (_Block=0x3a66538) [0256.455] GetCurrentThreadId () returned 0x1130 [0256.455] GetCurrentThreadId () returned 0x1130 [0256.455] GetCurrentThreadId () returned 0x1130 [0256.455] GetCurrentThreadId () returned 0x1130 [0256.455] GetCurrentThreadId () returned 0x1130 [0256.455] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] free (_Block=0x31e40b0) [0256.456] free (_Block=0x1d14e8) [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.456] GetCurrentThreadId () returned 0x1130 [0256.457] GetCurrentThreadId () returned 0x1130 [0256.457] GetCurrentThreadId () returned 0x1130 [0256.457] GetCurrentThreadId () returned 0x1130 [0256.457] GetCurrentThreadId () returned 0x1130 [0256.457] GetCurrentThreadId () returned 0x1130 [0256.457] GetCurrentThreadId () returned 0x1130 [0256.457] free (_Block=0x3a6ee60) [0256.457] free (_Block=0x31e1e50) [0256.457] free (_Block=0x1d7470) [0256.457] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c5a08*, nNumberOfBytesToWrite=0xa384, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c5a08*, lpNumberOfBytesWritten=0x19fbbc*=0xa384, lpOverlapped=0x0) returned 1 [0256.459] free (_Block=0x31d78e8) [0256.459] free (_Block=0x1d1338) [0256.459] CloseHandle (hObject=0x2b4) returned 1 [0256.459] CloseHandle (hObject=0x404) returned 1 [0256.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=8) returned 1 [0256.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=4) returned 1 [0256.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=8) returned 1 [0256.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=4) returned 1 [0256.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=8) returned 1 [0256.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=4) returned 1 [0256.460] SetLastError (dwErrCode=0x0) [0256.460] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", lpFilePart=0x19f9f8*="mirroring_cast_streaming.js") returned 0x94 [0256.460] GetLastError () returned 0x0 [0256.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=8) returned 1 [0256.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=4) returned 1 [0256.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=8) returned 1 [0256.460] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=4) returned 1 [0256.460] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.460] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js")) returned 1 [0256.461] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x20, wMilliseconds=0x1a1)) [0256.461] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0256.461] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.461] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0256.461] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0256.461] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0256.461] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0256.462] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0256.462] CloseHandle (hObject=0x404) returned 1 [0256.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[mirroring_cast_streaming.js]omgp:[uM3UZ~9DkvbYw}aOlBXWqe7x_.W]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0256.527] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[mirroring_cast_streaming.js]omgp:[uM3UZ~9DkvbYw}aOlBXWqe7x_.W]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0256.528] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[mirroring_cast_streaming.js]omgp:[uM3UZ~9DkvbYw}aOlBXWqe7x_.W]", cchWideChar=68, lpMultiByteStr=0x2541be8, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[mirroring_cast_streaming.js]omgp:[uM3UZ~9DkvbYw}aOlBXWqe7x_.W]\x81\x1cT\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 68 [0256.536] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0256.536] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ=") returned 172 [0256.536] GetCurrentThreadId () returned 0x1130 [0256.536] GetCurrentThreadId () returned 0x1130 [0256.536] GetCurrentThreadId () returned 0x1130 [0256.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.536] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.536] SetLastError (dwErrCode=0x0) [0256.537] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320") returned 0xc4 [0256.537] GetLastError () returned 0x0 [0256.537] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.537] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.537] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.537] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.537] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.537] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].wannacash ncov v310320")) returned 0x20 [0256.538] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [662].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.538] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0256.538] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0256.538] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xa384 [0256.538] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0256.538] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0256.538] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.538] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.538] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.538] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.538] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.538] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.539] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0256.539] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3") returned 197 [0256.539] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0256.539] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3") returned 197 [0256.539] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xa384 [0256.539] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.539] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.539] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1Tua+o6QgH1HBaCtsN8Us/d6m9OAeTUKeEu8zw031a8PnOlx2rmc9tfQUMRESaIiVCnTJp68REZevWNMU94Us674i7PLuxM3+x2ghoLlD3xEvfGCewU9zGwV0Ig95b7hk2eHUZ+9Up/vrfYQd7DtlD4RX5XInxPBWMX/UtP3NhQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.539] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0256.539] CloseHandle (hObject=0x404) returned 1 [0256.539] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=8) returned 1 [0256.539] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=4) returned 1 [0256.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=8) returned 1 [0256.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=4) returned 1 [0256.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=8) returned 1 [0256.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=4) returned 1 [0256.540] SetLastError (dwErrCode=0x0) [0256.540] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", lpFilePart=0x19fa34*="mirroring_cast_streaming.js") returned 0x94 [0256.540] GetLastError () returned 0x0 [0256.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=8) returned 1 [0256.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=4) returned 1 [0256.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=8) returned 1 [0256.540] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js", cchCount2=4) returned 1 [0256.540] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.541] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js")) returned 0 [0256.541] GetLastError () returned 0x2 [0256.541] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_cast_streaming.js")) returned 0xffffffff [0256.541] SetLastError (dwErrCode=0x2) [0256.541] GetLastError () returned 0x2 [0256.541] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0256.541] LocalFree (hMem=0x92fe20) returned 0x0 [0256.541] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0256.541] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0256.541] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js")) returned 0x20 [0256.542] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35144818301) returned 1 [0256.542] GetCurrentThreadId () returned 0x1130 [0256.542] GetCurrentThreadId () returned 0x1130 [0256.542] GetCurrentThreadId () returned 0x1130 [0256.542] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZJ9C7po?^№sSANlb6q{$$ah|4s", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0256.542] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZJ9C7po?^№sSANlb6q{$$ah|4s", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0256.542] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZJ9C7po?^№sSANlb6q{$$ah|4s", cchWideChar=26, lpMultiByteStr=0x2508420, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZJ9C7po?^â\x84\x96sSANlb6q{$$ah|4s\x10\x80P\x02¸\x88O", lpUsedDefaultChar=0x0) returned 28 [0256.542] GetCurrentThreadId () returned 0x1130 [0256.542] GetCurrentThreadId () returned 0x1130 [0256.542] GetCurrentThreadId () returned 0x1130 [0256.542] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.543] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.544] malloc (_Size=0x64) returned 0x1d1338 [0256.544] GetCurrentThreadId () returned 0x1130 [0256.545] GetCurrentThreadId () returned 0x1130 [0256.545] GetCurrentThreadId () returned 0x1130 [0256.545] GetCurrentThreadId () returned 0x1130 [0256.545] GetCurrentThreadId () returned 0x1130 [0256.545] GetCurrentThreadId () returned 0x1130 [0256.545] free (_Block=0x1d1338) [0256.545] malloc (_Size=0x60) returned 0x1d1338 [0256.545] free (_Block=0x1d1338) [0256.545] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.545] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3c13a [0256.545] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.545] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.546] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3c13a [0256.546] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.546] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x3c13a, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x3c13a, lpOverlapped=0x0) returned 1 [0256.549] malloc (_Size=0x8c) returned 0x1d1338 [0256.550] malloc (_Size=0xfc) returned 0x31d78e8 [0256.550] malloc (_Size=0x40) returned 0x1d14e8 [0256.550] GetCurrentThreadId () returned 0x1130 [0256.550] GetCurrentThreadId () returned 0x1130 [0256.550] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] malloc (_Size=0xa5c) returned 0x31e40b0 [0256.551] malloc (_Size=0x40) returned 0x1d7470 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] GetCurrentThreadId () returned 0x1130 [0256.551] malloc (_Size=0xc) returned 0x31e1dc0 [0256.552] malloc (_Size=0x720) returned 0x31d2860 [0256.552] malloc (_Size=0xe3c) returned 0x1d9aa8 [0256.552] free (_Block=0x31d2860) [0256.552] malloc (_Size=0x15ac) returned 0x1da8f0 [0256.552] free (_Block=0x1d9aa8) [0256.552] malloc (_Size=0x23e4) returned 0x1dbea8 [0256.552] free (_Block=0x1da8f0) [0256.552] malloc (_Size=0x3274) returned 0x3a60048 [0256.553] free (_Block=0x1dbea8) [0256.553] malloc (_Size=0x4820) returned 0x1d9aa8 [0256.553] free (_Block=0x3a60048) [0256.553] malloc (_Size=0x64e4) returned 0x3a60048 [0256.554] free (_Block=0x1d9aa8) [0256.554] malloc (_Size=0x8920) returned 0x3a66538 [0256.554] free (_Block=0x3a60048) [0256.554] malloc (_Size=0xbb90) returned 0x3a6ee60 [0256.698] free (_Block=0x3a66538) [0256.698] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0256.698] free (_Block=0x3a6ee60) [0256.698] malloc (_Size=0x1533c) returned 0x3a60048 [0256.698] free (_Block=0x3a7a9f8) [0256.699] malloc (_Size=0x1c704) returned 0x3a75390 [0256.699] free (_Block=0x3a60048) [0256.700] malloc (_Size=0x265c8) returned 0x3a91aa0 [0256.700] free (_Block=0x3a75390) [0256.700] malloc (_Size=0x33758) returned 0x31e4b18 [0256.701] free (_Block=0x3a91aa0) [0256.701] malloc (_Size=0x45104) returned 0x3a60048 [0256.701] free (_Block=0x31e4b18) [0256.701] malloc (_Size=0x5c874) returned 0x31e4b18 [0256.703] free (_Block=0x3a60048) [0256.703] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fe50000 [0256.707] GetCurrentThreadId () returned 0x1130 [0256.707] GetCurrentThreadId () returned 0x1130 [0256.707] GetCurrentThreadId () returned 0x1130 [0256.707] GetCurrentThreadId () returned 0x1130 [0256.707] GetCurrentThreadId () returned 0x1130 [0256.707] GetCurrentThreadId () returned 0x1130 [0256.707] GetCurrentThreadId () returned 0x1130 [0256.707] GetCurrentThreadId () returned 0x1130 [0256.707] GetCurrentThreadId () returned 0x1130 [0256.707] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] free (_Block=0x31e40b0) [0256.708] free (_Block=0x1d14e8) [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.708] GetCurrentThreadId () returned 0x1130 [0256.709] GetCurrentThreadId () returned 0x1130 [0256.709] GetCurrentThreadId () returned 0x1130 [0256.709] GetCurrentThreadId () returned 0x1130 [0256.709] GetCurrentThreadId () returned 0x1130 [0256.709] GetCurrentThreadId () returned 0x1130 [0256.709] free (_Block=0x31e4b18) [0256.713] free (_Block=0x31e1dc0) [0256.713] free (_Block=0x1d7470) [0256.713] WriteFile (in: hFile=0x2b4, lpBuffer=0x7fe50018*, nNumberOfBytesToWrite=0x515c7, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fe50018*, lpNumberOfBytesWritten=0x19fbbc*=0x515c7, lpOverlapped=0x0) returned 1 [0256.721] free (_Block=0x31d78e8) [0256.721] free (_Block=0x1d1338) [0256.721] VirtualFree (lpAddress=0x7fe50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.722] CloseHandle (hObject=0x2b4) returned 1 [0256.722] CloseHandle (hObject=0x404) returned 1 [0256.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=8) returned 1 [0256.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=4) returned 1 [0256.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=8) returned 1 [0256.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=4) returned 1 [0256.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=8) returned 1 [0256.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=4) returned 1 [0256.722] SetLastError (dwErrCode=0x0) [0256.722] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", lpFilePart=0x19f9f8*="mirroring_common.js") returned 0x8c [0256.722] GetLastError () returned 0x0 [0256.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=8) returned 1 [0256.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=4) returned 1 [0256.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=8) returned 1 [0256.723] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=4) returned 1 [0256.723] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.723] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js")) returned 1 [0256.726] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x20, wMilliseconds=0x2aa)) [0256.726] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0256.726] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.726] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0256.726] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0256.726] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0256.726] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0256.727] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0256.727] CloseHandle (hObject=0x404) returned 1 [0256.727] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[mirroring_common.js]omgp:[ZJ9C7po?^№sSANlb6q{$$ah|4s]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0256.727] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[mirroring_common.js]omgp:[ZJ9C7po?^№sSANlb6q{$$ah|4s]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0256.727] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[mirroring_common.js]omgp:[ZJ9C7po?^№sSANlb6q{$$ah|4s]", cchWideChar=59, lpMultiByteStr=0x2516ad0, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[mirroring_common.js]omgp:[ZJ9C7po?^?sSANlb6q{$$ah|4s]", lpUsedDefaultChar=0x0) returned 59 [0256.735] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0256.735] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw=") returned 172 [0256.735] GetCurrentThreadId () returned 0x1130 [0256.735] GetCurrentThreadId () returned 0x1130 [0256.735] GetCurrentThreadId () returned 0x1130 [0256.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.736] SetLastError (dwErrCode=0x0) [0256.736] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320") returned 0xc4 [0256.736] GetLastError () returned 0x0 [0256.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0256.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0256.736] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.736] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].wannacash ncov v310320")) returned 0x20 [0256.736] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [663].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.737] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0256.737] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0256.737] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x515c7 [0256.737] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0256.737] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0256.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.737] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.737] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0256.737] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3") returned 197 [0256.737] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0256.737] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3") returned 197 [0256.737] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x515c7 [0256.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.738] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0256.738] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:OKH+dUXm+EUGodoWTA/ZFD37Mu2iPfAs8ZfKdr+TQn6w7hQTHA9H/NzbRaNe54aMAv69QrtorDihN+PSelCnRbU24xt5jsnveZNk5TP77JJRckYwQuiTfsNpYKiXvEr+sS6Q/iFIHm9n9mDDnpcwx4BTFvEe/TkKhU6Pp9IKNlw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0256.738] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0256.738] CloseHandle (hObject=0x404) returned 1 [0256.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=8) returned 1 [0256.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=4) returned 1 [0256.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=8) returned 1 [0256.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=4) returned 1 [0256.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=8) returned 1 [0256.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=4) returned 1 [0256.738] SetLastError (dwErrCode=0x0) [0256.738] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", lpFilePart=0x19fa34*="mirroring_common.js") returned 0x8c [0256.738] GetLastError () returned 0x0 [0256.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=8) returned 1 [0256.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=4) returned 1 [0256.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=8) returned 1 [0256.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js", cchCount2=4) returned 1 [0256.739] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.739] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js")) returned 0 [0256.739] GetLastError () returned 0x2 [0256.739] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_common.js")) returned 0xffffffff [0256.739] SetLastError (dwErrCode=0x2) [0256.739] GetLastError () returned 0x2 [0256.739] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0256.739] LocalFree (hMem=0x92fe20) returned 0x0 [0256.739] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0256.740] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0256.740] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js")) returned 0x20 [0256.740] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35164643568) returned 1 [0256.740] GetCurrentThreadId () returned 0x1130 [0256.740] GetCurrentThreadId () returned 0x1130 [0256.740] GetCurrentThreadId () returned 0x1130 [0256.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ej;JB,FcBow)ib>\"3tjAXnxzkrHKF/`_c`~xl*!", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0256.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ej;JB,FcBow)ib>\"3tjAXnxzkrHKF/`_c`~xl*!", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0256.741] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ej;JB,FcBow)ib>\"3tjAXnxzkrHKF/`_c`~xl*!", cchWideChar=39, lpMultiByteStr=0x2524fd0, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ej;JB,FcBow)ib>\"3tjAXnxzkrHKF/`_c`~xl*!", lpUsedDefaultChar=0x0) returned 39 [0256.741] GetCurrentThreadId () returned 0x1130 [0256.741] GetCurrentThreadId () returned 0x1130 [0256.741] GetCurrentThreadId () returned 0x1130 [0256.741] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0256.741] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] malloc (_Size=0x64) returned 0x1d1338 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] GetCurrentThreadId () returned 0x1130 [0256.742] free (_Block=0x1d1338) [0256.742] malloc (_Size=0x60) returned 0x1d1338 [0256.743] free (_Block=0x1d1338) [0256.743] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.743] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x698b1 [0256.743] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.743] VirtualAlloc (lpAddress=0x0, dwSize=0x70000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fe40000 [0256.798] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.798] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x698b1 [0256.798] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0256.798] ReadFile (in: hFile=0x404, lpBuffer=0x7fe40018, nNumberOfBytesToRead=0x698b1, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fe40018*, lpNumberOfBytesRead=0x19fbc8*=0x698b1, lpOverlapped=0x0) returned 1 [0256.838] malloc (_Size=0x8c) returned 0x1d1338 [0256.838] malloc (_Size=0xfc) returned 0x31d7e10 [0256.838] VirtualAlloc (lpAddress=0x0, dwSize=0x70000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fdd0000 [0256.845] malloc (_Size=0x40) returned 0x1d14e8 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] malloc (_Size=0xa5c) returned 0x31e40b0 [0256.845] malloc (_Size=0x40) returned 0x1d7470 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.845] GetCurrentThreadId () returned 0x1130 [0256.846] GetCurrentThreadId () returned 0x1130 [0256.846] GetCurrentThreadId () returned 0x1130 [0256.846] malloc (_Size=0xc) returned 0x31e1dc0 [0256.846] malloc (_Size=0x720) returned 0x31d2860 [0256.846] malloc (_Size=0xe3c) returned 0x1d9aa8 [0256.846] free (_Block=0x31d2860) [0256.846] malloc (_Size=0x15ac) returned 0x1da8f0 [0256.846] free (_Block=0x1d9aa8) [0256.846] malloc (_Size=0x23e4) returned 0x1dbea8 [0256.847] free (_Block=0x1da8f0) [0256.847] malloc (_Size=0x3274) returned 0x3a60048 [0256.847] free (_Block=0x1dbea8) [0256.847] malloc (_Size=0x4820) returned 0x1d9aa8 [0256.848] free (_Block=0x3a60048) [0256.848] malloc (_Size=0x64e4) returned 0x3a60048 [0256.848] free (_Block=0x1d9aa8) [0256.848] malloc (_Size=0x8920) returned 0x3a66538 [0256.848] free (_Block=0x3a60048) [0256.849] malloc (_Size=0xbb90) returned 0x3a6ee60 [0256.849] free (_Block=0x3a66538) [0256.850] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0256.850] free (_Block=0x3a6ee60) [0256.850] malloc (_Size=0x1533c) returned 0x3a60048 [0256.850] free (_Block=0x3a7a9f8) [0256.851] malloc (_Size=0x1c704) returned 0x3a75390 [0256.851] free (_Block=0x3a60048) [0256.851] malloc (_Size=0x265c8) returned 0x3a91aa0 [0256.851] free (_Block=0x3a75390) [0256.851] malloc (_Size=0x33758) returned 0x31e4b18 [0256.852] free (_Block=0x3a91aa0) [0256.853] malloc (_Size=0x45104) returned 0x3a60048 [0256.854] free (_Block=0x31e4b18) [0256.855] malloc (_Size=0x5c874) returned 0x31e4b18 [0256.858] free (_Block=0x3a60048) [0256.859] malloc (_Size=0x7bac8) returned 0x3a60048 [0256.859] free (_Block=0x31e4b18) [0256.863] malloc (_Size=0xa5358) returned 0xa0b020 [0256.928] free (_Block=0x3a60048) [0256.930] VirtualAlloc (lpAddress=0x0, dwSize=0x90000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd40000 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.948] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] free (_Block=0x31e40b0) [0256.949] free (_Block=0x1d14e8) [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.949] GetCurrentThreadId () returned 0x1130 [0256.950] GetCurrentThreadId () returned 0x1130 [0256.950] GetCurrentThreadId () returned 0x1130 [0256.950] GetCurrentThreadId () returned 0x1130 [0256.951] free (_Block=0xa0b020) [0256.956] free (_Block=0x31e1dc0) [0256.956] free (_Block=0x1d7470) [0256.956] WriteFile (in: hFile=0x2b4, lpBuffer=0x7fd40018*, nNumberOfBytesToWrite=0x8eeef, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fd40018*, lpNumberOfBytesWritten=0x19fbbc*=0x8eeef, lpOverlapped=0x0) returned 1 [0256.970] free (_Block=0x31d7e10) [0256.970] free (_Block=0x1d1338) [0256.970] VirtualFree (lpAddress=0x7fd40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.973] VirtualFree (lpAddress=0x7fdd0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.975] VirtualFree (lpAddress=0x7fe40000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0256.975] CloseHandle (hObject=0x2b4) returned 1 [0256.975] CloseHandle (hObject=0x404) returned 1 [0256.976] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=8) returned 1 [0256.976] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=4) returned 1 [0256.976] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=8) returned 1 [0256.976] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=4) returned 1 [0256.976] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=8) returned 1 [0256.976] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=4) returned 1 [0256.976] SetLastError (dwErrCode=0x0) [0256.976] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", lpFilePart=0x19f9f8*="mirroring_hangouts.js") returned 0x8e [0256.976] GetLastError () returned 0x0 [0256.976] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=8) returned 1 [0256.976] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=4) returned 1 [0256.976] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=8) returned 1 [0256.976] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=4) returned 1 [0256.976] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0256.976] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js")) returned 1 [0257.153] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x21, wMilliseconds=0x78)) [0257.154] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0257.154] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0257.154] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0257.154] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0257.154] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0257.154] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0257.154] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0257.154] CloseHandle (hObject=0x404) returned 1 [0257.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[mirroring_hangouts.js]omgp:[ej;JB,FcBow)ib>\"3tjAXnxzkrHKF/`_c`~xl*!]", cchWideChar=74, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 74 [0257.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[mirroring_hangouts.js]omgp:[ej;JB,FcBow)ib>\"3tjAXnxzkrHKF/`_c`~xl*!]", cchWideChar=74, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 74 [0257.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[mirroring_hangouts.js]omgp:[ej;JB,FcBow)ib>\"3tjAXnxzkrHKF/`_c`~xl*!]", cchWideChar=74, lpMultiByteStr=0x252c708, cbMultiByte=74, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[mirroring_hangouts.js]omgp:[ej;JB,FcBow)ib>\"3tjAXnxzkrHKF/`_c`~xl*!]", lpUsedDefaultChar=0x0) returned 74 [0257.163] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0257.163] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk=") returned 172 [0257.163] GetCurrentThreadId () returned 0x1130 [0257.163] GetCurrentThreadId () returned 0x1130 [0257.163] GetCurrentThreadId () returned 0x1130 [0257.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0257.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0257.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0257.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0257.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0257.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0257.163] SetLastError (dwErrCode=0x0) [0257.163] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320") returned 0xc4 [0257.163] GetLastError () returned 0x0 [0257.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0257.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0257.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0257.163] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0257.164] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0257.164] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].wannacash ncov v310320")) returned 0x20 [0257.164] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\Файл зашифрован. Пиши. Почта clubnika@elude.in [664].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0257.164] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0257.164] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0257.164] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x8eeef [0257.164] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0257.164] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0257.165] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0257.165] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0257.165] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0257.165] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0257.165] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0257.165] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0257.165] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0257.165] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3") returned 197 [0257.165] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0257.165] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3") returned 197 [0257.165] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x8eeef [0257.165] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0257.165] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0257.166] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vT6vkIYnkWXYU/cOWKgaFvWohkGQG7wYAC5+O49fEJBkBSNlzcIenNkdAkSQjuE8B9KDqncv0yiEAPCHpR1mFQXWdlRLxLf6z0SkglkRfqdRmoL/YA0TBu+eZwkFEF3WIgFElFzmFlq8oTMLyGHhA3zR2KdI3yzzzxqgXUZCQwk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0257.166] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0257.166] CloseHandle (hObject=0x404) returned 1 [0257.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=8) returned 1 [0257.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=4) returned 1 [0257.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=8) returned 1 [0257.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=4) returned 1 [0257.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=8) returned 1 [0257.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=4) returned 1 [0257.166] SetLastError (dwErrCode=0x0) [0257.166] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", lpFilePart=0x19fa34*="mirroring_hangouts.js") returned 0x8e [0257.166] GetLastError () returned 0x0 [0257.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=8) returned 1 [0257.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=4) returned 1 [0257.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=8) returned 1 [0257.166] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js", cchCount2=4) returned 1 [0257.167] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0")) returned 0x10 [0257.167] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js")) returned 0 [0257.167] GetLastError () returned 0x2 [0257.167] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_hangouts.js")) returned 0xffffffff [0257.167] SetLastError (dwErrCode=0x2) [0257.167] GetLastError () returned 0x2 [0257.167] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0257.167] LocalFree (hMem=0x92fe20) returned 0x0 [0257.167] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0257.167] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0257.168] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_webrtc.js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\6117.717.0.0_0\\mirroring_webrtc.js")) returned 0x20 [0257.168] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35207456071) returned 1 [0257.168] GetCurrentThreadId () returned 0x1130 [0257.169] GetCurrentThreadId () returned 0x1130 [0257.169] GetCurrentThreadId () returned 0x1130 [0257.169] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6Y4<", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0259.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\":%)QT<_-XNJm6~r5x.#G%,/h-lcnc3\\4tljR5qu>Y4<", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0259.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\":%)QT<_-XNJm6~r5x.#G%,/h-lcnc3\\4tljR5qu>Y4<", cchWideChar=44, lpMultiByteStr=0x2525040, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\":%)QT<_-XNJm6~r5x.#G%,/h-lcnc3\\4tljR5qu>Y4<©PR\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 44 [0259.472] GetCurrentThreadId () returned 0x1130 [0259.472] GetCurrentThreadId () returned 0x1130 [0259.472] GetCurrentThreadId () returned 0x1130 [0259.472] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj364.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.472] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.473] GetCurrentThreadId () returned 0x1130 [0259.474] malloc (_Size=0x64) returned 0x1d1338 [0259.474] GetCurrentThreadId () returned 0x1130 [0259.474] GetCurrentThreadId () returned 0x1130 [0259.474] GetCurrentThreadId () returned 0x1130 [0259.474] GetCurrentThreadId () returned 0x1130 [0259.474] GetCurrentThreadId () returned 0x1130 [0259.474] GetCurrentThreadId () returned 0x1130 [0259.474] free (_Block=0x1d1338) [0259.474] malloc (_Size=0x60) returned 0x1d1338 [0259.474] free (_Block=0x1d1338) [0259.474] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.474] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1c4 [0259.474] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.474] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.474] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1c4 [0259.475] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.475] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x1c4, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x1c4, lpOverlapped=0x0) returned 1 [0259.476] malloc (_Size=0x8c) returned 0x1d1338 [0259.476] malloc (_Size=0xfc) returned 0x31d73c0 [0259.476] malloc (_Size=0x40) returned 0x1d14e8 [0259.476] GetCurrentThreadId () returned 0x1130 [0259.476] GetCurrentThreadId () returned 0x1130 [0259.476] GetCurrentThreadId () returned 0x1130 [0259.476] GetCurrentThreadId () returned 0x1130 [0259.476] GetCurrentThreadId () returned 0x1130 [0259.476] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] malloc (_Size=0xa5c) returned 0x31e40b0 [0259.477] malloc (_Size=0x40) returned 0x1d7470 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] GetCurrentThreadId () returned 0x1130 [0259.477] malloc (_Size=0xc) returned 0x31e1d18 [0259.477] malloc (_Size=0x364) returned 0x31e4b18 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] free (_Block=0x31e40b0) [0259.478] free (_Block=0x1d14e8) [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.478] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.479] GetCurrentThreadId () returned 0x1130 [0259.480] free (_Block=0x31e4b18) [0259.480] free (_Block=0x31e1d18) [0259.480] free (_Block=0x1d7470) [0259.480] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd9f8*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd9f8*, lpNumberOfBytesWritten=0x19fbbc*=0x28a, lpOverlapped=0x0) returned 1 [0259.481] free (_Block=0x31d73c0) [0259.481] free (_Block=0x1d1338) [0259.481] CloseHandle (hObject=0x2b4) returned 1 [0259.481] CloseHandle (hObject=0x404) returned 1 [0259.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=8) returned 1 [0259.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=4) returned 1 [0259.481] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=8) returned 1 [0259.482] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=4) returned 1 [0259.482] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=8) returned 1 [0259.482] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=4) returned 1 [0259.482] SetLastError (dwErrCode=0x0) [0259.482] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", lpFilePart=0x19f9f8*="9WZDNCRFJ364.dat") returned 0x51 [0259.482] GetLastError () returned 0x0 [0259.482] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=8) returned 1 [0259.482] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=4) returned 1 [0259.482] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=8) returned 1 [0259.482] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=4) returned 1 [0259.482] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.482] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj364.dat")) returned 1 [0259.484] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x23, wMilliseconds=0x1c2)) [0259.484] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0259.484] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.484] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0259.484] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0259.484] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0259.484] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0259.484] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0259.484] CloseHandle (hObject=0x404) returned 1 [0259.484] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ364.dat]omgp:[\":%)QT<_-XNJm6~r5x.#G%,/h-lcnc3\\4tljR5qu>Y4<]", cchWideChar=74, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 74 [0259.485] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ364.dat]omgp:[\":%)QT<_-XNJm6~r5x.#G%,/h-lcnc3\\4tljR5qu>Y4<]", cchWideChar=74, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 74 [0259.485] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ364.dat]omgp:[\":%)QT<_-XNJm6~r5x.#G%,/h-lcnc3\\4tljR5qu>Y4<]", cchWideChar=74, lpMultiByteStr=0x252c708, cbMultiByte=74, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[9WZDNCRFJ364.dat]omgp:[\":%)QT<_-XNJm6~r5x.#G%,/h-lcnc3\\4tljR5qu>Y4<]", lpUsedDefaultChar=0x0) returned 74 [0259.546] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0259.546] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI=") returned 172 [0259.546] GetCurrentThreadId () returned 0x1130 [0259.546] GetCurrentThreadId () returned 0x1130 [0259.547] GetCurrentThreadId () returned 0x1130 [0259.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.547] SetLastError (dwErrCode=0x0) [0259.547] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320") returned 0x8c [0259.547] GetLastError () returned 0x0 [0259.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.547] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.548] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].wannacash ncov v310320")) returned 0x20 [0259.548] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [700].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.548] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0259.548] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0259.548] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x28a [0259.548] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0259.548] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0259.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.548] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.549] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.549] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.549] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0259.549] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3") returned 197 [0259.549] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0259.549] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3") returned 197 [0259.549] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x28a [0259.549] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.549] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.549] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ejCSVjy0G66vo3K4DZIzQjlL344e4NXVAjMJY/1xk4UlmGzRnbBM0YwaDEqTp3ryVq4i4VkT7zq7AjdFufDKCUi//5Sb0S/j77ULf9MDu7I4QmHGt/oUP71hwdhI/NeAYxph2q22d1VQtCYQQJNAJBxFUT5oBzhbasufYBl9IwI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.549] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0259.549] CloseHandle (hObject=0x404) returned 1 [0259.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=8) returned 1 [0259.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=4) returned 1 [0259.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=8) returned 1 [0259.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=4) returned 1 [0259.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=8) returned 1 [0259.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=4) returned 1 [0259.550] SetLastError (dwErrCode=0x0) [0259.550] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", lpFilePart=0x19fa34*="9WZDNCRFJ364.dat") returned 0x51 [0259.550] GetLastError () returned 0x0 [0259.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=8) returned 1 [0259.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=4) returned 1 [0259.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=8) returned 1 [0259.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat", cchCount2=4) returned 1 [0259.550] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.550] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj364.dat")) returned 0 [0259.550] GetLastError () returned 0x2 [0259.550] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ364.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj364.dat")) returned 0xffffffff [0259.550] SetLastError (dwErrCode=0x2) [0259.551] GetLastError () returned 0x2 [0259.551] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0259.551] LocalFree (hMem=0x92fe20) returned 0x0 [0259.551] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0259.551] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0259.551] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3p2.dat")) returned 0x20 [0259.551] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35445756877) returned 1 [0259.551] GetCurrentThreadId () returned 0x1130 [0259.552] GetCurrentThreadId () returned 0x1130 [0259.552] GetCurrentThreadId () returned 0x1130 [0259.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pX**SgD(xTyV&zl\\}gM7wXO8qz8", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0259.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pX**SgD(xTyV&zl\\}gM7wXO8qz8", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0259.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pX**SgD(xTyV&zl\\}gM7wXO8qz8", cchWideChar=38, lpMultiByteStr=0x2524fd0, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pX**SgD(xTyV&zl\\}gM7wXO8qz8", lpUsedDefaultChar=0x0) returned 38 [0259.552] GetCurrentThreadId () returned 0x1130 [0259.552] GetCurrentThreadId () returned 0x1130 [0259.552] GetCurrentThreadId () returned 0x1130 [0259.552] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3p2.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.552] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] GetCurrentThreadId () returned 0x1130 [0259.556] malloc (_Size=0x64) returned 0x1d1338 [0259.557] GetCurrentThreadId () returned 0x1130 [0259.557] GetCurrentThreadId () returned 0x1130 [0259.557] GetCurrentThreadId () returned 0x1130 [0259.557] GetCurrentThreadId () returned 0x1130 [0259.557] GetCurrentThreadId () returned 0x1130 [0259.557] GetCurrentThreadId () returned 0x1130 [0259.557] free (_Block=0x1d1338) [0259.557] malloc (_Size=0x60) returned 0x1d1338 [0259.557] free (_Block=0x1d1338) [0259.557] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.557] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1c5 [0259.557] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.557] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.557] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1c5 [0259.557] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.558] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x1c5, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x1c5, lpOverlapped=0x0) returned 1 [0259.559] malloc (_Size=0x8c) returned 0x1d1338 [0259.559] malloc (_Size=0xfc) returned 0x31d79f0 [0259.559] malloc (_Size=0x40) returned 0x1d14e8 [0259.559] GetCurrentThreadId () returned 0x1130 [0259.559] GetCurrentThreadId () returned 0x1130 [0259.559] GetCurrentThreadId () returned 0x1130 [0259.559] GetCurrentThreadId () returned 0x1130 [0259.559] GetCurrentThreadId () returned 0x1130 [0259.559] GetCurrentThreadId () returned 0x1130 [0259.559] GetCurrentThreadId () returned 0x1130 [0259.573] GetCurrentThreadId () returned 0x1130 [0259.573] GetCurrentThreadId () returned 0x1130 [0259.573] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] malloc (_Size=0xa5c) returned 0x31e40b0 [0259.574] malloc (_Size=0x40) returned 0x1d7470 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] malloc (_Size=0xc) returned 0x31e1e68 [0259.574] malloc (_Size=0x364) returned 0x31e4b18 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.574] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] free (_Block=0x31e40b0) [0259.575] free (_Block=0x1d14e8) [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.575] GetCurrentThreadId () returned 0x1130 [0259.576] GetCurrentThreadId () returned 0x1130 [0259.576] GetCurrentThreadId () returned 0x1130 [0259.576] GetCurrentThreadId () returned 0x1130 [0259.576] GetCurrentThreadId () returned 0x1130 [0259.576] GetCurrentThreadId () returned 0x1130 [0259.576] GetCurrentThreadId () returned 0x1130 [0259.576] GetCurrentThreadId () returned 0x1130 [0259.576] GetCurrentThreadId () returned 0x1130 [0259.576] GetCurrentThreadId () returned 0x1130 [0259.576] GetCurrentThreadId () returned 0x1130 [0259.576] free (_Block=0x31e4b18) [0259.576] free (_Block=0x31e1e68) [0259.576] free (_Block=0x1d7470) [0259.576] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd9f8*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd9f8*, lpNumberOfBytesWritten=0x19fbbc*=0x28a, lpOverlapped=0x0) returned 1 [0259.578] free (_Block=0x31d79f0) [0259.578] free (_Block=0x1d1338) [0259.578] CloseHandle (hObject=0x2b4) returned 1 [0259.578] CloseHandle (hObject=0x404) returned 1 [0259.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=8) returned 1 [0259.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=4) returned 1 [0259.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=8) returned 1 [0259.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=4) returned 1 [0259.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=8) returned 1 [0259.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=4) returned 1 [0259.578] SetLastError (dwErrCode=0x0) [0259.578] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", lpFilePart=0x19f9f8*="9WZDNCRFJ3P2.dat") returned 0x51 [0259.578] GetLastError () returned 0x0 [0259.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=8) returned 1 [0259.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=4) returned 1 [0259.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=8) returned 1 [0259.578] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=4) returned 1 [0259.579] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.579] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3p2.dat")) returned 1 [0259.580] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x23, wMilliseconds=0x220)) [0259.580] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0259.580] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.580] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0259.581] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0259.581] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0259.581] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0259.581] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0259.581] CloseHandle (hObject=0x404) returned 1 [0259.581] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3P2.dat]omgp:[pX**SgD(xTyV&zl\\}gM7wXO8qz8]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0259.581] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3P2.dat]omgp:[pX**SgD(xTyV&zl\\}gM7wXO8qz8]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0259.581] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3P2.dat]omgp:[pX**SgD(xTyV&zl\\}gM7wXO8qz8]", cchWideChar=68, lpMultiByteStr=0x2541d78, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[9WZDNCRFJ3P2.dat]omgp:[pX**SgD(xTyV&zl\\}gM7wXO8qz8]", lpUsedDefaultChar=0x0) returned 68 [0259.643] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0259.643] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ=") returned 172 [0259.643] GetCurrentThreadId () returned 0x1130 [0259.643] GetCurrentThreadId () returned 0x1130 [0259.643] GetCurrentThreadId () returned 0x1130 [0259.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.643] SetLastError (dwErrCode=0x0) [0259.643] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320") returned 0x8c [0259.643] GetLastError () returned 0x0 [0259.644] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.644] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.644] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.644] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.644] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.644] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].wannacash ncov v310320")) returned 0x20 [0259.644] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [701].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.644] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0259.644] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0259.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x28a [0259.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0259.645] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0259.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.645] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.645] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.645] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.645] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0259.645] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3") returned 197 [0259.645] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0259.645] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3") returned 197 [0259.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x28a [0259.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.645] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:0viZZNfDu85FPPHTtFw3R7AbLphwJH8VVZ4AWDPBbDmOfhGJOWtkRp+yfvShFavaZOuHBjdQ3MWYqY5NNOh5EhaFlATcYgr70L/iKZVs/Ya6Ew1rZa6kLV9SteoExDc+hsqvnFQ3aaiqBgX1DTtG4r8+Zqu3xP6o+6PyRAhA8QQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.645] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0259.646] CloseHandle (hObject=0x404) returned 1 [0259.646] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=8) returned 1 [0259.646] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=4) returned 1 [0259.646] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=8) returned 1 [0259.646] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=4) returned 1 [0259.646] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=8) returned 1 [0259.646] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=4) returned 1 [0259.646] SetLastError (dwErrCode=0x0) [0259.646] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", lpFilePart=0x19fa34*="9WZDNCRFJ3P2.dat") returned 0x51 [0259.646] GetLastError () returned 0x0 [0259.646] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=8) returned 1 [0259.646] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=4) returned 1 [0259.646] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=8) returned 1 [0259.646] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat", cchCount2=4) returned 1 [0259.646] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.647] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3p2.dat")) returned 0 [0259.647] GetLastError () returned 0x2 [0259.647] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3P2.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3p2.dat")) returned 0xffffffff [0259.647] SetLastError (dwErrCode=0x2) [0259.647] GetLastError () returned 0x2 [0259.647] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0259.647] LocalFree (hMem=0x92fe20) returned 0x0 [0259.647] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0259.647] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0259.648] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pm.dat")) returned 0x20 [0259.648] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35455397529) returned 1 [0259.648] GetCurrentThreadId () returned 0x1130 [0259.648] GetCurrentThreadId () returned 0x1130 [0259.648] GetCurrentThreadId () returned 0x1130 [0259.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":\\/e_:(ao-sEJGmr@Nz^_`ZJ~Ps*Lxc№mfUgdspEXaO", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0259.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":\\/e_:(ao-sEJGmr@Nz^_`ZJ~Ps*Lxc№mfUgdspEXaO", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0259.648] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":\\/e_:(ao-sEJGmr@Nz^_`ZJ~Ps*Lxc№mfUgdspEXaO", cchWideChar=43, lpMultiByteStr=0x25337d8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=":\\/e_:(ao-sEJGmr@Nz^_`ZJ~Ps*Lxcâ\x84\x96mfUgdspEXaO", lpUsedDefaultChar=0x0) returned 45 [0259.648] GetCurrentThreadId () returned 0x1130 [0259.648] GetCurrentThreadId () returned 0x1130 [0259.648] GetCurrentThreadId () returned 0x1130 [0259.648] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pm.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.648] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] GetCurrentThreadId () returned 0x1130 [0259.649] malloc (_Size=0x64) returned 0x1d1338 [0259.650] GetCurrentThreadId () returned 0x1130 [0259.650] GetCurrentThreadId () returned 0x1130 [0259.650] GetCurrentThreadId () returned 0x1130 [0259.650] GetCurrentThreadId () returned 0x1130 [0259.650] GetCurrentThreadId () returned 0x1130 [0259.650] GetCurrentThreadId () returned 0x1130 [0259.650] free (_Block=0x1d1338) [0259.650] malloc (_Size=0x60) returned 0x1d1338 [0259.650] free (_Block=0x1d1338) [0259.650] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.650] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1c8 [0259.650] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.650] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.650] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1c8 [0259.651] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.651] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x1c8, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x1c8, lpOverlapped=0x0) returned 1 [0259.652] malloc (_Size=0x8c) returned 0x1d1338 [0259.652] malloc (_Size=0xfc) returned 0x31d76d8 [0259.652] malloc (_Size=0x40) returned 0x1d14e8 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] malloc (_Size=0xa5c) returned 0x31e40b0 [0259.652] malloc (_Size=0x40) returned 0x1d7470 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.652] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] malloc (_Size=0xc) returned 0x31e1df0 [0259.653] malloc (_Size=0x364) returned 0x31e4b18 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.653] GetCurrentThreadId () returned 0x1130 [0259.654] free (_Block=0x31e40b0) [0259.654] free (_Block=0x1d14e8) [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] GetCurrentThreadId () returned 0x1130 [0259.654] free (_Block=0x31e4b18) [0259.654] free (_Block=0x31e1df0) [0259.654] free (_Block=0x1d7470) [0259.654] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd9f8*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd9f8*, lpNumberOfBytesWritten=0x19fbbc*=0x28a, lpOverlapped=0x0) returned 1 [0259.656] free (_Block=0x31d76d8) [0259.656] free (_Block=0x1d1338) [0259.656] CloseHandle (hObject=0x2b4) returned 1 [0259.656] CloseHandle (hObject=0x404) returned 1 [0259.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=8) returned 1 [0259.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=4) returned 1 [0259.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=8) returned 1 [0259.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=4) returned 1 [0259.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=8) returned 1 [0259.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=4) returned 1 [0259.656] SetLastError (dwErrCode=0x0) [0259.656] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", lpFilePart=0x19f9f8*="9WZDNCRFJ3PM.dat") returned 0x51 [0259.657] GetLastError () returned 0x0 [0259.657] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=8) returned 1 [0259.657] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=4) returned 1 [0259.657] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=8) returned 1 [0259.657] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=4) returned 1 [0259.657] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.657] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pm.dat")) returned 1 [0259.658] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x23, wMilliseconds=0x26c)) [0259.658] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0259.658] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.658] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0259.659] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0259.659] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0259.659] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0259.659] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0259.659] CloseHandle (hObject=0x404) returned 1 [0259.659] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3PM.dat]omgp:[:\\/e_:(ao-sEJGmr@Nz^_`ZJ~Ps*Lxc№mfUgdspEXaO]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0259.659] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3PM.dat]omgp:[:\\/e_:(ao-sEJGmr@Nz^_`ZJ~Ps*Lxc№mfUgdspEXaO]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0259.659] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3PM.dat]omgp:[:\\/e_:(ao-sEJGmr@Nz^_`ZJ~Ps*Lxc№mfUgdspEXaO]", cchWideChar=73, lpMultiByteStr=0x252c708, cbMultiByte=73, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[9WZDNCRFJ3PM.dat]omgp:[:\\/e_:(ao-sEJGmr@Nz^_`ZJ~Ps*Lxc?mfUgdspEXaO]", lpUsedDefaultChar=0x0) returned 73 [0259.668] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0259.668] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE=") returned 172 [0259.668] GetCurrentThreadId () returned 0x1130 [0259.668] GetCurrentThreadId () returned 0x1130 [0259.668] GetCurrentThreadId () returned 0x1130 [0259.668] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.668] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.668] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.668] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.668] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.668] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.668] SetLastError (dwErrCode=0x0) [0259.668] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320") returned 0x8c [0259.668] GetLastError () returned 0x0 [0259.668] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.669] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.669] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.669] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.669] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.669] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].wannacash ncov v310320")) returned 0x20 [0259.669] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [702].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.669] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0259.669] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0259.669] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x28a [0259.669] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0259.670] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0259.670] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.670] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.670] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.670] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.670] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0259.670] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3") returned 197 [0259.670] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0259.670] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3") returned 197 [0259.670] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x28a [0259.670] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.670] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.670] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:8qmtDZEirrNKw8W2HtEJ8CIjZp1ocxbMPiNHAUILLDXNVnRPhJKhbL7OVjl+ef0bst/Cxppx0k7TiJaV9SPwlkRv41+8XEe/UC+yOznrkjv89uxYx9rMXaeLa1ndsPPgiMaUFcVmkxxenChcbduzNRO3QLTBb2NC8+6OlSwVtQE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.670] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0259.670] CloseHandle (hObject=0x404) returned 1 [0259.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=8) returned 1 [0259.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=4) returned 1 [0259.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=8) returned 1 [0259.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=4) returned 1 [0259.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=8) returned 1 [0259.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=4) returned 1 [0259.671] SetLastError (dwErrCode=0x0) [0259.671] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", lpFilePart=0x19fa34*="9WZDNCRFJ3PM.dat") returned 0x51 [0259.671] GetLastError () returned 0x0 [0259.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=8) returned 1 [0259.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=4) returned 1 [0259.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=8) returned 1 [0259.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat", cchCount2=4) returned 1 [0259.671] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.671] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pm.dat")) returned 0 [0259.671] GetLastError () returned 0x2 [0259.671] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PM.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pm.dat")) returned 0xffffffff [0259.672] SetLastError (dwErrCode=0x2) [0259.672] GetLastError () returned 0x2 [0259.672] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0259.672] LocalFree (hMem=0x92fe20) returned 0x0 [0259.672] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0259.672] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0259.672] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pr.dat")) returned 0x20 [0259.673] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35458002787) returned 1 [0259.674] GetCurrentThreadId () returned 0x1130 [0259.674] GetCurrentThreadId () returned 0x1130 [0259.674] GetCurrentThreadId () returned 0x1130 [0259.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="|$#YKyj-uMQvGDC?O\\*F9e{jB{uAi_l/qeinp", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0259.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="|$#YKyj-uMQvGDC?O\\*F9e{jB{uAi_l/qeinp", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0259.674] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="|$#YKyj-uMQvGDC?O\\*F9e{jB{uAi_l/qeinp", cchWideChar=37, lpMultiByteStr=0x2524fd0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="|$#YKyj-uMQvGDC?O\\*F9e{jB{uAi_l/qeinp", lpUsedDefaultChar=0x0) returned 37 [0259.674] GetCurrentThreadId () returned 0x1130 [0259.674] GetCurrentThreadId () returned 0x1130 [0259.674] GetCurrentThreadId () returned 0x1130 [0259.674] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pr.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.675] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0259.675] GetCurrentThreadId () returned 0x1130 [0259.675] GetCurrentThreadId () returned 0x1130 [0259.675] GetCurrentThreadId () returned 0x1130 [0259.675] GetCurrentThreadId () returned 0x1130 [0259.675] GetCurrentThreadId () returned 0x1130 [0259.675] GetCurrentThreadId () returned 0x1130 [0259.675] GetCurrentThreadId () returned 0x1130 [0259.675] GetCurrentThreadId () returned 0x1130 [0259.675] GetCurrentThreadId () returned 0x1130 [0259.675] GetCurrentThreadId () returned 0x1130 [0259.675] GetCurrentThreadId () returned 0x1130 [0259.676] GetCurrentThreadId () returned 0x1130 [0259.676] GetCurrentThreadId () returned 0x1130 [0259.676] malloc (_Size=0x64) returned 0x1d1338 [0259.676] GetCurrentThreadId () returned 0x1130 [0259.676] GetCurrentThreadId () returned 0x1130 [0259.676] GetCurrentThreadId () returned 0x1130 [0259.676] GetCurrentThreadId () returned 0x1130 [0259.676] GetCurrentThreadId () returned 0x1130 [0259.676] GetCurrentThreadId () returned 0x1130 [0259.676] free (_Block=0x1d1338) [0259.676] malloc (_Size=0x60) returned 0x1d1338 [0259.676] free (_Block=0x1d1338) [0259.676] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.676] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1c9 [0259.676] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.676] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1c9 [0259.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.677] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x1c9, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x1c9, lpOverlapped=0x0) returned 1 [0259.719] malloc (_Size=0x8c) returned 0x1d1338 [0259.720] malloc (_Size=0xfc) returned 0x31d71b0 [0259.720] malloc (_Size=0x40) returned 0x1d14e8 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] malloc (_Size=0xa5c) returned 0x31e40b0 [0259.720] malloc (_Size=0x40) returned 0x1d7470 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.720] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] malloc (_Size=0xc) returned 0x31e1dc0 [0259.721] malloc (_Size=0x364) returned 0x31e4b18 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.721] GetCurrentThreadId () returned 0x1130 [0259.722] free (_Block=0x31e40b0) [0259.722] free (_Block=0x1d14e8) [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] GetCurrentThreadId () returned 0x1130 [0259.722] free (_Block=0x31e4b18) [0259.722] free (_Block=0x31e1dc0) [0259.722] free (_Block=0x1d7470) [0259.722] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd9f8*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd9f8*, lpNumberOfBytesWritten=0x19fbbc*=0x28a, lpOverlapped=0x0) returned 1 [0259.724] free (_Block=0x31d71b0) [0259.724] free (_Block=0x1d1338) [0259.724] CloseHandle (hObject=0x2b4) returned 1 [0259.724] CloseHandle (hObject=0x404) returned 1 [0259.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=8) returned 1 [0259.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=4) returned 1 [0259.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=8) returned 1 [0259.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=4) returned 1 [0259.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=8) returned 1 [0259.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=4) returned 1 [0259.725] SetLastError (dwErrCode=0x0) [0259.725] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", lpFilePart=0x19f9f8*="9WZDNCRFJ3PR.dat") returned 0x51 [0259.725] GetLastError () returned 0x0 [0259.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=8) returned 1 [0259.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=4) returned 1 [0259.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=8) returned 1 [0259.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=4) returned 1 [0259.725] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.725] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pr.dat")) returned 1 [0259.726] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x23, wMilliseconds=0x2aa)) [0259.726] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0259.727] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.727] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0259.727] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0259.727] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0259.727] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0259.727] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0259.727] CloseHandle (hObject=0x404) returned 1 [0259.727] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3PR.dat]omgp:[|$#YKyj-uMQvGDC?O\\*F9e{jB{uAi_l/qeinp]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0259.727] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3PR.dat]omgp:[|$#YKyj-uMQvGDC?O\\*F9e{jB{uAi_l/qeinp]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0259.730] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3PR.dat]omgp:[|$#YKyj-uMQvGDC?O\\*F9e{jB{uAi_l/qeinp]", cchWideChar=67, lpMultiByteStr=0x2541d78, cbMultiByte=67, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[9WZDNCRFJ3PR.dat]omgp:[|$#YKyj-uMQvGDC?O\\*F9e{jB{uAi_l/qeinp]", lpUsedDefaultChar=0x0) returned 67 [0259.738] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0259.738] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8=") returned 172 [0259.738] GetCurrentThreadId () returned 0x1130 [0259.738] GetCurrentThreadId () returned 0x1130 [0259.738] GetCurrentThreadId () returned 0x1130 [0259.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.739] SetLastError (dwErrCode=0x0) [0259.739] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320") returned 0x8c [0259.739] GetLastError () returned 0x0 [0259.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.739] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.739] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.739] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].wannacash ncov v310320")) returned 0x20 [0259.739] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [703].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.740] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0259.740] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0259.740] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x28a [0259.740] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0259.740] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0259.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.740] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.740] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0259.740] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3") returned 197 [0259.740] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0259.740] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3") returned 197 [0259.741] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x28a [0259.741] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.741] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.741] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:as+o9D46jqGVKNK+Ijj52QKCMFrHDgbJJyR7HDknJUC3s9RWkEIUftJKyS/6pKNTm4VG78eF48p7SeIN++k0Hh0uX/f8vzYK47J1YbhQGUq25kGE3i++rFslZlwGjGGNpqIYwGv0goTbtdhJPxXL67MHwHBtOuTz8c7i5ScCZB8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.741] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0259.741] CloseHandle (hObject=0x404) returned 1 [0259.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=8) returned 1 [0259.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=4) returned 1 [0259.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=8) returned 1 [0259.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=4) returned 1 [0259.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=8) returned 1 [0259.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=4) returned 1 [0259.741] SetLastError (dwErrCode=0x0) [0259.741] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", lpFilePart=0x19fa34*="9WZDNCRFJ3PR.dat") returned 0x51 [0259.741] GetLastError () returned 0x0 [0259.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=8) returned 1 [0259.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=4) returned 1 [0259.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=8) returned 1 [0259.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat", cchCount2=4) returned 1 [0259.742] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.742] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pr.dat")) returned 0 [0259.742] GetLastError () returned 0x2 [0259.742] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PR.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pr.dat")) returned 0xffffffff [0259.742] SetLastError (dwErrCode=0x2) [0259.742] GetLastError () returned 0x2 [0259.742] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0259.742] LocalFree (hMem=0x92fe20) returned 0x0 [0259.742] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0259.743] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0259.743] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pt.dat")) returned 0x20 [0259.744] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35464975857) returned 1 [0259.744] GetCurrentThreadId () returned 0x1130 [0259.744] GetCurrentThreadId () returned 0x1130 [0259.744] GetCurrentThreadId () returned 0x1130 [0259.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PS(^QDq(J_+M#a\\7bOLpP`O}tf7}cO16_@", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0259.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PS(^QDq(J_+M#a\\7bOLpP`O}tf7}cO16_@", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0259.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PS(^QDq(J_+M#a\\7bOLpP`O}tf7}cO16_@", cchWideChar=34, lpMultiByteStr=0x250f7e8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PS(^QDq(J_+M#a\\7bOLpP`O}tf7}cO16_@", lpUsedDefaultChar=0x0) returned 34 [0259.744] GetCurrentThreadId () returned 0x1130 [0259.744] GetCurrentThreadId () returned 0x1130 [0259.744] GetCurrentThreadId () returned 0x1130 [0259.744] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pt.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.744] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] GetCurrentThreadId () returned 0x1130 [0259.745] malloc (_Size=0x64) returned 0x1d1338 [0259.746] GetCurrentThreadId () returned 0x1130 [0259.746] GetCurrentThreadId () returned 0x1130 [0259.746] GetCurrentThreadId () returned 0x1130 [0259.746] GetCurrentThreadId () returned 0x1130 [0259.746] GetCurrentThreadId () returned 0x1130 [0259.746] GetCurrentThreadId () returned 0x1130 [0259.746] free (_Block=0x1d1338) [0259.746] malloc (_Size=0x60) returned 0x1d1338 [0259.746] free (_Block=0x1d1338) [0259.746] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.746] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1c5 [0259.746] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.746] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.746] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1c5 [0259.746] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0259.746] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x1c5, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x1c5, lpOverlapped=0x0) returned 1 [0259.748] malloc (_Size=0x8c) returned 0x1d1338 [0259.748] malloc (_Size=0xfc) returned 0x31d77e0 [0259.748] malloc (_Size=0x40) returned 0x1d14e8 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.748] malloc (_Size=0xa5c) returned 0x31e40b0 [0259.748] malloc (_Size=0x40) returned 0x1d7470 [0259.748] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] malloc (_Size=0xc) returned 0x31e1ec8 [0259.749] malloc (_Size=0x364) returned 0x31e4b18 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.749] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] free (_Block=0x31e40b0) [0259.750] free (_Block=0x1d14e8) [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.750] GetCurrentThreadId () returned 0x1130 [0259.751] free (_Block=0x31e4b18) [0259.751] free (_Block=0x31e1ec8) [0259.751] free (_Block=0x1d7470) [0259.751] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd9f8*, nNumberOfBytesToWrite=0x28a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd9f8*, lpNumberOfBytesWritten=0x19fbbc*=0x28a, lpOverlapped=0x0) returned 1 [0259.752] free (_Block=0x31d77e0) [0259.752] free (_Block=0x1d1338) [0259.752] CloseHandle (hObject=0x2b4) returned 1 [0259.752] CloseHandle (hObject=0x404) returned 1 [0259.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=8) returned 1 [0259.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=4) returned 1 [0259.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=8) returned 1 [0259.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=4) returned 1 [0259.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=8) returned 1 [0259.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=4) returned 1 [0259.753] SetLastError (dwErrCode=0x0) [0259.753] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", lpFilePart=0x19f9f8*="9WZDNCRFJ3PT.dat") returned 0x51 [0259.753] GetLastError () returned 0x0 [0259.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=8) returned 1 [0259.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=4) returned 1 [0259.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=8) returned 1 [0259.753] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=4) returned 1 [0259.753] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.753] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pt.dat")) returned 1 [0259.755] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x23, wMilliseconds=0x2ca)) [0259.755] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0259.755] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.755] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0259.755] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0259.755] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0259.755] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0259.755] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0259.755] CloseHandle (hObject=0x404) returned 1 [0259.755] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3PT.dat]omgp:[PS(^QDq(J_+M#a\\7bOLpP`O}tf7}cO16_@]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0259.755] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3PT.dat]omgp:[PS(^QDq(J_+M#a\\7bOLpP`O}tf7}cO16_@]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0259.755] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9WZDNCRFJ3PT.dat]omgp:[PS(^QDq(J_+M#a\\7bOLpP`O}tf7}cO16_@]", cchWideChar=64, lpMultiByteStr=0x2541d78, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[9WZDNCRFJ3PT.dat]omgp:[PS(^QDq(J_+M#a\\7bOLpP`O}tf7}cO16_@]1", lpUsedDefaultChar=0x0) returned 64 [0259.818] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0259.819] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs=") returned 172 [0259.819] GetCurrentThreadId () returned 0x1130 [0259.819] GetCurrentThreadId () returned 0x1130 [0259.819] GetCurrentThreadId () returned 0x1130 [0259.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.819] SetLastError (dwErrCode=0x0) [0259.819] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320") returned 0x8c [0259.819] GetLastError () returned 0x0 [0259.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0259.819] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0259.819] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.820] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].wannacash ncov v310320")) returned 0x20 [0259.820] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\Файл зашифрован. Пиши. Почта clubnika@elude.in [704].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0259.820] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0259.820] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0259.820] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x28a [0259.820] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0259.820] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0259.820] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.820] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.820] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.820] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.821] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.821] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.821] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0259.821] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3") returned 197 [0259.821] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0259.821] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3") returned 197 [0259.821] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x28a [0259.821] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.821] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0259.821] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hG8lhCiyvjkz0XkwjDjObi0JTHtThyIh0GsECqHOFII+O+5BzH2CIj0CrHPzGyx4+FVXAosvIw22f7T6XeIWPcDQgf6hAyj7/qv4ayL0/f4GOaPb8X1uR2SVP6XwHpPEcCGXerwhidLG77tjkdahXdOyOKHyq5BuT+QzJz/avDs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0259.822] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0259.822] CloseHandle (hObject=0x404) returned 1 [0259.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=8) returned 1 [0259.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=4) returned 1 [0259.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=8) returned 1 [0259.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=4) returned 1 [0259.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=8) returned 1 [0259.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=4) returned 1 [0259.822] SetLastError (dwErrCode=0x0) [0259.822] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", lpFilePart=0x19fa34*="9WZDNCRFJ3PT.dat") returned 0x51 [0259.822] GetLastError () returned 0x0 [0259.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=8) returned 1 [0259.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=4) returned 1 [0259.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=8) returned 1 [0259.822] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat", cchCount2=4) returned 1 [0259.823] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints")) returned 0x10 [0259.823] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pt.dat")) returned 0 [0259.823] GetLastError () returned 0x2 [0259.823] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3PT.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3pt.dat")) returned 0xffffffff [0259.823] SetLastError (dwErrCode=0x2) [0259.823] GetLastError () returned 0x2 [0259.823] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0259.823] LocalFree (hMem=0x92fe20) returned 0x0 [0259.823] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0259.823] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0259.824] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\InstallAgent\\Checkpoints\\9WZDNCRFJ3Q2.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\installagent\\checkpoints\\9wzdncrfj3q2.dat")) returned 0x20 [0259.824] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35473000027) returned 1 [0259.824] GetCurrentThreadId () returned 0x1130 [0259.824] GetCurrentThreadId () returned 0x1130 [0259.824] GetCurrentThreadId () returned 0x1130 [0259.824] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="LFQ9$DV@flDO>MS};On=Ch_?XBKNZ\"`<}qq}f", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0263.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pGErce\"TCh_?XBKNZ\"`<}qq}f", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0263.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pGErce\"TCh_?XBKNZ\"`<}qq}f", cchWideChar=35, lpMultiByteStr=0x250f7e8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pGErce\"TCh_?XBKNZ\"`<}qq}f", lpUsedDefaultChar=0x0) returned 35 [0263.469] GetCurrentThreadId () returned 0x1130 [0263.469] GetCurrentThreadId () returned 0x1130 [0263.469] GetCurrentThreadId () returned 0x1130 [0263.469] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (1) - 3576 - excel.exe - otele.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.469] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0263.470] GetCurrentThreadId () returned 0x1130 [0263.470] GetCurrentThreadId () returned 0x1130 [0263.470] GetCurrentThreadId () returned 0x1130 [0263.470] GetCurrentThreadId () returned 0x1130 [0263.470] GetCurrentThreadId () returned 0x1130 [0263.470] GetCurrentThreadId () returned 0x1130 [0263.470] GetCurrentThreadId () returned 0x1130 [0263.470] GetCurrentThreadId () returned 0x1130 [0263.470] GetCurrentThreadId () returned 0x1130 [0263.470] GetCurrentThreadId () returned 0x1130 [0263.471] GetCurrentThreadId () returned 0x1130 [0263.471] GetCurrentThreadId () returned 0x1130 [0263.471] GetCurrentThreadId () returned 0x1130 [0263.471] malloc (_Size=0x64) returned 0x1d1338 [0263.471] GetCurrentThreadId () returned 0x1130 [0263.471] GetCurrentThreadId () returned 0x1130 [0263.471] GetCurrentThreadId () returned 0x1130 [0263.471] GetCurrentThreadId () returned 0x1130 [0263.471] GetCurrentThreadId () returned 0x1130 [0263.471] GetCurrentThreadId () returned 0x1130 [0263.471] free (_Block=0x1d1338) [0263.471] malloc (_Size=0x60) returned 0x1d1338 [0263.471] free (_Block=0x1d1338) [0263.471] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.471] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x117 [0263.471] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.472] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.472] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x117 [0263.472] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.472] ReadFile (in: hFile=0x404, lpBuffer=0x24a0678, nNumberOfBytesToRead=0x117, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24a0678*, lpNumberOfBytesRead=0x19fbc8*=0x117, lpOverlapped=0x0) returned 1 [0263.473] malloc (_Size=0x8c) returned 0x1d1338 [0263.473] malloc (_Size=0xfc) returned 0x31d71b0 [0263.473] malloc (_Size=0x40) returned 0x1d14e8 [0263.473] GetCurrentThreadId () returned 0x1130 [0263.473] GetCurrentThreadId () returned 0x1130 [0263.473] GetCurrentThreadId () returned 0x1130 [0263.473] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] malloc (_Size=0xa5c) returned 0x31e40b0 [0263.474] malloc (_Size=0x40) returned 0x1d7470 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] GetCurrentThreadId () returned 0x1130 [0263.474] malloc (_Size=0xc) returned 0x31e1dc0 [0263.475] malloc (_Size=0x20c) returned 0x31e4b18 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] free (_Block=0x31e40b0) [0263.475] free (_Block=0x1d14e8) [0263.475] GetCurrentThreadId () returned 0x1130 [0263.475] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] GetCurrentThreadId () returned 0x1130 [0263.476] free (_Block=0x31e4b18) [0263.476] free (_Block=0x31e1dc0) [0263.476] free (_Block=0x1d7470) [0263.476] WriteFile (in: hFile=0x2b4, lpBuffer=0x24362f8*, nNumberOfBytesToWrite=0x19f, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesWritten=0x19fbbc*=0x19f, lpOverlapped=0x0) returned 1 [0263.477] free (_Block=0x31d71b0) [0263.477] free (_Block=0x1d1338) [0263.477] CloseHandle (hObject=0x2b4) returned 1 [0263.477] CloseHandle (hObject=0x404) returned 1 [0263.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.477] SetLastError (dwErrCode=0x0) [0263.477] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", lpFilePart=0x19f9f8*="{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat") returned 0x7e [0263.477] GetLastError () returned 0x0 [0263.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.478] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.478] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.478] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (1) - 3576 - excel.exe - otele.dat")) returned 1 [0263.479] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x27, wMilliseconds=0x1b3)) [0263.479] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0263.480] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0263.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0263.480] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.480] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0263.480] CloseHandle (hObject=0x404) returned 1 [0263.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat]omgp:[pGErce\"TCh_?XBKNZ\"`<}qq}f]", cchWideChar=122, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 122 [0263.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat]omgp:[pGErce\"TCh_?XBKNZ\"`<}qq}f]", cchWideChar=122, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 122 [0263.481] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat]omgp:[pGErce\"TCh_?XBKNZ\"`<}qq}f]", cchWideChar=122, lpMultiByteStr=0x24d56f8, cbMultiByte=122, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat]omgp:[pGErce\"TCh_?XBKNZ\"`<}qq}f]", lpUsedDefaultChar=0x0) returned 122 [0263.547] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e2b8, cbMultiByte=344, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 344 [0263.547] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e2b8, cbMultiByte=344, lpWideCharStr=0x39b6aac, cchWideChar=344 | out: lpWideCharStr="9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw==") returned 344 [0263.547] GetCurrentThreadId () returned 0x1130 [0263.547] GetCurrentThreadId () returned 0x1130 [0263.547] GetCurrentThreadId () returned 0x1130 [0263.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.547] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.548] SetLastError (dwErrCode=0x0) [0263.548] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320") returned 0x80 [0263.548] GetLastError () returned 0x0 [0263.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.548] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.548] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].wannacash ncov v310320")) returned 0x20 [0263.548] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [745].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.549] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0263.549] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0263.549] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x19f [0263.549] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0263.549] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0263.549] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.549] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.549] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.549] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.549] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.549] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e438, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.549] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0263.549] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x39bf1fc, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3") returned 369 [0263.549] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e438, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0263.549] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e438, cbMultiByte=369, lpWideCharStr=0x39bf83c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3") returned 369 [0263.550] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x19f [0263.550] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.550] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.550] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:9nGrIZ+XcSeNeTpy87K6Kd+Yre8ca1yAuyoJx7ZzwbzvIyiP2J6izWcAqMmE/8dov5cl9lLHMn9wKMuQYPmglxMC9Rn4R0/QDoLat8qFyiQDJ7uGEgOEzELn+DwrTaDaiHJGuO44dQt0SQLKerqd2PUgpkdp5J57cVcOKqJKaIrytaPkM2Cx5OiCwFakGgxxComm5QK3eY94cudYgzfcfKAva8fc27YSLVNQ7P6l/n3AsXR1nLMRLfxrmBxiS0f9KdJVdj4DoxgeZPbA8Rg6OhhKNxoOAbJDB9d/DUMIKpuHiDq332zCWzStQ/C2vSSxabZdMJ3Suv/CEjsH2Kt4Aw== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.550] WriteFile (in: hFile=0x404, lpBuffer=0x248e5b8*, nNumberOfBytesToWrite=0x171, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x248e5b8*, lpNumberOfBytesWritten=0x19fc04*=0x171, lpOverlapped=0x0) returned 1 [0263.566] CloseHandle (hObject=0x404) returned 1 [0263.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.566] SetLastError (dwErrCode=0x0) [0263.566] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", lpFilePart=0x19fa34*="{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat") returned 0x7e [0263.566] GetLastError () returned 0x0 [0263.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.566] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.566] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.567] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (1) - 3576 - excel.exe - otele.dat")) returned 0 [0263.567] GetLastError () returned 0x2 [0263.567] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (1) - 3576 - excel.exe - otele.dat")) returned 0xffffffff [0263.567] SetLastError (dwErrCode=0x2) [0263.567] GetLastError () returned 0x2 [0263.567] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0263.567] LocalFree (hMem=0x92fe20) returned 0x0 [0263.567] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0263.568] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0263.568] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (1) - 3576 - excel.exe - otelemediumcost.dat")) returned 0x20 [0263.569] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35847492383) returned 1 [0263.569] GetCurrentThreadId () returned 0x1130 [0263.569] GetCurrentThreadId () returned 0x1130 [0263.569] GetCurrentThreadId () returned 0x1130 [0263.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mm;THU6!V-NB8z:`z+<`T,vkWMW3_RL68n", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0263.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mm;THU6!V-NB8z:`z+<`T,vkWMW3_RL68n", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0263.569] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Mm;THU6!V-NB8z:`z+<`T,vkWMW3_RL68n", cchWideChar=34, lpMultiByteStr=0x250f7e8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mm;THU6!V-NB8z:`z+<`T,vkWMW3_RL68n", lpUsedDefaultChar=0x0) returned 34 [0263.569] GetCurrentThreadId () returned 0x1130 [0263.569] GetCurrentThreadId () returned 0x1130 [0263.569] GetCurrentThreadId () returned 0x1130 [0263.569] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (1) - 3576 - excel.exe - otelemediumcost.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.569] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0263.570] GetCurrentThreadId () returned 0x1130 [0263.570] GetCurrentThreadId () returned 0x1130 [0263.570] GetCurrentThreadId () returned 0x1130 [0263.570] GetCurrentThreadId () returned 0x1130 [0263.570] GetCurrentThreadId () returned 0x1130 [0263.570] GetCurrentThreadId () returned 0x1130 [0263.570] GetCurrentThreadId () returned 0x1130 [0263.570] GetCurrentThreadId () returned 0x1130 [0263.570] GetCurrentThreadId () returned 0x1130 [0263.570] GetCurrentThreadId () returned 0x1130 [0263.571] GetCurrentThreadId () returned 0x1130 [0263.571] GetCurrentThreadId () returned 0x1130 [0263.571] GetCurrentThreadId () returned 0x1130 [0263.571] malloc (_Size=0x64) returned 0x1d1338 [0263.571] GetCurrentThreadId () returned 0x1130 [0263.571] GetCurrentThreadId () returned 0x1130 [0263.571] GetCurrentThreadId () returned 0x1130 [0263.571] GetCurrentThreadId () returned 0x1130 [0263.571] GetCurrentThreadId () returned 0x1130 [0263.571] GetCurrentThreadId () returned 0x1130 [0263.571] free (_Block=0x1d1338) [0263.571] malloc (_Size=0x60) returned 0x1d1338 [0263.571] free (_Block=0x1d1338) [0263.571] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.571] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1f9 [0263.572] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.572] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.572] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1f9 [0263.572] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.572] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x1f9, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x1f9, lpOverlapped=0x0) returned 1 [0263.585] malloc (_Size=0x8c) returned 0x1d1338 [0263.585] malloc (_Size=0xfc) returned 0x31d7d08 [0263.585] malloc (_Size=0x40) returned 0x1d14e8 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] malloc (_Size=0xa5c) returned 0x31e40b0 [0263.585] malloc (_Size=0x40) returned 0x1d7470 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.585] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] malloc (_Size=0xc) returned 0x31e1e98 [0263.586] malloc (_Size=0x3bc) returned 0x31e4b18 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] GetCurrentThreadId () returned 0x1130 [0263.586] free (_Block=0x31e40b0) [0263.586] free (_Block=0x1d14e8) [0263.586] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] GetCurrentThreadId () returned 0x1130 [0263.587] free (_Block=0x31e4b18) [0263.587] free (_Block=0x31e1e98) [0263.587] free (_Block=0x1d7470) [0263.587] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b67c8*, nNumberOfBytesToWrite=0x2cb, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesWritten=0x19fbbc*=0x2cb, lpOverlapped=0x0) returned 1 [0263.588] free (_Block=0x31d7d08) [0263.588] free (_Block=0x1d1338) [0263.588] CloseHandle (hObject=0x2b4) returned 1 [0263.589] CloseHandle (hObject=0x404) returned 1 [0263.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0263.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0263.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0263.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0263.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0263.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0263.589] SetLastError (dwErrCode=0x0) [0263.589] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", lpFilePart=0x19f9f8*="{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat") returned 0x88 [0263.589] GetLastError () returned 0x0 [0263.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0263.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0263.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0263.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0263.589] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.589] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (1) - 3576 - excel.exe - otelemediumcost.dat")) returned 1 [0263.591] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x27, wMilliseconds=0x230)) [0263.591] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0263.591] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.591] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0263.591] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.591] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0263.591] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.591] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0263.591] CloseHandle (hObject=0x404) returned 1 [0263.591] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat]omgp:[Mm;THU6!V-NB8z:`z+<`T,vkWMW3_RL68n]", cchWideChar=131, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 131 [0263.591] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat]omgp:[Mm;THU6!V-NB8z:`z+<`T,vkWMW3_RL68n]", cchWideChar=131, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 131 [0263.592] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat]omgp:[Mm;THU6!V-NB8z:`z+<`T,vkWMW3_RL68n]", cchWideChar=131, lpMultiByteStr=0x24aa398, cbMultiByte=131, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat]omgp:[Mm;THU6!V-NB8z:`z+<`T,vkWMW3_RL68n]", lpUsedDefaultChar=0x0) returned 131 [0263.604] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e5b8, cbMultiByte=344, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 344 [0263.604] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e5b8, cbMultiByte=344, lpWideCharStr=0x39b67cc, cchWideChar=344 | out: lpWideCharStr="pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw==") returned 344 [0263.604] GetCurrentThreadId () returned 0x1130 [0263.604] GetCurrentThreadId () returned 0x1130 [0263.604] GetCurrentThreadId () returned 0x1130 [0263.604] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.604] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.604] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.604] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.604] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.604] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.604] SetLastError (dwErrCode=0x0) [0263.604] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320") returned 0x80 [0263.615] GetLastError () returned 0x0 [0263.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.615] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.616] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.616] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.616] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.616] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].wannacash ncov v310320")) returned 0x20 [0263.616] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [746].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.616] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0263.616] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0263.616] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2cb [0263.616] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0263.616] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0263.616] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.617] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.617] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0263.617] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x39bf51c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3") returned 369 [0263.617] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0263.617] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x39bf83c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3") returned 369 [0263.617] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2cb [0263.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.617] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e438, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:pMxqV2clHs19RlBcqc0yI81n4nsm8hxun+HyI9RpL//cremhUTftPwuACwwUJ5XbUolfKI6HG5iE8xyQ3JfuUKaRVPWIRZR7assYvugyVqpFZZIB5fEvxT6KX8IICne312drS20y13Y31DSqb5l6KX0kq01pUAGUw0BNmVlhgEjgBDfxGXMICwPDPGPdfvPU+o/smgxUzt896LnAlg4wJj41eKIE/hRrbr0ZHERhZYEND1MUqx8fJ1h0eQV4YiPH0jrzmJe8FfWKBtOkzGfoAQf8zGzg/IRGvHNT5E/dK9ASZURnVFAF/o7HkeXqSnt5/VhVy1xneUQe6V7mkhU9iw== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.617] WriteFile (in: hFile=0x404, lpBuffer=0x248e438*, nNumberOfBytesToWrite=0x171, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x248e438*, lpNumberOfBytesWritten=0x19fc04*=0x171, lpOverlapped=0x0) returned 1 [0263.617] CloseHandle (hObject=0x404) returned 1 [0263.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0263.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0263.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0263.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0263.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0263.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0263.617] SetLastError (dwErrCode=0x0) [0263.617] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", lpFilePart=0x19fa34*="{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat") returned 0x88 [0263.618] GetLastError () returned 0x0 [0263.618] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0263.618] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0263.618] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0263.618] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0263.618] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.618] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (1) - 3576 - excel.exe - otelemediumcost.dat")) returned 0 [0263.618] GetLastError () returned 0x2 [0263.618] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (1) - 3576 - excel.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (1) - 3576 - excel.exe - otelemediumcost.dat")) returned 0xffffffff [0263.618] SetLastError (dwErrCode=0x2) [0263.618] GetLastError () returned 0x2 [0263.618] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0263.618] LocalFree (hMem=0x92fe20) returned 0x0 [0263.618] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0263.618] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0263.619] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (2) - 3576 - excel.exe - otele.dat")) returned 0x20 [0263.619] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35852486108) returned 1 [0263.619] GetCurrentThreadId () returned 0x1130 [0263.619] GetCurrentThreadId () returned 0x1130 [0263.619] GetCurrentThreadId () returned 0x1130 [0263.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="g%hwR{.$.Q\\hbdbH*zYZi\\)9*b", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0263.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="g%hwR{.$.Q\\hbdbH*zYZi\\)9*b", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0263.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="g%hwR{.$.Q\\hbdbH*zYZi\\)9*b", cchWideChar=26, lpMultiByteStr=0x2508f38, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="g%hwR{.$.Q\\hbdbH*zYZi\\)9*b", lpUsedDefaultChar=0x0) returned 26 [0263.619] GetCurrentThreadId () returned 0x1130 [0263.619] GetCurrentThreadId () returned 0x1130 [0263.619] GetCurrentThreadId () returned 0x1130 [0263.619] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (2) - 3576 - excel.exe - otele.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.619] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0263.622] GetCurrentThreadId () returned 0x1130 [0263.622] GetCurrentThreadId () returned 0x1130 [0263.622] GetCurrentThreadId () returned 0x1130 [0263.622] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] malloc (_Size=0x64) returned 0x1d1338 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] GetCurrentThreadId () returned 0x1130 [0263.623] free (_Block=0x1d1338) [0263.623] malloc (_Size=0x60) returned 0x1d1338 [0263.623] free (_Block=0x1d1338) [0263.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x116 [0263.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.624] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.624] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x116 [0263.624] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.624] ReadFile (in: hFile=0x404, lpBuffer=0x24a0678, nNumberOfBytesToRead=0x116, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24a0678*, lpNumberOfBytesRead=0x19fbc8*=0x116, lpOverlapped=0x0) returned 1 [0263.625] malloc (_Size=0x8c) returned 0x1d1338 [0263.625] malloc (_Size=0xfc) returned 0x31d7e10 [0263.625] malloc (_Size=0x40) returned 0x1d14e8 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] malloc (_Size=0xa5c) returned 0x31e40b0 [0263.625] malloc (_Size=0x40) returned 0x1d7470 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.625] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] malloc (_Size=0xc) returned 0x31e1dc0 [0263.626] malloc (_Size=0x20c) returned 0x31e4b18 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] free (_Block=0x31e40b0) [0263.626] free (_Block=0x1d14e8) [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.626] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] GetCurrentThreadId () returned 0x1130 [0263.627] free (_Block=0x31e4b18) [0263.627] free (_Block=0x31e1dc0) [0263.627] free (_Block=0x1d7470) [0263.627] WriteFile (in: hFile=0x2b4, lpBuffer=0x24362f8*, nNumberOfBytesToWrite=0x19f, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesWritten=0x19fbbc*=0x19f, lpOverlapped=0x0) returned 1 [0263.628] free (_Block=0x31d7e10) [0263.628] free (_Block=0x1d1338) [0263.628] CloseHandle (hObject=0x2b4) returned 1 [0263.628] CloseHandle (hObject=0x404) returned 1 [0263.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.629] SetLastError (dwErrCode=0x0) [0263.629] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", lpFilePart=0x19f9f8*="{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat") returned 0x7e [0263.629] GetLastError () returned 0x0 [0263.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.629] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.629] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.629] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (2) - 3576 - excel.exe - otele.dat")) returned 1 [0263.631] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x27, wMilliseconds=0x24f)) [0263.631] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0263.631] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.631] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0263.631] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.631] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0263.632] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.632] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0263.632] CloseHandle (hObject=0x404) returned 1 [0263.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat]omgp:[g%hwR{.$.Q\\hbdbH*zYZi\\)9*b]", cchWideChar=113, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 113 [0263.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat]omgp:[g%hwR{.$.Q\\hbdbH*zYZi\\)9*b]", cchWideChar=113, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 113 [0263.632] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat]omgp:[g%hwR{.$.Q\\hbdbH*zYZi\\)9*b]", cchWideChar=113, lpMultiByteStr=0x24dce48, cbMultiByte=113, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat]omgp:[g%hwR{.$.Q\\hbdbH*zYZi\\)9*b]", lpUsedDefaultChar=0x0) returned 113 [0263.639] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0263.639] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM=") returned 172 [0263.639] GetCurrentThreadId () returned 0x1130 [0263.639] GetCurrentThreadId () returned 0x1130 [0263.639] GetCurrentThreadId () returned 0x1130 [0263.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.639] SetLastError (dwErrCode=0x0) [0263.639] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320") returned 0x80 [0263.639] GetLastError () returned 0x0 [0263.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.639] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.639] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].wannacash ncov v310320")) returned 0x20 [0263.639] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [747].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.640] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0263.640] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0263.640] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x19f [0263.640] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0263.640] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0263.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0263.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0263.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0263.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0263.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0263.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0263.640] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0263.640] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3") returned 197 [0263.640] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0263.640] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3") returned 197 [0263.640] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x19f [0263.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0263.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0263.640] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1Pcj31hf+uAJwdQGKZuIh3UhyAS1DwkHtoMIM4kgdGw+uU26kBw8OvX5erSqBzQBM1Dd5qg78xzd3+/eHUWUw+xKLr60ZzhWbZDpU+ZHffLOjbfXPtyWu6C/v/8RsY/r5Y9w3RlegfYj4URThzfybHw2s3/jljrqslojE0SxDIM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0263.640] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0263.641] CloseHandle (hObject=0x404) returned 1 [0263.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.641] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.641] SetLastError (dwErrCode=0x0) [0263.642] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", lpFilePart=0x19fa34*="{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat") returned 0x7e [0263.642] GetLastError () returned 0x0 [0263.642] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.642] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.642] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=8) returned 1 [0263.642] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat", cchCount2=4) returned 1 [0263.642] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.642] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (2) - 3576 - excel.exe - otele.dat")) returned 0 [0263.642] GetLastError () returned 0x2 [0263.642] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{4DD62F26-1A3F-4275-8844-50DDEBF25FB7} (2) - 3576 - excel.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{4dd62f26-1a3f-4275-8844-50ddebf25fb7} (2) - 3576 - excel.exe - otele.dat")) returned 0xffffffff [0263.642] SetLastError (dwErrCode=0x2) [0263.642] GetLastError () returned 0x2 [0263.642] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0263.642] LocalFree (hMem=0x92fe20) returned 0x0 [0263.642] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0263.642] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0263.643] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{61f167a5-718e-4e8b-8d6b-141da9eb9dc9} (0) - 3976 - visio.exe - otele.dat")) returned 0x20 [0263.643] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35854893063) returned 1 [0263.643] GetCurrentThreadId () returned 0x1130 [0263.643] GetCurrentThreadId () returned 0x1130 [0263.643] GetCurrentThreadId () returned 0x1130 [0263.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ya;35x9Sw@r*GV>k-I7^DZD.5w,%R!%Qq", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0263.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ya;35x9Sw@r*GV>k-I7^DZD.5w,%R!%Qq", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0263.643] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ya;35x9Sw@r*GV>k-I7^DZD.5w,%R!%Qq", cchWideChar=33, lpMultiByteStr=0x250f7e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ya;35x9Sw@r*GV>k-I7^DZD.5w,%R!%Qq", lpUsedDefaultChar=0x0) returned 33 [0263.643] GetCurrentThreadId () returned 0x1130 [0263.643] GetCurrentThreadId () returned 0x1130 [0263.643] GetCurrentThreadId () returned 0x1130 [0263.643] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{61f167a5-718e-4e8b-8d6b-141da9eb9dc9} (0) - 3976 - visio.exe - otele.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.643] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] malloc (_Size=0x64) returned 0x1d1338 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.644] GetCurrentThreadId () returned 0x1130 [0263.645] GetCurrentThreadId () returned 0x1130 [0263.645] free (_Block=0x1d1338) [0263.645] malloc (_Size=0x60) returned 0x1d1338 [0263.645] free (_Block=0x1d1338) [0263.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x581 [0263.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x581 [0263.645] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.645] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x581, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x581, lpOverlapped=0x0) returned 1 [0263.647] malloc (_Size=0x8c) returned 0x1d1338 [0263.647] malloc (_Size=0xfc) returned 0x31d7d08 [0263.647] malloc (_Size=0x40) returned 0x1d14e8 [0263.647] GetCurrentThreadId () returned 0x1130 [0263.647] GetCurrentThreadId () returned 0x1130 [0263.647] GetCurrentThreadId () returned 0x1130 [0263.647] GetCurrentThreadId () returned 0x1130 [0263.647] GetCurrentThreadId () returned 0x1130 [0263.647] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] malloc (_Size=0xa5c) returned 0x31e40b0 [0263.648] malloc (_Size=0x40) returned 0x1d7470 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] GetCurrentThreadId () returned 0x1130 [0263.648] malloc (_Size=0xc) returned 0x31e1dc0 [0263.648] malloc (_Size=0x720) returned 0x31d2860 [0263.649] malloc (_Size=0xa2c) returned 0x1d9aa8 [0263.649] free (_Block=0x31d2860) [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] free (_Block=0x31e40b0) [0263.649] free (_Block=0x1d14e8) [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.649] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] GetCurrentThreadId () returned 0x1130 [0263.650] free (_Block=0x1d9aa8) [0263.651] free (_Block=0x31e1dc0) [0263.651] free (_Block=0x1d7470) [0263.651] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c64f8*, nNumberOfBytesToWrite=0x79e, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c64f8*, lpNumberOfBytesWritten=0x19fbbc*=0x79e, lpOverlapped=0x0) returned 1 [0263.669] free (_Block=0x31d7d08) [0263.669] free (_Block=0x1d1338) [0263.669] CloseHandle (hObject=0x2b4) returned 1 [0263.669] CloseHandle (hObject=0x404) returned 1 [0263.669] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=8) returned 1 [0263.669] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=4) returned 1 [0263.669] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=8) returned 1 [0263.669] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=4) returned 1 [0263.669] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=8) returned 1 [0263.670] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=4) returned 1 [0263.670] SetLastError (dwErrCode=0x0) [0263.670] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", lpFilePart=0x19f9f8*="{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat") returned 0x7e [0263.670] GetLastError () returned 0x0 [0263.670] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=8) returned 1 [0263.670] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=4) returned 1 [0263.670] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=8) returned 1 [0263.670] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=4) returned 1 [0263.670] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.670] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{61f167a5-718e-4e8b-8d6b-141da9eb9dc9} (0) - 3976 - visio.exe - otele.dat")) returned 1 [0263.671] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x27, wMilliseconds=0x27e)) [0263.671] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0263.671] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.671] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0263.672] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.672] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0263.672] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.672] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0263.672] CloseHandle (hObject=0x404) returned 1 [0263.672] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat]omgp:[ya;35x9Sw@r*GV>k-I7^DZD.5w,%R!%Qq]", cchWideChar=120, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 120 [0263.672] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat]omgp:[ya;35x9Sw@r*GV>k-I7^DZD.5w,%R!%Qq]", cchWideChar=120, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 120 [0263.672] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat]omgp:[ya;35x9Sw@r*GV>k-I7^DZD.5w,%R!%Qq]", cchWideChar=120, lpMultiByteStr=0x24d56f8, cbMultiByte=120, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat]omgp:[ya;35x9Sw@r*GV>k-I7^DZD.5w,%R!%Qq]f]", lpUsedDefaultChar=0x0) returned 120 [0263.685] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e5b8, cbMultiByte=344, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 344 [0263.685] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e5b8, cbMultiByte=344, lpWideCharStr=0x39b67cc, cchWideChar=344 | out: lpWideCharStr="Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw==") returned 344 [0263.685] GetCurrentThreadId () returned 0x1130 [0263.685] GetCurrentThreadId () returned 0x1130 [0263.685] GetCurrentThreadId () returned 0x1130 [0263.685] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.685] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.686] SetLastError (dwErrCode=0x0) [0263.686] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320") returned 0x80 [0263.686] GetLastError () returned 0x0 [0263.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.686] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.686] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].wannacash ncov v310320")) returned 0x20 [0263.686] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [748].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.686] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0263.686] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0263.686] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x79e [0263.687] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0263.687] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0263.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.687] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e438, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0263.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x39bf51c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3") returned 369 [0263.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e438, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0263.687] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e438, cbMultiByte=369, lpWideCharStr=0x39bf83c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3") returned 369 [0263.687] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x79e [0263.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.687] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Cs1n3rqoMWWgemBoBbpCZZVBLWeNbvuXhStugp9dNyECKWcBCZ3YTjAM+9FQ4qR0+c6c9iLkkpZwO1gwb4KXzdITBdXRodxfHZl1sLbXHYaXr3oWAJJgEjieATsjoWj9xPE2mWQCrVGOrXWI9KObqoNsGx0LHjYVV22FWcIOADoHq6T1SkDnzgANNxeuem14d6ZSrgTVXYK0l8AqjoFlMRHMK9T/f0IgI89/15pXjx/ldlj2hX6h/E4z6xFZCV8Owjpu0gj0OSKSvDpYsH8WPagk/fl91iF4sYI8R24JBhw5RUgottKqcWGSBPgfVUpLGua2pVtBeTMPBYwmngaXAw== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.687] WriteFile (in: hFile=0x404, lpBuffer=0x248e2b8*, nNumberOfBytesToWrite=0x171, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x248e2b8*, lpNumberOfBytesWritten=0x19fc04*=0x171, lpOverlapped=0x0) returned 1 [0263.688] CloseHandle (hObject=0x404) returned 1 [0263.688] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=8) returned 1 [0263.688] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=4) returned 1 [0263.688] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=8) returned 1 [0263.688] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=4) returned 1 [0263.688] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=8) returned 1 [0263.688] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=4) returned 1 [0263.688] SetLastError (dwErrCode=0x0) [0263.688] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", lpFilePart=0x19fa34*="{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat") returned 0x7e [0263.688] GetLastError () returned 0x0 [0263.688] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=8) returned 1 [0263.688] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=4) returned 1 [0263.688] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=8) returned 1 [0263.688] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat", cchCount2=4) returned 1 [0263.688] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.688] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{61f167a5-718e-4e8b-8d6b-141da9eb9dc9} (0) - 3976 - visio.exe - otele.dat")) returned 0 [0263.688] GetLastError () returned 0x2 [0263.688] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{61F167A5-718E-4E8B-8D6B-141DA9EB9DC9} (0) - 3976 - visio.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{61f167a5-718e-4e8b-8d6b-141da9eb9dc9} (0) - 3976 - visio.exe - otele.dat")) returned 0xffffffff [0263.689] SetLastError (dwErrCode=0x2) [0263.689] GetLastError () returned 0x2 [0263.689] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0263.689] LocalFree (hMem=0x92fe20) returned 0x0 [0263.689] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0263.689] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0263.689] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{9c5e7d9b-2a2b-4118-ae33-9030d7bccab1} (0) - 2228 - winproj.exe - otele.dat")) returned 0x20 [0263.690] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35859638475) returned 1 [0263.690] GetCurrentThreadId () returned 0x1130 [0263.690] GetCurrentThreadId () returned 0x1130 [0263.690] GetCurrentThreadId () returned 0x1130 [0263.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PEdfGl8(X&S.T>s.~QYw`+;G5Kd;v,6d-;Bc+w", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0263.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PEdfGl8(X&S.T>s.~QYw`+;G5Kd;v,6d-;Bc+w", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0263.690] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PEdfGl8(X&S.T>s.~QYw`+;G5Kd;v,6d-;Bc+w", cchWideChar=38, lpMultiByteStr=0x2524fd0, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PEdfGl8(X&S.T>s.~QYw`+;G5Kd;v,6d-;Bc+w", lpUsedDefaultChar=0x0) returned 38 [0263.691] GetCurrentThreadId () returned 0x1130 [0263.691] GetCurrentThreadId () returned 0x1130 [0263.691] GetCurrentThreadId () returned 0x1130 [0263.691] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{9c5e7d9b-2a2b-4118-ae33-9030d7bccab1} (0) - 2228 - winproj.exe - otele.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.691] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.692] GetCurrentThreadId () returned 0x1130 [0263.693] malloc (_Size=0x64) returned 0x1d1338 [0263.693] GetCurrentThreadId () returned 0x1130 [0263.693] GetCurrentThreadId () returned 0x1130 [0263.693] GetCurrentThreadId () returned 0x1130 [0263.693] GetCurrentThreadId () returned 0x1130 [0263.693] GetCurrentThreadId () returned 0x1130 [0263.693] GetCurrentThreadId () returned 0x1130 [0263.693] free (_Block=0x1d1338) [0263.693] malloc (_Size=0x60) returned 0x1d1338 [0263.693] free (_Block=0x1d1338) [0263.693] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.693] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x11b [0263.693] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.693] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.693] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x11b [0263.693] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.694] ReadFile (in: hFile=0x404, lpBuffer=0x24a0678, nNumberOfBytesToRead=0x11b, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24a0678*, lpNumberOfBytesRead=0x19fbc8*=0x11b, lpOverlapped=0x0) returned 1 [0263.695] malloc (_Size=0x8c) returned 0x1d1338 [0263.695] malloc (_Size=0xfc) returned 0x31d7f18 [0263.695] malloc (_Size=0x40) returned 0x1d14e8 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] malloc (_Size=0xa5c) returned 0x31e40b0 [0263.695] malloc (_Size=0x40) returned 0x1d7470 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.695] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] malloc (_Size=0xc) returned 0x31e1ca0 [0263.696] malloc (_Size=0x20c) returned 0x31e4b18 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] free (_Block=0x31e40b0) [0263.696] free (_Block=0x1d14e8) [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.696] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] GetCurrentThreadId () returned 0x1130 [0263.697] free (_Block=0x31e4b18) [0263.697] free (_Block=0x31e1ca0) [0263.697] free (_Block=0x1d7470) [0263.697] WriteFile (in: hFile=0x2b4, lpBuffer=0x24362f8*, nNumberOfBytesToWrite=0x19f, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesWritten=0x19fbbc*=0x19f, lpOverlapped=0x0) returned 1 [0263.698] free (_Block=0x31d7f18) [0263.698] free (_Block=0x1d1338) [0263.698] CloseHandle (hObject=0x2b4) returned 1 [0263.699] CloseHandle (hObject=0x404) returned 1 [0263.699] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=8) returned 1 [0263.699] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=4) returned 1 [0263.699] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=8) returned 1 [0263.699] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=4) returned 1 [0263.699] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=8) returned 1 [0263.699] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=4) returned 1 [0263.699] SetLastError (dwErrCode=0x0) [0263.699] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", lpFilePart=0x19f9f8*="{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat") returned 0x80 [0263.699] GetLastError () returned 0x0 [0263.699] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=8) returned 1 [0263.699] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=4) returned 1 [0263.699] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=8) returned 1 [0263.699] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=4) returned 1 [0263.699] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.699] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{9c5e7d9b-2a2b-4118-ae33-9030d7bccab1} (0) - 2228 - winproj.exe - otele.dat")) returned 1 [0263.701] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x27, wMilliseconds=0x29d)) [0263.701] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0263.701] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.701] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0263.701] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.701] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0263.701] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.701] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0263.701] CloseHandle (hObject=0x404) returned 1 [0263.701] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat]omgp:[PEdfGl8(X&S.T>s.~QYw`+;G5Kd;v,6d-;Bc+w]", cchWideChar=127, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 127 [0263.701] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat]omgp:[PEdfGl8(X&S.T>s.~QYw`+;G5Kd;v,6d-;Bc+w]", cchWideChar=127, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 127 [0263.701] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat]omgp:[PEdfGl8(X&S.T>s.~QYw`+;G5Kd;v,6d-;Bc+w]", cchWideChar=127, lpMultiByteStr=0x24aa398, cbMultiByte=127, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat]omgp:[PEdfGl8(X&S.T>s.~QYw`+;G5Kd;v,6d-;Bc+w]", lpUsedDefaultChar=0x0) returned 127 [0263.714] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e2b8, cbMultiByte=344, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 344 [0263.714] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e2b8, cbMultiByte=344, lpWideCharStr=0x39b6aac, cchWideChar=344 | out: lpWideCharStr="2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA==") returned 344 [0263.714] GetCurrentThreadId () returned 0x1130 [0263.714] GetCurrentThreadId () returned 0x1130 [0263.714] GetCurrentThreadId () returned 0x1130 [0263.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.774] SetLastError (dwErrCode=0x0) [0263.774] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320") returned 0x80 [0263.774] GetLastError () returned 0x0 [0263.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0263.774] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0263.774] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.774] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].wannacash ncov v310320")) returned 0x20 [0263.774] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [749].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.774] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0263.774] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0263.774] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x19f [0263.774] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0263.775] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0263.775] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.775] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.775] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.775] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.775] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.775] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.775] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0263.775] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x39bf1fc, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3") returned 369 [0263.775] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0263.775] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x39bf83c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3") returned 369 [0263.775] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x19f [0263.775] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.775] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0263.775] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e438, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:2y/VEJWXKPkv2Luzd3w8foFXvmISwt2MhAMI9Gh+10si7ChrZM9BhGNUVw5YJ6NiygKtkk2rc3vfmA0iD94PV76oH6K2fN07w8RB0N30Rhk9t7uD5ApW9DyJ6/a8WhArUhjtj3uWZk82DyohSGrdjyaqUpZJNrodwQ3qaR5x2nLx9J1dSMbYZ46DYj1Kn+TYLXcJICYPaIfqyjiFUIm22vchVKfsKCG4IlU0g/bNUoNDyDmymnYPzQjcJy0TajJSSmf9ihYqaac0pgTL/cYVDN3Znq6oUhXGcocrVsPeUIfXxv2LC9PD9fV1MCOud4kTzrkX/6W9E1OfIZ5gzyzgCA== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0263.775] WriteFile (in: hFile=0x404, lpBuffer=0x248e438*, nNumberOfBytesToWrite=0x171, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x248e438*, lpNumberOfBytesWritten=0x19fc04*=0x171, lpOverlapped=0x0) returned 1 [0263.776] CloseHandle (hObject=0x404) returned 1 [0263.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=8) returned 1 [0263.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=4) returned 1 [0263.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=8) returned 1 [0263.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=4) returned 1 [0263.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=8) returned 1 [0263.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=4) returned 1 [0263.777] SetLastError (dwErrCode=0x0) [0263.777] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", lpFilePart=0x19fa34*="{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat") returned 0x80 [0263.777] GetLastError () returned 0x0 [0263.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=8) returned 1 [0263.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=4) returned 1 [0263.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=8) returned 1 [0263.777] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat", cchCount2=4) returned 1 [0263.777] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.777] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{9c5e7d9b-2a2b-4118-ae33-9030d7bccab1} (0) - 2228 - winproj.exe - otele.dat")) returned 0 [0263.777] GetLastError () returned 0x2 [0263.777] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{9c5e7d9b-2a2b-4118-ae33-9030d7bccab1} (0) - 2228 - winproj.exe - otele.dat")) returned 0xffffffff [0263.777] SetLastError (dwErrCode=0x2) [0263.777] GetLastError () returned 0x2 [0263.777] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0263.778] LocalFree (hMem=0x92fe20) returned 0x0 [0263.778] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0263.778] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0263.778] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{9C5E7D9B-2A2B-4118-AE33-9030D7BCCAB1} (0) - 2228 - winproj.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{9c5e7d9b-2a2b-4118-ae33-9030d7bccab1} (0) - 2228 - winproj.exe - otelemediumcost.dat")) returned 0x20 [0263.779] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35868479238) returned 1 [0263.779] GetCurrentThreadId () returned 0x1130 [0263.779] GetCurrentThreadId () returned 0x1130 [0263.779] GetCurrentThreadId () returned 0x1130 [0263.779] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vuohcui@nQ{b@J;_T,$n1o(h*Bb:pvz%8|P#$D-.Fu", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0263.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":d1fp*\"v35jklg#U2c4=yW>n1o(h*Bb:pvz%8|P#$D-.Fu", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0263.982] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":d1fp*\"v35jklg#U2c4=yW>n1o(h*Bb:pvz%8|P#$D-.Fu", cchWideChar=46, lpMultiByteStr=0x25337d8, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=":d1fp*\"v35jklg#U2c4=yW>n1o(h*Bb:pvz%8|P#$D-.Fu", lpUsedDefaultChar=0x0) returned 46 [0263.982] GetCurrentThreadId () returned 0x1130 [0263.983] GetCurrentThreadId () returned 0x1130 [0263.983] GetCurrentThreadId () returned 0x1130 [0263.983] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (0) - 3960 - outlook.exe - otele.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.983] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0263.983] GetCurrentThreadId () returned 0x1130 [0263.983] GetCurrentThreadId () returned 0x1130 [0263.983] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] malloc (_Size=0x64) returned 0x1d1338 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] GetCurrentThreadId () returned 0x1130 [0263.984] free (_Block=0x1d1338) [0263.984] malloc (_Size=0x60) returned 0x1d1338 [0263.984] free (_Block=0x1d1338) [0263.984] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.985] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x80 [0263.985] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.985] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.985] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x80 [0263.985] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0263.985] ReadFile (in: hFile=0x404, lpBuffer=0x24aa398, nNumberOfBytesToRead=0x80, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24aa398*, lpNumberOfBytesRead=0x19fbc8*=0x80, lpOverlapped=0x0) returned 1 [0263.986] malloc (_Size=0x8c) returned 0x1d1338 [0263.986] malloc (_Size=0xfc) returned 0x31d71b0 [0263.986] malloc (_Size=0x40) returned 0x1d14e8 [0263.986] GetCurrentThreadId () returned 0x1130 [0263.986] GetCurrentThreadId () returned 0x1130 [0263.986] GetCurrentThreadId () returned 0x1130 [0263.986] GetCurrentThreadId () returned 0x1130 [0263.986] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] malloc (_Size=0xa5c) returned 0x31e40b0 [0263.987] malloc (_Size=0x40) returned 0x1d7470 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] malloc (_Size=0xc) returned 0x31e1ef8 [0263.987] malloc (_Size=0x108) returned 0x1d74b8 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.987] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] free (_Block=0x31e40b0) [0263.988] free (_Block=0x1d14e8) [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.988] GetCurrentThreadId () returned 0x1130 [0263.989] GetCurrentThreadId () returned 0x1130 [0263.989] GetCurrentThreadId () returned 0x1130 [0263.989] GetCurrentThreadId () returned 0x1130 [0263.989] GetCurrentThreadId () returned 0x1130 [0263.989] GetCurrentThreadId () returned 0x1130 [0263.989] GetCurrentThreadId () returned 0x1130 [0263.989] GetCurrentThreadId () returned 0x1130 [0263.989] GetCurrentThreadId () returned 0x1130 [0263.989] GetCurrentThreadId () returned 0x1130 [0263.989] free (_Block=0x1d74b8) [0263.989] free (_Block=0x31e1ef8) [0263.989] free (_Block=0x1d7470) [0263.989] WriteFile (in: hFile=0x2b4, lpBuffer=0x24b5e68*, nNumberOfBytesToWrite=0xdc, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24b5e68*, lpNumberOfBytesWritten=0x19fbbc*=0xdc, lpOverlapped=0x0) returned 1 [0263.990] free (_Block=0x31d71b0) [0263.990] free (_Block=0x1d1338) [0263.990] CloseHandle (hObject=0x2b4) returned 1 [0263.990] CloseHandle (hObject=0x404) returned 1 [0263.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0263.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0263.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0263.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0263.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0263.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0263.991] SetLastError (dwErrCode=0x0) [0263.991] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", lpFilePart=0x19f9f8*="{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat") returned 0x80 [0263.991] GetLastError () returned 0x0 [0263.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0263.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0263.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0263.991] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0263.991] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0263.991] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (0) - 3960 - outlook.exe - otele.dat")) returned 1 [0263.993] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x27, wMilliseconds=0x3b6)) [0263.993] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0263.993] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0263.993] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0263.993] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.993] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0263.993] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0263.993] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0263.993] CloseHandle (hObject=0x404) returned 1 [0263.993] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat]omgp:[:d1fp*\"v35jklg#U2c4=yW>n1o(h*Bb:pvz%8|P#$D-.Fu]", cchWideChar=135, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 135 [0263.993] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat]omgp:[:d1fp*\"v35jklg#U2c4=yW>n1o(h*Bb:pvz%8|P#$D-.Fu]", cchWideChar=135, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 135 [0263.994] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat]omgp:[:d1fp*\"v35jklg#U2c4=yW>n1o(h*Bb:pvz%8|P#$D-.Fu]", cchWideChar=135, lpMultiByteStr=0x2445668, cbMultiByte=135, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat]omgp:[:d1fp*\"v35jklg#U2c4=yW>n1o(h*Bb:pvz%8|P#$D-.Fu]", lpUsedDefaultChar=0x0) returned 135 [0264.107] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e2b8, cbMultiByte=344, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 344 [0264.107] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e2b8, cbMultiByte=344, lpWideCharStr=0x39b6aac, cchWideChar=344 | out: lpWideCharStr="c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA==") returned 344 [0264.107] GetCurrentThreadId () returned 0x1130 [0264.107] GetCurrentThreadId () returned 0x1130 [0264.107] GetCurrentThreadId () returned 0x1130 [0264.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.107] SetLastError (dwErrCode=0x0) [0264.107] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320") returned 0x80 [0264.108] GetLastError () returned 0x0 [0264.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.108] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.108] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.108] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].wannacash ncov v310320")) returned 0x20 [0264.108] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [753].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.108] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0264.108] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.108] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xdc [0264.109] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.109] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0264.109] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.109] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.109] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.109] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.109] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.109] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e438, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.109] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0264.109] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x39bf1fc, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3") returned 369 [0264.109] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e438, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0264.109] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e438, cbMultiByte=369, lpWideCharStr=0x39bf83c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3") returned 369 [0264.109] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xdc [0264.109] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.109] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.109] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:c1327VQNoNUTgP34g/uuqvKY5PJPyi6sgnfedSzzcW7H6aXYMlF3f0ETJqqct98f4JXif7RIOdei8mi0UpLP1kaz9OEfSyCauG90FaccMZEkO7FlikjiveUIWUq+N0pPIBhhyiXM2Rr3VRjdU9zil+Jmm/4dluYVuudKuyzhInDLkfWj6PA48N8UguSNpqCdSIufGiSz8VVYMp8GRuHWTQzaRS89mPw5DW+R5zry73bHL2o71lJWHOftEBBWSVhBNTxkP1a78/UxNquErK0PrTvldsDYi6yTADkM2RCNRTOqHQVI/vZe7DmZ/HNrY5PMfrXDrHErZmTcIJWLnGBiXA== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.109] WriteFile (in: hFile=0x404, lpBuffer=0x248e5b8*, nNumberOfBytesToWrite=0x171, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x248e5b8*, lpNumberOfBytesWritten=0x19fc04*=0x171, lpOverlapped=0x0) returned 1 [0264.111] CloseHandle (hObject=0x404) returned 1 [0264.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.111] SetLastError (dwErrCode=0x0) [0264.111] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", lpFilePart=0x19fa34*="{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat") returned 0x80 [0264.111] GetLastError () returned 0x0 [0264.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.111] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.111] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.111] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (0) - 3960 - outlook.exe - otele.dat")) returned 0 [0264.112] GetLastError () returned 0x2 [0264.112] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (0) - 3960 - outlook.exe - otele.dat")) returned 0xffffffff [0264.112] SetLastError (dwErrCode=0x2) [0264.112] GetLastError () returned 0x2 [0264.112] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0264.112] LocalFree (hMem=0x92fe20) returned 0x0 [0264.112] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0264.112] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0264.112] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (0) - 3960 - outlook.exe - otelemediumcost.dat")) returned 0x20 [0264.113] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35901886039) returned 1 [0264.113] GetCurrentThreadId () returned 0x1130 [0264.113] GetCurrentThreadId () returned 0x1130 [0264.113] GetCurrentThreadId () returned 0x1130 [0264.113] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CPv}Q+dILr(i6l8SiEh-:pt{e^eN.Kr\"H<3rc5/Hl", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0264.113] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CPv}Q+dILr(i6l8SiEh-:pt{e^eN.Kr\"H<3rc5/Hl", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0264.113] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CPv}Q+dILr(i6l8SiEh-:pt{e^eN.Kr\"H<3rc5/Hl", cchWideChar=41, lpMultiByteStr=0x2524fd0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CPv}Q+dILr(i6l8SiEh-:pt{e^eN.Kr\"H<3rc5/Hl", lpUsedDefaultChar=0x0) returned 41 [0264.113] GetCurrentThreadId () returned 0x1130 [0264.113] GetCurrentThreadId () returned 0x1130 [0264.113] GetCurrentThreadId () returned 0x1130 [0264.113] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (0) - 3960 - outlook.exe - otelemediumcost.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.113] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] GetCurrentThreadId () returned 0x1130 [0264.114] malloc (_Size=0x64) returned 0x1d1338 [0264.115] GetCurrentThreadId () returned 0x1130 [0264.115] GetCurrentThreadId () returned 0x1130 [0264.115] GetCurrentThreadId () returned 0x1130 [0264.115] GetCurrentThreadId () returned 0x1130 [0264.115] GetCurrentThreadId () returned 0x1130 [0264.115] GetCurrentThreadId () returned 0x1130 [0264.115] free (_Block=0x1d1338) [0264.115] malloc (_Size=0x60) returned 0x1d1338 [0264.115] free (_Block=0x1d1338) [0264.115] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.115] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x27a [0264.115] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.115] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.115] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x27a [0264.115] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.116] ReadFile (in: hFile=0x404, lpBuffer=0x39c8828, nNumberOfBytesToRead=0x27a, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39c8828*, lpNumberOfBytesRead=0x19fbc8*=0x27a, lpOverlapped=0x0) returned 1 [0264.117] malloc (_Size=0x8c) returned 0x1d1338 [0264.117] malloc (_Size=0xfc) returned 0x31d75d0 [0264.117] malloc (_Size=0x40) returned 0x1d14e8 [0264.117] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] malloc (_Size=0xa5c) returned 0x31e40b0 [0264.118] malloc (_Size=0x40) returned 0x1d7470 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] GetCurrentThreadId () returned 0x1130 [0264.118] malloc (_Size=0xc) returned 0x31e1dc0 [0264.119] malloc (_Size=0x468) returned 0x31e4b18 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] free (_Block=0x31e40b0) [0264.119] free (_Block=0x1d14e8) [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.119] GetCurrentThreadId () returned 0x1130 [0264.120] GetCurrentThreadId () returned 0x1130 [0264.120] GetCurrentThreadId () returned 0x1130 [0264.120] GetCurrentThreadId () returned 0x1130 [0264.120] GetCurrentThreadId () returned 0x1130 [0264.120] GetCurrentThreadId () returned 0x1130 [0264.120] GetCurrentThreadId () returned 0x1130 [0264.120] GetCurrentThreadId () returned 0x1130 [0264.120] GetCurrentThreadId () returned 0x1130 [0264.120] GetCurrentThreadId () returned 0x1130 [0264.120] GetCurrentThreadId () returned 0x1130 [0264.121] GetCurrentThreadId () returned 0x1130 [0264.121] GetCurrentThreadId () returned 0x1130 [0264.121] GetCurrentThreadId () returned 0x1130 [0264.121] free (_Block=0x31e4b18) [0264.121] free (_Block=0x31e1dc0) [0264.121] free (_Block=0x1d7470) [0264.121] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d0658*, nNumberOfBytesToWrite=0x37a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d0658*, lpNumberOfBytesWritten=0x19fbbc*=0x37a, lpOverlapped=0x0) returned 1 [0264.122] free (_Block=0x31d75d0) [0264.122] free (_Block=0x1d1338) [0264.122] CloseHandle (hObject=0x2b4) returned 1 [0264.122] CloseHandle (hObject=0x404) returned 1 [0264.122] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.122] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.123] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.123] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.123] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.123] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.123] SetLastError (dwErrCode=0x0) [0264.123] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", lpFilePart=0x19f9f8*="{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat") returned 0x8a [0264.123] GetLastError () returned 0x0 [0264.123] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.123] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.123] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.123] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.123] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.123] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (0) - 3960 - outlook.exe - otelemediumcost.dat")) returned 1 [0264.125] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x28, wMilliseconds=0x5b)) [0264.125] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0264.125] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.125] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0264.125] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.125] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0264.125] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.125] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0264.125] CloseHandle (hObject=0x404) returned 1 [0264.125] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat]omgp:[CPv}Q+dILr(i6l8SiEh-:pt{e^eN.Kr\"H<3rc5/Hl]", cchWideChar=140, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 140 [0264.125] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat]omgp:[CPv}Q+dILr(i6l8SiEh-:pt{e^eN.Kr\"H<3rc5/Hl]", cchWideChar=140, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 140 [0264.125] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat]omgp:[CPv}Q+dILr(i6l8SiEh-:pt{e^eN.Kr\"H<3rc5/Hl]", cchWideChar=140, lpMultiByteStr=0x2445668, cbMultiByte=140, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat]omgp:[CPv}Q+dILr(i6l8SiEh-:pt{e^eN.Kr\"H<3rc5/Hl]ÉUD\x02²ª\x90ÐUQ\x0b76ÿÎ\x10dÃ\x10\x93¹¤R\x0fµë×\x06·µkt\x95'ÒÀfíg\x95¦&³ª\x1dø÷VõCô:\x88ð$±5d\x06\x9ev\x0b\x9bþõ¤QïZGã¿G7z\x9fPùE@!bh\x13Ý!-u¢DlÍ+\x8c\x9ev4\x83¦nW\x90ûld\x0c«\x9eô,TþæB:ãµj\x18\x04\x05\x19Ô\x13P\x92\x1bä\x99\x82·k\x87U\x16\x0eô7he\x9cäk", lpUsedDefaultChar=0x0) returned 140 [0264.143] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e5b8, cbMultiByte=344, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 344 [0264.143] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e5b8, cbMultiByte=344, lpWideCharStr=0x39b67cc, cchWideChar=344 | out: lpWideCharStr="x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ==") returned 344 [0264.144] GetCurrentThreadId () returned 0x1130 [0264.144] GetCurrentThreadId () returned 0x1130 [0264.144] GetCurrentThreadId () returned 0x1130 [0264.144] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.144] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.144] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.144] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.144] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.144] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.144] SetLastError (dwErrCode=0x0) [0264.144] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320") returned 0x80 [0264.144] GetLastError () returned 0x0 [0264.144] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.144] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.144] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.144] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.144] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.144] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].wannacash ncov v310320")) returned 0x20 [0264.145] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [754].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.145] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0264.145] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.145] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x37a [0264.145] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.145] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0264.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.145] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.145] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.145] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0264.145] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x39bf51c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3") returned 369 [0264.145] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0264.145] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x39bf83c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3") returned 369 [0264.146] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x37a [0264.146] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.146] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.146] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e438, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:x9UI2mXqP0S12f2pZQMvyCTIYJMcq8Q60n0l2rf3eY3k96Tycvx5MvvJ0Lf9+UyOADGtgLIcoM0bcDVE3DTKalNA/98RMPzD9kYbSuQqtzWXYlUKKYE5y0cKpVH2g4r+J3mxCNayPosWEiVfaxqBb0OnGklhqH23hbgyxc8EEjeRWMJokfmYrr4L30V6QX1lNyx0PfGTqxdfqErvFbRrkz0qZ5Ro4gPHacJzk0sGdNqOsqyKEVoL3AneDKIIosRhBGOUNpnrmr8Oc+a/r7ObqFlJqixa2JU6SGEUl5WE1joCVQGCWSdgv11ggx+uRAhOHXB9uWjMKAH8zf92f8x4ZQ== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.146] WriteFile (in: hFile=0x404, lpBuffer=0x248e438*, nNumberOfBytesToWrite=0x171, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x248e438*, lpNumberOfBytesWritten=0x19fc04*=0x171, lpOverlapped=0x0) returned 1 [0264.146] CloseHandle (hObject=0x404) returned 1 [0264.146] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.146] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.146] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.146] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.146] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.146] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.146] SetLastError (dwErrCode=0x0) [0264.147] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", lpFilePart=0x19fa34*="{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat") returned 0x8a [0264.147] GetLastError () returned 0x0 [0264.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.147] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.147] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (0) - 3960 - outlook.exe - otelemediumcost.dat")) returned 0 [0264.147] GetLastError () returned 0x2 [0264.147] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (0) - 3960 - outlook.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (0) - 3960 - outlook.exe - otelemediumcost.dat")) returned 0xffffffff [0264.147] SetLastError (dwErrCode=0x2) [0264.147] GetLastError () returned 0x2 [0264.147] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0264.147] LocalFree (hMem=0x92fe20) returned 0x0 [0264.147] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0264.148] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0264.148] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (1) - 3960 - outlook.exe - otele.dat")) returned 0x20 [0264.148] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35905429978) returned 1 [0264.148] GetCurrentThreadId () returned 0x1130 [0264.148] GetCurrentThreadId () returned 0x1130 [0264.148] GetCurrentThreadId () returned 0x1130 [0264.148] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="*9=42?z#k/6wxj№\\w>7x:Bo%Ykn!", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0264.148] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="*9=42?z#k/6wxj№\\w>7x:Bo%Ykn!", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0264.148] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="*9=42?z#k/6wxj№\\w>7x:Bo%Ykn!", cchWideChar=28, lpMultiByteStr=0x250f7e8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*9=42?z#k/6wxjâ\x84\x96\\w>7x:Bo%Ykn!", lpUsedDefaultChar=0x0) returned 30 [0264.148] GetCurrentThreadId () returned 0x1130 [0264.148] GetCurrentThreadId () returned 0x1130 [0264.149] GetCurrentThreadId () returned 0x1130 [0264.149] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (1) - 3960 - outlook.exe - otele.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.149] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0264.149] GetCurrentThreadId () returned 0x1130 [0264.149] GetCurrentThreadId () returned 0x1130 [0264.149] GetCurrentThreadId () returned 0x1130 [0264.149] GetCurrentThreadId () returned 0x1130 [0264.149] GetCurrentThreadId () returned 0x1130 [0264.149] GetCurrentThreadId () returned 0x1130 [0264.149] GetCurrentThreadId () returned 0x1130 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] malloc (_Size=0x64) returned 0x1d1338 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] GetCurrentThreadId () returned 0x1130 [0264.150] free (_Block=0x1d1338) [0264.150] malloc (_Size=0x60) returned 0x1d1338 [0264.150] free (_Block=0x1d1338) [0264.150] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.150] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x11b [0264.151] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.151] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.151] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x11b [0264.151] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.151] ReadFile (in: hFile=0x404, lpBuffer=0x24a07a8, nNumberOfBytesToRead=0x11b, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24a07a8*, lpNumberOfBytesRead=0x19fbc8*=0x11b, lpOverlapped=0x0) returned 1 [0264.185] malloc (_Size=0x8c) returned 0x1d1338 [0264.185] malloc (_Size=0xfc) returned 0x31d71b0 [0264.185] malloc (_Size=0x40) returned 0x1d14e8 [0264.185] GetCurrentThreadId () returned 0x1130 [0264.185] GetCurrentThreadId () returned 0x1130 [0264.185] GetCurrentThreadId () returned 0x1130 [0264.185] GetCurrentThreadId () returned 0x1130 [0264.185] GetCurrentThreadId () returned 0x1130 [0264.185] GetCurrentThreadId () returned 0x1130 [0264.185] GetCurrentThreadId () returned 0x1130 [0264.185] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] malloc (_Size=0xa5c) returned 0x31e40b0 [0264.186] malloc (_Size=0x40) returned 0x1d7470 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] malloc (_Size=0xc) returned 0x31e1e50 [0264.186] malloc (_Size=0x20c) returned 0x31e4b18 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.186] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] free (_Block=0x31e40b0) [0264.187] free (_Block=0x1d14e8) [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.187] GetCurrentThreadId () returned 0x1130 [0264.188] GetCurrentThreadId () returned 0x1130 [0264.188] GetCurrentThreadId () returned 0x1130 [0264.188] GetCurrentThreadId () returned 0x1130 [0264.188] GetCurrentThreadId () returned 0x1130 [0264.188] GetCurrentThreadId () returned 0x1130 [0264.188] GetCurrentThreadId () returned 0x1130 [0264.188] GetCurrentThreadId () returned 0x1130 [0264.188] GetCurrentThreadId () returned 0x1130 [0264.188] GetCurrentThreadId () returned 0x1130 [0264.188] GetCurrentThreadId () returned 0x1130 [0264.188] GetCurrentThreadId () returned 0x1130 [0264.188] free (_Block=0x31e4b18) [0264.188] free (_Block=0x31e1e50) [0264.188] free (_Block=0x1d7470) [0264.188] WriteFile (in: hFile=0x2b4, lpBuffer=0x24362f8*, nNumberOfBytesToWrite=0x19f, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesWritten=0x19fbbc*=0x19f, lpOverlapped=0x0) returned 1 [0264.189] free (_Block=0x31d71b0) [0264.190] free (_Block=0x1d1338) [0264.190] CloseHandle (hObject=0x2b4) returned 1 [0264.190] CloseHandle (hObject=0x404) returned 1 [0264.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.190] SetLastError (dwErrCode=0x0) [0264.190] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", lpFilePart=0x19f9f8*="{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat") returned 0x80 [0264.190] GetLastError () returned 0x0 [0264.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.190] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.191] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (1) - 3960 - outlook.exe - otele.dat")) returned 1 [0264.192] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x28, wMilliseconds=0x99)) [0264.192] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0264.192] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.192] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0264.192] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.192] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0264.193] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.193] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0264.193] CloseHandle (hObject=0x404) returned 1 [0264.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat]omgp:[*9=42?z#k/6wxj№\\w>7x:Bo%Ykn!]", cchWideChar=117, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 117 [0264.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat]omgp:[*9=42?z#k/6wxj№\\w>7x:Bo%Ykn!]", cchWideChar=117, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 117 [0264.193] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat]omgp:[*9=42?z#k/6wxj№\\w>7x:Bo%Ykn!]", cchWideChar=117, lpMultiByteStr=0x24d56f8, cbMultiByte=117, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat]omgp:[*9=42?z#k/6wxj?\\w>7x:Bo%Ykn!]Ìxef]", lpUsedDefaultChar=0x0) returned 117 [0264.203] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0264.203] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA=") returned 172 [0264.203] GetCurrentThreadId () returned 0x1130 [0264.203] GetCurrentThreadId () returned 0x1130 [0264.203] GetCurrentThreadId () returned 0x1130 [0264.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.203] SetLastError (dwErrCode=0x0) [0264.203] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320") returned 0x80 [0264.203] GetLastError () returned 0x0 [0264.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.203] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.204] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].wannacash ncov v310320")) returned 0x20 [0264.204] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [755].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0264.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x19f [0264.204] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.204] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0264.204] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.204] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.204] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.205] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3") returned 197 [0264.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.205] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3") returned 197 [0264.205] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x19f [0264.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.205] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rYXQn/pu48Bt6+eyL7SN+j4xkL6yP4eWMc7VsIOhe3FAbE2oPhsjXsPlsIftpjkbTz5I+AflaXkHXfi+uu7nhn3y4DllXDQfGndYHLBrVRKrs/UWSgEN8Yj6P9WfgtNwyouJZcXtYm3ylrw1+D4xJWQ8Ny0kXboDEMK0LU4VhyA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.205] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0264.206] CloseHandle (hObject=0x404) returned 1 [0264.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.206] SetLastError (dwErrCode=0x0) [0264.207] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", lpFilePart=0x19fa34*="{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat") returned 0x80 [0264.207] GetLastError () returned 0x0 [0264.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.207] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.207] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.207] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (1) - 3960 - outlook.exe - otele.dat")) returned 0 [0264.207] GetLastError () returned 0x2 [0264.207] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (1) - 3960 - outlook.exe - otele.dat")) returned 0xffffffff [0264.207] SetLastError (dwErrCode=0x2) [0264.207] GetLastError () returned 0x2 [0264.207] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0264.207] LocalFree (hMem=0x92fe20) returned 0x0 [0264.207] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0264.208] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0264.208] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (1) - 3960 - outlook.exe - otelemediumcost.dat")) returned 0x20 [0264.209] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35911486135) returned 1 [0264.209] GetCurrentThreadId () returned 0x1130 [0264.209] GetCurrentThreadId () returned 0x1130 [0264.209] GetCurrentThreadId () returned 0x1130 [0264.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"UEWSne@@wIk`\\r}`l++ik6{A", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0264.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"UEWSne@@wIk`\\r}`l++ik6{A", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0264.209] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"UEWSne@@wIk`\\r}`l++ik6{A", cchWideChar=25, lpMultiByteStr=0x2508f10, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"UEWSne@@wIk`\\r}`l++ik6{A", lpUsedDefaultChar=0x0) returned 25 [0264.209] GetCurrentThreadId () returned 0x1130 [0264.209] GetCurrentThreadId () returned 0x1130 [0264.209] GetCurrentThreadId () returned 0x1130 [0264.209] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (1) - 3960 - outlook.exe - otelemediumcost.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.209] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] GetCurrentThreadId () returned 0x1130 [0264.210] malloc (_Size=0x64) returned 0x1d1338 [0264.211] GetCurrentThreadId () returned 0x1130 [0264.211] GetCurrentThreadId () returned 0x1130 [0264.211] GetCurrentThreadId () returned 0x1130 [0264.211] GetCurrentThreadId () returned 0x1130 [0264.211] GetCurrentThreadId () returned 0x1130 [0264.211] GetCurrentThreadId () returned 0x1130 [0264.211] free (_Block=0x1d1338) [0264.211] malloc (_Size=0x60) returned 0x1d1338 [0264.211] free (_Block=0x1d1338) [0264.211] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.211] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x221 [0264.211] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.211] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.211] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x221 [0264.212] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.212] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x221, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x221, lpOverlapped=0x0) returned 1 [0264.213] malloc (_Size=0x8c) returned 0x1d1338 [0264.214] malloc (_Size=0xfc) returned 0x31d79f0 [0264.214] malloc (_Size=0x40) returned 0x1d14e8 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] malloc (_Size=0xa5c) returned 0x31e40b0 [0264.214] malloc (_Size=0x40) returned 0x1d7470 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.214] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] malloc (_Size=0xc) returned 0x31e1dc0 [0264.215] malloc (_Size=0x414) returned 0x31e4b18 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.215] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] free (_Block=0x31e40b0) [0264.216] free (_Block=0x1d14e8) [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] GetCurrentThreadId () returned 0x1130 [0264.216] free (_Block=0x31e4b18) [0264.217] free (_Block=0x31e1dc0) [0264.217] free (_Block=0x1d7470) [0264.217] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bdaf8*, nNumberOfBytesToWrite=0x30c, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bdaf8*, lpNumberOfBytesWritten=0x19fbbc*=0x30c, lpOverlapped=0x0) returned 1 [0264.218] free (_Block=0x31d79f0) [0264.218] free (_Block=0x1d1338) [0264.218] CloseHandle (hObject=0x2b4) returned 1 [0264.218] CloseHandle (hObject=0x404) returned 1 [0264.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.218] SetLastError (dwErrCode=0x0) [0264.219] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", lpFilePart=0x19f9f8*="{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat") returned 0x8a [0264.219] GetLastError () returned 0x0 [0264.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.219] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.219] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.219] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (1) - 3960 - outlook.exe - otelemediumcost.dat")) returned 1 [0264.220] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x28, wMilliseconds=0xb9)) [0264.220] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0264.221] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.221] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0264.221] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.221] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0264.221] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.221] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0264.221] CloseHandle (hObject=0x404) returned 1 [0264.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat]omgp:[\"UEWSne@@wIk`\\r}`l++ik6{A]", cchWideChar=124, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 124 [0264.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat]omgp:[\"UEWSne@@wIk`\\r}`l++ik6{A]", cchWideChar=124, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 124 [0264.221] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat]omgp:[\"UEWSne@@wIk`\\r}`l++ik6{A]", cchWideChar=124, lpMultiByteStr=0x24d56f8, cbMultiByte=124, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat]omgp:[\"UEWSne@@wIk`\\r}`l++ik6{A]ðGM\x02\x19o", lpUsedDefaultChar=0x0) returned 124 [0264.288] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e5b8, cbMultiByte=344, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 344 [0264.288] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e5b8, cbMultiByte=344, lpWideCharStr=0x39b67cc, cchWideChar=344 | out: lpWideCharStr="TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ==") returned 344 [0264.288] GetCurrentThreadId () returned 0x1130 [0264.288] GetCurrentThreadId () returned 0x1130 [0264.288] GetCurrentThreadId () returned 0x1130 [0264.288] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.288] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.288] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.288] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.288] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.288] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.288] SetLastError (dwErrCode=0x0) [0264.288] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320") returned 0x80 [0264.288] GetLastError () returned 0x0 [0264.288] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.288] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.288] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.288] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.289] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.289] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].wannacash ncov v310320")) returned 0x20 [0264.289] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [756].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.289] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0264.289] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.289] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x30c [0264.289] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.289] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0264.289] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.290] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.290] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e438, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0264.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x39bf51c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3") returned 369 [0264.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e438, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0264.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e438, cbMultiByte=369, lpWideCharStr=0x39bf83c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3") returned 369 [0264.290] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x30c [0264.290] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.290] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.290] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:TL6yb+B6OQs8iYx5RgcQqJ200gtUrYS422/2U3hjscb52XuQ6hTEa41h2gu8334jC6huI4HXfLjs9MSvoYmvTCsvQRtWr0XryQ3WlPEIk59sDCcFBz1iGEgancEP5mItsRbYf5QlyrCtCL7ugufPqn8JysgWdFIvTUepfm7Q9jqqpWcA+bEmgkny7HEzUDEykxZSNZXw4M4GE7uRLdABm1uAqCu6n8cozz0wKQ7/SU/PgQ6MOifaC/HsvLIG2wCf+UW5asOZKhFthI50HXlP2nhx6iYW6ZoowXj1UPFt7cK/JDSNRDbHTuz99xVTgJs7TwHXoABqiKjBWLrQi3oOZQ== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.290] WriteFile (in: hFile=0x404, lpBuffer=0x248e2b8*, nNumberOfBytesToWrite=0x171, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x248e2b8*, lpNumberOfBytesWritten=0x19fc04*=0x171, lpOverlapped=0x0) returned 1 [0264.290] CloseHandle (hObject=0x404) returned 1 [0264.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.291] SetLastError (dwErrCode=0x0) [0264.291] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", lpFilePart=0x19fa34*="{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat") returned 0x8a [0264.291] GetLastError () returned 0x0 [0264.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=8) returned 1 [0264.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat", cchCount2=4) returned 1 [0264.291] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.291] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (1) - 3960 - outlook.exe - otelemediumcost.dat")) returned 0 [0264.291] GetLastError () returned 0x2 [0264.291] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (1) - 3960 - outlook.exe - OTeleMediumCost.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (1) - 3960 - outlook.exe - otelemediumcost.dat")) returned 0xffffffff [0264.291] SetLastError (dwErrCode=0x2) [0264.291] GetLastError () returned 0x2 [0264.292] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0264.292] LocalFree (hMem=0x92fe20) returned 0x0 [0264.292] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0264.292] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0264.293] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (2) - 3960 - outlook.exe - otele.dat")) returned 0x20 [0264.293] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35919951149) returned 1 [0264.293] GetCurrentThreadId () returned 0x1130 [0264.293] GetCurrentThreadId () returned 0x1130 [0264.293] GetCurrentThreadId () returned 0x1130 [0264.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@a>+Y!$5GvqfF\"Zs4^e:WZlQ8&81r\"svTNIa,iTUEZ", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0264.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@a>+Y!$5GvqfF\"Zs4^e:WZlQ8&81r\"svTNIa,iTUEZ", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0264.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@a>+Y!$5GvqfF\"Zs4^e:WZlQ8&81r\"svTNIa,iTUEZ", cchWideChar=42, lpMultiByteStr=0x2524fd0, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="@a>+Y!$5GvqfF\"Zs4^e:WZlQ8&81r\"svTNIa,iTUEZ", lpUsedDefaultChar=0x0) returned 42 [0264.294] GetCurrentThreadId () returned 0x1130 [0264.294] GetCurrentThreadId () returned 0x1130 [0264.294] GetCurrentThreadId () returned 0x1130 [0264.294] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (2) - 3960 - outlook.exe - otele.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.294] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] malloc (_Size=0x64) returned 0x1d1338 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.295] GetCurrentThreadId () returned 0x1130 [0264.296] GetCurrentThreadId () returned 0x1130 [0264.296] free (_Block=0x1d1338) [0264.296] malloc (_Size=0x60) returned 0x1d1338 [0264.296] free (_Block=0x1d1338) [0264.296] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.296] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x11c [0264.296] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.296] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.296] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x11c [0264.296] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.296] ReadFile (in: hFile=0x404, lpBuffer=0x24a0678, nNumberOfBytesToRead=0x11c, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24a0678*, lpNumberOfBytesRead=0x19fbc8*=0x11c, lpOverlapped=0x0) returned 1 [0264.297] malloc (_Size=0x8c) returned 0x1d1338 [0264.297] malloc (_Size=0xfc) returned 0x31d71b0 [0264.298] malloc (_Size=0x40) returned 0x1d14e8 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] malloc (_Size=0xa5c) returned 0x31e40b0 [0264.298] malloc (_Size=0x40) returned 0x1d7470 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.298] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] malloc (_Size=0xc) returned 0x31e1ca0 [0264.299] malloc (_Size=0x20c) returned 0x31e4b18 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] free (_Block=0x31e40b0) [0264.299] free (_Block=0x1d14e8) [0264.299] GetCurrentThreadId () returned 0x1130 [0264.299] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] GetCurrentThreadId () returned 0x1130 [0264.300] free (_Block=0x31e4b18) [0264.300] free (_Block=0x31e1ca0) [0264.300] free (_Block=0x1d7470) [0264.300] WriteFile (in: hFile=0x2b4, lpBuffer=0x24362f8*, nNumberOfBytesToWrite=0x19f, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesWritten=0x19fbbc*=0x19f, lpOverlapped=0x0) returned 1 [0264.302] free (_Block=0x31d71b0) [0264.302] free (_Block=0x1d1338) [0264.302] CloseHandle (hObject=0x2b4) returned 1 [0264.302] CloseHandle (hObject=0x404) returned 1 [0264.302] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.302] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.302] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.302] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.302] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.302] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.302] SetLastError (dwErrCode=0x0) [0264.302] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", lpFilePart=0x19f9f8*="{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat") returned 0x80 [0264.302] GetLastError () returned 0x0 [0264.302] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.302] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.302] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.302] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.302] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.303] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (2) - 3960 - outlook.exe - otele.dat")) returned 1 [0264.304] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x28, wMilliseconds=0x107)) [0264.304] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0264.304] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.304] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0264.304] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.305] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0264.305] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.305] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0264.305] CloseHandle (hObject=0x404) returned 1 [0264.305] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat]omgp:[@a>+Y!$5GvqfF\"Zs4^e:WZlQ8&81r\"svTNIa,iTUEZ]", cchWideChar=131, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 131 [0264.305] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat]omgp:[@a>+Y!$5GvqfF\"Zs4^e:WZlQ8&81r\"svTNIa,iTUEZ]", cchWideChar=131, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 131 [0264.305] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat]omgp:[@a>+Y!$5GvqfF\"Zs4^e:WZlQ8&81r\"svTNIa,iTUEZ]", cchWideChar=131, lpMultiByteStr=0x24aa398, cbMultiByte=131, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat]omgp:[@a>+Y!$5GvqfF\"Zs4^e:WZlQ8&81r\"svTNIa,iTUEZ]", lpUsedDefaultChar=0x0) returned 131 [0264.323] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e2b8, cbMultiByte=344, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 344 [0264.323] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e2b8, cbMultiByte=344, lpWideCharStr=0x39b6aac, cchWideChar=344 | out: lpWideCharStr="BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg==") returned 344 [0264.323] GetCurrentThreadId () returned 0x1130 [0264.323] GetCurrentThreadId () returned 0x1130 [0264.323] GetCurrentThreadId () returned 0x1130 [0264.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.323] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.323] SetLastError (dwErrCode=0x0) [0264.372] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320") returned 0x80 [0264.372] GetLastError () returned 0x0 [0264.372] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.372] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.372] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.372] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.372] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.373] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].wannacash ncov v310320")) returned 0x20 [0264.373] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\Файл зашифрован. Пиши. Почта clubnika@elude.in [757].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.373] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0264.373] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.373] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x19f [0264.373] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.373] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0264.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.373] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.374] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.374] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.374] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0264.374] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x39bf1fc, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3") returned 369 [0264.374] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0264.374] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpWideCharStr=0x39bf83c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3") returned 369 [0264.374] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x19f [0264.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0264.374] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e438, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BppPDM979DdNY4ToziVD6v87J837fO0gHsycFdWFkVQq68JDNftHiPMWwogom6L/qMu7++mFBhUT2B5bGAS5U5epvm+8cIIstUtvjjkfOXm/Lps9TPUxTpSodz9Doxn5QtQaQBjzOmVx78fAVcWbbYchVBpa/27vrUb1HqA64G/C464ZujVRp5l9v8dxNx40UTlP3Bw3+GvDKPQFKvC3bYI0iYSE0rbcV95J3L7+5AKFOWMGSCsMi1E2yVEK0BbH1WS7j5+HXDd7JgMwzZq8dOXNeNFfWZePp1rbQSDoPxm5whm4TJLChwGgwrLjN+gFr4zUQbdjefweUXr7oxVhTg== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0264.374] WriteFile (in: hFile=0x404, lpBuffer=0x248e438*, nNumberOfBytesToWrite=0x171, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x248e438*, lpNumberOfBytesWritten=0x19fc04*=0x171, lpOverlapped=0x0) returned 1 [0264.376] CloseHandle (hObject=0x404) returned 1 [0264.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.376] SetLastError (dwErrCode=0x0) [0264.376] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", lpFilePart=0x19fa34*="{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat") returned 0x80 [0264.376] GetLastError () returned 0x0 [0264.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.376] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=8) returned 1 [0264.377] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat", cchCount2=4) returned 1 [0264.377] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele")) returned 0x10 [0264.377] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (2) - 3960 - outlook.exe - otele.dat")) returned 0 [0264.377] GetLastError () returned 0x2 [0264.377] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Office\\OTele\\{BE262C12-7D57-419E-805F-B347DC7BEF4D} (2) - 3960 - outlook.exe - OTele.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\office\\otele\\{be262c12-7d57-419e-805f-b347dc7bef4d} (2) - 3960 - outlook.exe - otele.dat")) returned 0xffffffff [0264.377] SetLastError (dwErrCode=0x2) [0264.377] GetLastError () returned 0x2 [0264.377] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0264.377] LocalFree (hMem=0x92fe20) returned 0x0 [0264.377] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0264.377] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0264.378] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\appblue.png")) returned 0x20 [0264.378] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35928420174) returned 1 [0264.378] GetCurrentThreadId () returned 0x1130 [0264.378] GetCurrentThreadId () returned 0x1130 [0264.378] GetCurrentThreadId () returned 0x1130 [0264.378] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7x*hUZ-(3ks^b^|3w9.>iIc№BO", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0264.378] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7x*hUZ-(3ks^b^|3w9.>iIc№BO", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0264.378] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7x*hUZ-(3ks^b^|3w9.>iIc№BO", cchWideChar=26, lpMultiByteStr=0x2508ee8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7x*hUZ-(3ks^b^|3w9.>iIcâ\x84\x96BO\x10\x80P\x02ì\x8bT", lpUsedDefaultChar=0x0) returned 28 [0264.378] GetCurrentThreadId () returned 0x1130 [0264.378] GetCurrentThreadId () returned 0x1130 [0264.378] GetCurrentThreadId () returned 0x1130 [0264.378] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\appblue.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.379] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0264.379] GetCurrentThreadId () returned 0x1130 [0264.379] GetCurrentThreadId () returned 0x1130 [0264.379] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] malloc (_Size=0x64) returned 0x1d1338 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] GetCurrentThreadId () returned 0x1130 [0264.380] free (_Block=0x1d1338) [0264.380] malloc (_Size=0x60) returned 0x1d1338 [0264.381] free (_Block=0x1d1338) [0264.381] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.381] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x157b [0264.381] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.381] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.381] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x157b [0264.381] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.381] ReadFile (in: hFile=0x404, lpBuffer=0x39c8808, nNumberOfBytesToRead=0x157b, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39c8808*, lpNumberOfBytesRead=0x19fbc8*=0x157b, lpOverlapped=0x0) returned 1 [0264.383] malloc (_Size=0x8c) returned 0x1d1338 [0264.383] malloc (_Size=0xfc) returned 0x31d7e10 [0264.383] malloc (_Size=0x40) returned 0x1d14e8 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] malloc (_Size=0xa5c) returned 0x31e40b0 [0264.384] malloc (_Size=0x40) returned 0x1d7470 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.384] GetCurrentThreadId () returned 0x1130 [0264.385] GetCurrentThreadId () returned 0x1130 [0264.385] GetCurrentThreadId () returned 0x1130 [0264.385] GetCurrentThreadId () returned 0x1130 [0264.385] malloc (_Size=0xc) returned 0x31e1dc0 [0264.385] malloc (_Size=0x720) returned 0x31d2860 [0264.385] malloc (_Size=0xe3c) returned 0x1d9aa8 [0264.385] free (_Block=0x31d2860) [0264.385] malloc (_Size=0x15ac) returned 0x1da8f0 [0264.386] free (_Block=0x1d9aa8) [0264.386] malloc (_Size=0x23e4) returned 0x1dbea8 [0264.386] free (_Block=0x1da8f0) [0264.386] GetCurrentThreadId () returned 0x1130 [0264.386] GetCurrentThreadId () returned 0x1130 [0264.386] GetCurrentThreadId () returned 0x1130 [0264.386] GetCurrentThreadId () returned 0x1130 [0264.386] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] free (_Block=0x31e40b0) [0264.387] free (_Block=0x1d14e8) [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.387] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] GetCurrentThreadId () returned 0x1130 [0264.388] free (_Block=0x1dbea8) [0264.389] free (_Block=0x31e1dc0) [0264.389] free (_Block=0x1d7470) [0264.389] WriteFile (in: hFile=0x2b4, lpBuffer=0x39cb468*, nNumberOfBytesToWrite=0x1d33, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39cb468*, lpNumberOfBytesWritten=0x19fbbc*=0x1d33, lpOverlapped=0x0) returned 1 [0264.390] free (_Block=0x31d7e10) [0264.390] free (_Block=0x1d1338) [0264.390] CloseHandle (hObject=0x2b4) returned 1 [0264.390] CloseHandle (hObject=0x404) returned 1 [0264.390] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=8) returned 1 [0264.390] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=4) returned 1 [0264.391] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=8) returned 1 [0264.391] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=4) returned 1 [0264.391] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=8) returned 1 [0264.391] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=4) returned 1 [0264.391] SetLastError (dwErrCode=0x0) [0264.391] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", lpFilePart=0x19f9f8*="AppBlue.png") returned 0x4d [0264.391] GetLastError () returned 0x0 [0264.391] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=8) returned 1 [0264.391] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=4) returned 1 [0264.391] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=8) returned 1 [0264.391] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=4) returned 1 [0264.391] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.391] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\appblue.png")) returned 1 [0264.393] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x28, wMilliseconds=0x165)) [0264.393] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0264.393] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.393] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0264.393] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.393] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0264.393] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.393] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0264.393] CloseHandle (hObject=0x404) returned 1 [0264.394] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AppBlue.png]omgp:[7x*hUZ-(3ks^b^|3w9.>iIc№BO]", cchWideChar=51, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0264.394] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AppBlue.png]omgp:[7x*hUZ-(3ks^b^|3w9.>iIc№BO]", cchWideChar=51, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0264.394] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AppBlue.png]omgp:[7x*hUZ-(3ks^b^|3w9.>iIc№BO]", cchWideChar=51, lpMultiByteStr=0x25337d8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[AppBlue.png]omgp:[7x*hUZ-(3ks^b^|3w9.>iIc?BO]", lpUsedDefaultChar=0x0) returned 51 [0264.403] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0264.403] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE=") returned 172 [0264.403] GetCurrentThreadId () returned 0x1130 [0264.403] GetCurrentThreadId () returned 0x1130 [0264.403] GetCurrentThreadId () returned 0x1130 [0264.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.404] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.404] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.404] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.404] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.404] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.404] SetLastError (dwErrCode=0x0) [0264.404] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320") returned 0x8d [0264.404] GetLastError () returned 0x0 [0264.404] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.404] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.404] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.404] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.404] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.404] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].wannacash ncov v310320")) returned 0x20 [0264.404] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [758].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.405] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0264.405] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.405] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1d33 [0264.405] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.405] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0264.405] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.405] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.405] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.405] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.405] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.405] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.405] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.405] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3") returned 197 [0264.405] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.405] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3") returned 197 [0264.405] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1d33 [0264.406] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.406] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.406] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ZTHzg4ew+WlGGPllBYayVlJZmRt3/TjspYAZn6QCXtAs+W54L/b+k9YJloQ+xBAO5gC5WJZ13QsGz0GN8ba2uJ7f2ma7B0H2Y+LV2AKW5u47NPlS+d0s/llmOQk35VvEQL06rH1goJ0jw62EJwwSkhHerno2KvqY5hmTHcqMMWE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.406] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0264.406] CloseHandle (hObject=0x404) returned 1 [0264.406] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=8) returned 1 [0264.406] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=4) returned 1 [0264.406] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=8) returned 1 [0264.406] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=4) returned 1 [0264.406] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=8) returned 1 [0264.406] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=4) returned 1 [0264.406] SetLastError (dwErrCode=0x0) [0264.406] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", lpFilePart=0x19fa34*="AppBlue.png") returned 0x4d [0264.406] GetLastError () returned 0x0 [0264.406] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=8) returned 1 [0264.406] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=4) returned 1 [0264.406] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=8) returned 1 [0264.407] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png", cchCount2=4) returned 1 [0264.407] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.407] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\appblue.png")) returned 0 [0264.407] GetLastError () returned 0x2 [0264.407] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppBlue.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\appblue.png")) returned 0xffffffff [0264.407] SetLastError (dwErrCode=0x2) [0264.407] GetLastError () returned 0x2 [0264.407] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0264.407] LocalFree (hMem=0x92fe20) returned 0x0 [0264.407] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0264.407] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0264.408] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\appwhite.png")) returned 0x20 [0264.450] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35935644180) returned 1 [0264.450] GetCurrentThreadId () returned 0x1130 [0264.450] GetCurrentThreadId () returned 0x1130 [0264.450] GetCurrentThreadId () returned 0x1130 [0264.450] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="m46;Sd$1p}l*xI!d#qI~\\~oNs\\lDo^3loJvk+X*#H:O(k№K:", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0264.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="m46;Sd$1p}l*xI!d#qI~\\~oNs\\lDo^3loJvk+X*#H:O(k№K:", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0264.451] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="m46;Sd$1p}l*xI!d#qI~\\~oNs\\lDo^3loJvk+X*#H:O(k№K:", cchWideChar=48, lpMultiByteStr=0x25337d8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="m46;Sd$1p}l*xI!d#qI~\\~oNs\\lDo^3loJvk+X*#H:O(kâ\x84\x96K:]", lpUsedDefaultChar=0x0) returned 50 [0264.451] GetCurrentThreadId () returned 0x1130 [0264.451] GetCurrentThreadId () returned 0x1130 [0264.451] GetCurrentThreadId () returned 0x1130 [0264.451] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\appwhite.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.451] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] malloc (_Size=0x64) returned 0x1d1338 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.452] GetCurrentThreadId () returned 0x1130 [0264.453] free (_Block=0x1d1338) [0264.453] malloc (_Size=0x60) returned 0x1d1338 [0264.453] free (_Block=0x1d1338) [0264.453] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.453] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xbeb [0264.453] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.453] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.453] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xbeb [0264.453] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.453] ReadFile (in: hFile=0x404, lpBuffer=0x24362d8, nNumberOfBytesToRead=0xbeb, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesRead=0x19fbc8*=0xbeb, lpOverlapped=0x0) returned 1 [0264.459] malloc (_Size=0x8c) returned 0x1d1338 [0264.459] malloc (_Size=0xfc) returned 0x31d74c8 [0264.459] malloc (_Size=0x40) returned 0x1d14e8 [0264.459] GetCurrentThreadId () returned 0x1130 [0264.459] GetCurrentThreadId () returned 0x1130 [0264.459] GetCurrentThreadId () returned 0x1130 [0264.459] GetCurrentThreadId () returned 0x1130 [0264.459] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] malloc (_Size=0xa5c) returned 0x31e40b0 [0264.460] malloc (_Size=0x40) returned 0x1d7470 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] GetCurrentThreadId () returned 0x1130 [0264.460] malloc (_Size=0xc) returned 0x31e1ca0 [0264.460] malloc (_Size=0x720) returned 0x31d2860 [0264.460] malloc (_Size=0xe3c) returned 0x1d9aa8 [0264.461] free (_Block=0x31d2860) [0264.461] malloc (_Size=0x15ac) returned 0x1da8f0 [0264.461] free (_Block=0x1d9aa8) [0264.461] GetCurrentThreadId () returned 0x1130 [0264.461] GetCurrentThreadId () returned 0x1130 [0264.461] GetCurrentThreadId () returned 0x1130 [0264.461] GetCurrentThreadId () returned 0x1130 [0264.461] GetCurrentThreadId () returned 0x1130 [0264.461] GetCurrentThreadId () returned 0x1130 [0264.461] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] free (_Block=0x31e40b0) [0264.462] free (_Block=0x1d14e8) [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.462] GetCurrentThreadId () returned 0x1130 [0264.463] GetCurrentThreadId () returned 0x1130 [0264.463] GetCurrentThreadId () returned 0x1130 [0264.463] GetCurrentThreadId () returned 0x1130 [0264.463] GetCurrentThreadId () returned 0x1130 [0264.463] GetCurrentThreadId () returned 0x1130 [0264.463] free (_Block=0x1da8f0) [0264.463] free (_Block=0x31e1ca0) [0264.463] free (_Block=0x1d7470) [0264.463] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b73d8*, nNumberOfBytesToWrite=0x1040, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b73d8*, lpNumberOfBytesWritten=0x19fbbc*=0x1040, lpOverlapped=0x0) returned 1 [0264.464] free (_Block=0x31d74c8) [0264.465] free (_Block=0x1d1338) [0264.465] CloseHandle (hObject=0x2b4) returned 1 [0264.465] CloseHandle (hObject=0x404) returned 1 [0264.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=8) returned 1 [0264.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=4) returned 1 [0264.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=8) returned 1 [0264.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=4) returned 1 [0264.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=8) returned 1 [0264.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=4) returned 1 [0264.465] SetLastError (dwErrCode=0x0) [0264.465] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", lpFilePart=0x19f9f8*="AppWhite.png") returned 0x4e [0264.465] GetLastError () returned 0x0 [0264.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=8) returned 1 [0264.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=4) returned 1 [0264.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=8) returned 1 [0264.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=4) returned 1 [0264.465] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.466] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\appwhite.png")) returned 1 [0264.467] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x28, wMilliseconds=0x1b3)) [0264.467] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0264.467] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.467] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0264.467] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.467] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0264.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.468] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0264.468] CloseHandle (hObject=0x404) returned 1 [0264.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AppWhite.png]omgp:[m46;Sd$1p}l*xI!d#qI~\\~oNs\\lDo^3loJvk+X*#H:O(k№K:]", cchWideChar=74, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 74 [0264.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AppWhite.png]omgp:[m46;Sd$1p}l*xI!d#qI~\\~oNs\\lDo^3loJvk+X*#H:O(k№K:]", cchWideChar=74, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 74 [0264.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AppWhite.png]omgp:[m46;Sd$1p}l*xI!d#qI~\\~oNs\\lDo^3loJvk+X*#H:O(k№K:]", cchWideChar=74, lpMultiByteStr=0x252c708, cbMultiByte=74, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[AppWhite.png]omgp:[m46;Sd$1p}l*xI!d#qI~\\~oNs\\lDo^3loJvk+X*#H:O(k?K:]", lpUsedDefaultChar=0x0) returned 74 [0264.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0264.477] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ=") returned 172 [0264.477] GetCurrentThreadId () returned 0x1130 [0264.477] GetCurrentThreadId () returned 0x1130 [0264.477] GetCurrentThreadId () returned 0x1130 [0264.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.477] SetLastError (dwErrCode=0x0) [0264.477] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320") returned 0x8d [0264.477] GetLastError () returned 0x0 [0264.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.478] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.478] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].wannacash ncov v310320")) returned 0x20 [0264.478] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [759].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.478] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0264.478] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.478] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1040 [0264.478] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.478] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0264.478] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.478] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.478] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.479] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.479] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.479] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.479] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.479] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3") returned 197 [0264.479] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.479] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3") returned 197 [0264.479] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1040 [0264.479] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.479] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.479] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:92bPUUl+TRuRJpVl4vtoc+HFAzRfD0jDY9Rt34Pu+plkRbwEWMipuN2VpBe/OB3wf6zgSG2jwM+EyC5i1KltFL+8Wr0OV0EKVYhA7zVcZ0VtUliRo5fbbKtI1KBHbR57aPRugR+Rn0e79uGg/ygzgBlWEzCQi+vNSY/H5QYvbEQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.479] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0264.479] CloseHandle (hObject=0x404) returned 1 [0264.479] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=8) returned 1 [0264.479] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=4) returned 1 [0264.480] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=8) returned 1 [0264.480] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=4) returned 1 [0264.480] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=8) returned 1 [0264.480] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=4) returned 1 [0264.480] SetLastError (dwErrCode=0x0) [0264.480] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", lpFilePart=0x19fa34*="AppWhite.png") returned 0x4e [0264.480] GetLastError () returned 0x0 [0264.480] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=8) returned 1 [0264.480] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=4) returned 1 [0264.480] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=8) returned 1 [0264.480] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png", cchCount2=4) returned 1 [0264.480] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.480] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\appwhite.png")) returned 0 [0264.481] GetLastError () returned 0x2 [0264.481] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AppWhite.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\appwhite.png")) returned 0xffffffff [0264.481] SetLastError (dwErrCode=0x2) [0264.481] GetLastError () returned 0x2 [0264.481] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0264.481] LocalFree (hMem=0x92fe20) returned 0x0 [0264.481] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0264.481] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0264.481] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\autoplayoptin.gif")) returned 0x20 [0264.482] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35938777215) returned 1 [0264.482] GetCurrentThreadId () returned 0x1130 [0264.482] GetCurrentThreadId () returned 0x1130 [0264.482] GetCurrentThreadId () returned 0x1130 [0264.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="*~7m;~k(NQ|\"qz)j\\-?IA2v(F*_$ih;22C@rNp", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0264.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="*~7m;~k(NQ|\"qz)j\\-?IA2v(F*_$ih;22C@rNp", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0264.482] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="*~7m;~k(NQ|\"qz)j\\-?IA2v(F*_$ih;22C@rNp", cchWideChar=38, lpMultiByteStr=0x2524fd0, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="*~7m;~k(NQ|\"qz)j\\-?IA2v(F*_$ih;22C@rNp", lpUsedDefaultChar=0x0) returned 38 [0264.482] GetCurrentThreadId () returned 0x1130 [0264.482] GetCurrentThreadId () returned 0x1130 [0264.482] GetCurrentThreadId () returned 0x1130 [0264.482] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\autoplayoptin.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.482] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] GetCurrentThreadId () returned 0x1130 [0264.483] malloc (_Size=0x64) returned 0x1d1338 [0264.484] GetCurrentThreadId () returned 0x1130 [0264.484] GetCurrentThreadId () returned 0x1130 [0264.484] GetCurrentThreadId () returned 0x1130 [0264.484] GetCurrentThreadId () returned 0x1130 [0264.484] GetCurrentThreadId () returned 0x1130 [0264.484] GetCurrentThreadId () returned 0x1130 [0264.484] free (_Block=0x1d1338) [0264.484] malloc (_Size=0x60) returned 0x1d1338 [0264.484] free (_Block=0x1d1338) [0264.484] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.484] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5d8f6 [0264.484] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.484] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fe50000 [0264.492] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.492] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5d8f6 [0264.492] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.492] ReadFile (in: hFile=0x404, lpBuffer=0x7fe50018, nNumberOfBytesToRead=0x5d8f6, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fe50018*, lpNumberOfBytesRead=0x19fbc8*=0x5d8f6, lpOverlapped=0x0) returned 1 [0264.534] malloc (_Size=0x8c) returned 0x1d1338 [0264.535] malloc (_Size=0xfc) returned 0x31d78e8 [0264.535] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fdf0000 [0264.545] malloc (_Size=0x40) returned 0x1d14e8 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] malloc (_Size=0xa5c) returned 0x31e40b0 [0264.545] malloc (_Size=0x40) returned 0x1d7470 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.545] GetCurrentThreadId () returned 0x1130 [0264.546] GetCurrentThreadId () returned 0x1130 [0264.546] GetCurrentThreadId () returned 0x1130 [0264.546] GetCurrentThreadId () returned 0x1130 [0264.546] GetCurrentThreadId () returned 0x1130 [0264.546] GetCurrentThreadId () returned 0x1130 [0264.546] GetCurrentThreadId () returned 0x1130 [0264.546] GetCurrentThreadId () returned 0x1130 [0264.546] malloc (_Size=0xc) returned 0x31e1d18 [0264.546] malloc (_Size=0x720) returned 0x31d2860 [0264.546] malloc (_Size=0xe3c) returned 0x1d9aa8 [0264.546] free (_Block=0x31d2860) [0264.546] malloc (_Size=0x15ac) returned 0x1da8f0 [0264.546] free (_Block=0x1d9aa8) [0264.546] malloc (_Size=0x23e4) returned 0x1dbea8 [0264.546] free (_Block=0x1da8f0) [0264.546] malloc (_Size=0x3274) returned 0x3a60048 [0264.547] free (_Block=0x1dbea8) [0264.547] malloc (_Size=0x4820) returned 0x1d9aa8 [0264.547] free (_Block=0x3a60048) [0264.547] malloc (_Size=0x64e4) returned 0x3a60048 [0264.548] free (_Block=0x1d9aa8) [0264.548] malloc (_Size=0x8920) returned 0x3a66538 [0264.548] free (_Block=0x3a60048) [0264.548] malloc (_Size=0xbb90) returned 0x3a6ee60 [0264.549] free (_Block=0x3a66538) [0264.549] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0264.550] free (_Block=0x3a6ee60) [0264.551] malloc (_Size=0x1533c) returned 0x3a60048 [0264.552] free (_Block=0x3a7a9f8) [0264.553] malloc (_Size=0x1c704) returned 0x3a75390 [0264.553] free (_Block=0x3a60048) [0264.553] malloc (_Size=0x265c8) returned 0x3a91aa0 [0264.555] free (_Block=0x3a75390) [0264.556] malloc (_Size=0x33758) returned 0x31e4b18 [0264.560] free (_Block=0x3a91aa0) [0264.561] malloc (_Size=0x45104) returned 0x3a60048 [0264.561] free (_Block=0x31e4b18) [0264.561] malloc (_Size=0x5c874) returned 0x31e4b18 [0264.564] free (_Block=0x3a60048) [0264.567] malloc (_Size=0x7bac8) returned 0x3a60048 [0264.572] free (_Block=0x31e4b18) [0264.626] malloc (_Size=0xa5358) returned 0xa07020 [0264.637] free (_Block=0x3a60048) [0264.638] VirtualAlloc (lpAddress=0x0, dwSize=0x80000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd70000 [0264.651] GetCurrentThreadId () returned 0x1130 [0264.651] GetCurrentThreadId () returned 0x1130 [0264.651] GetCurrentThreadId () returned 0x1130 [0264.651] GetCurrentThreadId () returned 0x1130 [0264.651] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] free (_Block=0x31e40b0) [0264.652] free (_Block=0x1d14e8) [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.652] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.653] GetCurrentThreadId () returned 0x1130 [0264.700] free (_Block=0xa07020) [0264.704] free (_Block=0x31e1d18) [0264.704] free (_Block=0x1d7470) [0264.704] WriteFile (in: hFile=0x2b4, lpBuffer=0x7fd70018*, nNumberOfBytesToWrite=0x7eb49, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fd70018*, lpNumberOfBytesWritten=0x19fbbc*=0x7eb49, lpOverlapped=0x0) returned 1 [0264.711] free (_Block=0x31d78e8) [0264.712] free (_Block=0x1d1338) [0264.712] VirtualFree (lpAddress=0x7fd70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0264.715] VirtualFree (lpAddress=0x7fdf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0264.716] VirtualFree (lpAddress=0x7fe50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0264.716] CloseHandle (hObject=0x2b4) returned 1 [0264.716] CloseHandle (hObject=0x404) returned 1 [0264.717] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=8) returned 1 [0264.717] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=4) returned 1 [0264.717] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=8) returned 1 [0264.717] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=4) returned 1 [0264.717] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=8) returned 1 [0264.717] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=4) returned 1 [0264.717] SetLastError (dwErrCode=0x0) [0264.717] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", lpFilePart=0x19f9f8*="AutoPlayOptIn.gif") returned 0x53 [0264.717] GetLastError () returned 0x0 [0264.717] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=8) returned 1 [0264.717] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=4) returned 1 [0264.717] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=8) returned 1 [0264.717] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=4) returned 1 [0264.717] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.717] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\autoplayoptin.gif")) returned 1 [0264.723] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x28, wMilliseconds=0x2ad)) [0264.723] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0264.723] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.723] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0264.723] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.723] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0264.723] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.723] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0264.724] CloseHandle (hObject=0x404) returned 1 [0264.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AutoPlayOptIn.gif]omgp:[*~7m;~k(NQ|\"qz)j\\-?IA2v(F*_$ih;22C@rNp]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0264.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AutoPlayOptIn.gif]omgp:[*~7m;~k(NQ|\"qz)j\\-?IA2v(F*_$ih;22C@rNp]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0264.725] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AutoPlayOptIn.gif]omgp:[*~7m;~k(NQ|\"qz)j\\-?IA2v(F*_$ih;22C@rNp]", cchWideChar=69, lpMultiByteStr=0x252c708, cbMultiByte=69, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[AutoPlayOptIn.gif]omgp:[*~7m;~k(NQ|\"qz)j\\-?IA2v(F*_$ih;22C@rNp]k?K:]", lpUsedDefaultChar=0x0) returned 69 [0264.733] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0264.733] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk=") returned 172 [0264.733] GetCurrentThreadId () returned 0x1130 [0264.733] GetCurrentThreadId () returned 0x1130 [0264.733] GetCurrentThreadId () returned 0x1130 [0264.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.733] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.733] SetLastError (dwErrCode=0x0) [0264.734] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320") returned 0x8d [0264.734] GetLastError () returned 0x0 [0264.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.734] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.734] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].wannacash ncov v310320")) returned 0x20 [0264.734] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [760].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.734] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0264.734] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.734] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x7eb49 [0264.734] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.735] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0264.735] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.735] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.735] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.735] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.735] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.735] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3") returned 197 [0264.735] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.735] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3") returned 197 [0264.735] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x7eb49 [0264.735] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.735] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.735] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UJCpiz6HV/+6wYDKcfvXtqXo95Kys2Qcs6hIiqT4WrLMC5lp5OQZSSIMo57qDPE7tAQ9rN6j+epnfLc9VmhMrWm5UIZVXloJ2q98ZXgoapqCovLCHbUkctaY+TGtmjrGw3NPU1b9ksRrp4gtBg/uHN0hM+dd0qEAehDKSeAYOnk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.735] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0264.735] CloseHandle (hObject=0x404) returned 1 [0264.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=8) returned 1 [0264.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=4) returned 1 [0264.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=8) returned 1 [0264.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=4) returned 1 [0264.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=8) returned 1 [0264.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=4) returned 1 [0264.736] SetLastError (dwErrCode=0x0) [0264.736] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", lpFilePart=0x19fa34*="AutoPlayOptIn.gif") returned 0x53 [0264.736] GetLastError () returned 0x0 [0264.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=8) returned 1 [0264.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=4) returned 1 [0264.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=8) returned 1 [0264.736] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif", cchCount2=4) returned 1 [0264.736] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.736] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\autoplayoptin.gif")) returned 0 [0264.736] GetLastError () returned 0x2 [0264.736] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\autoplayoptin.gif")) returned 0xffffffff [0264.736] SetLastError (dwErrCode=0x2) [0264.736] GetLastError () returned 0x2 [0264.737] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0264.737] LocalFree (hMem=0x92fe20) returned 0x0 [0264.737] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0264.737] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0264.737] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\autoplayoptin.png")) returned 0x20 [0264.778] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35968405759) returned 1 [0264.778] GetCurrentThreadId () returned 0x1130 [0264.778] GetCurrentThreadId () returned 0x1130 [0264.778] GetCurrentThreadId () returned 0x1130 [0264.778] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D1VVK>WwA#\"Hxze.|?bKgP=&f_6t=y76", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0264.778] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D1VVK>WwA#\"Hxze.|?bKgP=&f_6t=y76", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0264.778] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="D1VVK>WwA#\"Hxze.|?bKgP=&f_6t=y76", cchWideChar=32, lpMultiByteStr=0x250f7e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="D1VVK>WwA#\"Hxze.|?bKgP=&f_6t=y76", lpUsedDefaultChar=0x0) returned 32 [0264.778] GetCurrentThreadId () returned 0x1130 [0264.778] GetCurrentThreadId () returned 0x1130 [0264.778] GetCurrentThreadId () returned 0x1130 [0264.778] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\autoplayoptin.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.779] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] malloc (_Size=0x64) returned 0x1d1338 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.780] GetCurrentThreadId () returned 0x1130 [0264.781] GetCurrentThreadId () returned 0x1130 [0264.781] free (_Block=0x1d1338) [0264.781] malloc (_Size=0x60) returned 0x1d1338 [0264.781] free (_Block=0x1d1338) [0264.781] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.781] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x27f2 [0264.781] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.781] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.781] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x27f2 [0264.781] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.781] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x27f2, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x27f2, lpOverlapped=0x0) returned 1 [0264.783] malloc (_Size=0x8c) returned 0x1d1338 [0264.783] malloc (_Size=0xfc) returned 0x31d78e8 [0264.783] malloc (_Size=0x40) returned 0x1d14e8 [0264.783] GetCurrentThreadId () returned 0x1130 [0264.783] GetCurrentThreadId () returned 0x1130 [0264.783] GetCurrentThreadId () returned 0x1130 [0264.783] GetCurrentThreadId () returned 0x1130 [0264.783] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] malloc (_Size=0xa5c) returned 0x31e40b0 [0264.784] malloc (_Size=0x40) returned 0x1d7470 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] GetCurrentThreadId () returned 0x1130 [0264.784] malloc (_Size=0xc) returned 0x31e1d18 [0264.784] malloc (_Size=0x720) returned 0x31d2860 [0264.785] malloc (_Size=0xe3c) returned 0x1d9aa8 [0264.785] free (_Block=0x31d2860) [0264.785] malloc (_Size=0x15ac) returned 0x1da8f0 [0264.785] free (_Block=0x1d9aa8) [0264.785] malloc (_Size=0x23e4) returned 0x1dbea8 [0264.785] free (_Block=0x1da8f0) [0264.785] malloc (_Size=0x3274) returned 0x3a60048 [0264.786] free (_Block=0x1dbea8) [0264.786] malloc (_Size=0x4820) returned 0x1d9aa8 [0264.787] free (_Block=0x3a60048) [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.787] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] free (_Block=0x31e40b0) [0264.788] free (_Block=0x1d14e8) [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] GetCurrentThreadId () returned 0x1130 [0264.788] free (_Block=0x1d9aa8) [0264.789] free (_Block=0x31e1d18) [0264.789] free (_Block=0x1d7470) [0264.789] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bb808*, nNumberOfBytesToWrite=0x3642, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bb808*, lpNumberOfBytesWritten=0x19fbbc*=0x3642, lpOverlapped=0x0) returned 1 [0264.791] free (_Block=0x31d78e8) [0264.791] free (_Block=0x1d1338) [0264.791] CloseHandle (hObject=0x2b4) returned 1 [0264.791] CloseHandle (hObject=0x404) returned 1 [0264.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=8) returned 1 [0264.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=4) returned 1 [0264.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=8) returned 1 [0264.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=4) returned 1 [0264.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=8) returned 1 [0264.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=4) returned 1 [0264.791] SetLastError (dwErrCode=0x0) [0264.791] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", lpFilePart=0x19f9f8*="AutoPlayOptIn.png") returned 0x53 [0264.791] GetLastError () returned 0x0 [0264.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=8) returned 1 [0264.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=4) returned 1 [0264.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=8) returned 1 [0264.791] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=4) returned 1 [0264.792] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.792] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\autoplayoptin.png")) returned 1 [0264.794] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x28, wMilliseconds=0x2fb)) [0264.794] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0264.794] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.794] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0264.794] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.794] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0264.794] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.794] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0264.794] CloseHandle (hObject=0x404) returned 1 [0264.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AutoPlayOptIn.png]omgp:[D1VVK>WwA#\"Hxze.|?bKgP=&f_6t=y76]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0264.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AutoPlayOptIn.png]omgp:[D1VVK>WwA#\"Hxze.|?bKgP=&f_6t=y76]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0264.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AutoPlayOptIn.png]omgp:[D1VVK>WwA#\"Hxze.|?bKgP=&f_6t=y76]", cchWideChar=63, lpMultiByteStr=0x2541be8, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[AutoPlayOptIn.png]omgp:[D1VVK>WwA#\"Hxze.|?bKgP=&f_6t=y76]", lpUsedDefaultChar=0x0) returned 63 [0264.803] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0264.803] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U=") returned 172 [0264.803] GetCurrentThreadId () returned 0x1130 [0264.803] GetCurrentThreadId () returned 0x1130 [0264.803] GetCurrentThreadId () returned 0x1130 [0264.803] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.803] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.803] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.804] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.804] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.804] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.804] SetLastError (dwErrCode=0x0) [0264.804] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320") returned 0x8d [0264.804] GetLastError () returned 0x0 [0264.804] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.804] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.804] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.804] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.804] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.804] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].wannacash ncov v310320")) returned 0x20 [0264.804] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [761].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.805] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0264.805] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.805] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x3642 [0264.805] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.805] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0264.805] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.805] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.805] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.805] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.805] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3") returned 197 [0264.805] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.805] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3") returned 197 [0264.805] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x3642 [0264.805] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.806] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.806] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:k5ICmucc1smCPMBHFRouHyuVbsTOyptpJekpKsyOyBqqYgJ947nzjPss14Y7zypI1R1Y8uPQ1L/xhXqwNW8JCKweugE813Gk2yCGfHfa1v7k4Brtv5pUM4+6YqU+7hIvWaVH1OjUyH+c+5GBy/wW8OXOmhuKDoXm+lFwtk+9P4U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.806] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0264.806] CloseHandle (hObject=0x404) returned 1 [0264.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=8) returned 1 [0264.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=4) returned 1 [0264.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=8) returned 1 [0264.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=4) returned 1 [0264.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=8) returned 1 [0264.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=4) returned 1 [0264.806] SetLastError (dwErrCode=0x0) [0264.806] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", lpFilePart=0x19fa34*="AutoPlayOptIn.png") returned 0x53 [0264.806] GetLastError () returned 0x0 [0264.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=8) returned 1 [0264.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=4) returned 1 [0264.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=8) returned 1 [0264.806] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png", cchCount2=4) returned 1 [0264.807] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.807] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\autoplayoptin.png")) returned 0 [0264.807] GetLastError () returned 0x2 [0264.807] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\AutoPlayOptIn.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\autoplayoptin.png")) returned 0xffffffff [0264.807] SetLastError (dwErrCode=0x2) [0264.807] GetLastError () returned 0x2 [0264.807] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0264.807] LocalFree (hMem=0x92fe20) returned 0x0 [0264.807] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0264.807] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0264.808] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\elevatedappblue.png")) returned 0x20 [0264.808] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35971422454) returned 1 [0264.808] GetCurrentThreadId () returned 0x1130 [0264.808] GetCurrentThreadId () returned 0x1130 [0264.808] GetCurrentThreadId () returned 0x1130 [0264.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vn>LB%Z6HVcvbc1#x1PEXwJ,inbXoND$gtbMMK-;`2D", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0264.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vn>LB%Z6HVcvbc1#x1PEXwJ,inbXoND$gtbMMK-;`2D", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0264.808] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Vn>LB%Z6HVcvbc1#x1PEXwJ,inbXoND$gtbMMK-;`2D", cchWideChar=43, lpMultiByteStr=0x2524fd0, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Vn>LB%Z6HVcvbc1#x1PEXwJ,inbXoND$gtbMMK-;`2D", lpUsedDefaultChar=0x0) returned 43 [0264.808] GetCurrentThreadId () returned 0x1130 [0264.808] GetCurrentThreadId () returned 0x1130 [0264.808] GetCurrentThreadId () returned 0x1130 [0264.809] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\elevatedappblue.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.809] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0264.809] GetCurrentThreadId () returned 0x1130 [0264.809] GetCurrentThreadId () returned 0x1130 [0264.809] GetCurrentThreadId () returned 0x1130 [0264.809] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] malloc (_Size=0x64) returned 0x1d1338 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] GetCurrentThreadId () returned 0x1130 [0264.810] free (_Block=0x1d1338) [0264.810] malloc (_Size=0x60) returned 0x1d1338 [0264.810] free (_Block=0x1d1338) [0264.811] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.811] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1cd7 [0264.811] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.811] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.811] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1cd7 [0264.811] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0264.811] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x1cd7, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x1cd7, lpOverlapped=0x0) returned 1 [0264.857] malloc (_Size=0x8c) returned 0x1d1338 [0264.857] malloc (_Size=0xfc) returned 0x31d7af8 [0264.857] malloc (_Size=0x40) returned 0x1d14e8 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.857] GetCurrentThreadId () returned 0x1130 [0264.858] malloc (_Size=0xa5c) returned 0x31e40b0 [0264.858] malloc (_Size=0x40) returned 0x1d7470 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] GetCurrentThreadId () returned 0x1130 [0264.858] malloc (_Size=0xc) returned 0x31e1d18 [0264.858] malloc (_Size=0x720) returned 0x31d2860 [0264.858] malloc (_Size=0xe3c) returned 0x1d9aa8 [0264.859] free (_Block=0x31d2860) [0264.859] malloc (_Size=0x15ac) returned 0x1da8f0 [0264.859] free (_Block=0x1d9aa8) [0264.859] malloc (_Size=0x23e4) returned 0x1dbea8 [0264.859] free (_Block=0x1da8f0) [0264.859] malloc (_Size=0x3274) returned 0x3a60048 [0264.859] free (_Block=0x1dbea8) [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] free (_Block=0x31e40b0) [0264.860] free (_Block=0x1d14e8) [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.860] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] GetCurrentThreadId () returned 0x1130 [0264.861] free (_Block=0x3a60048) [0264.862] free (_Block=0x31e1d18) [0264.862] free (_Block=0x1d7470) [0264.862] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba208*, nNumberOfBytesToWrite=0x2733, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba208*, lpNumberOfBytesWritten=0x19fbbc*=0x2733, lpOverlapped=0x0) returned 1 [0264.863] free (_Block=0x31d7af8) [0264.863] free (_Block=0x1d1338) [0264.863] CloseHandle (hObject=0x2b4) returned 1 [0264.863] CloseHandle (hObject=0x404) returned 1 [0264.863] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=8) returned 1 [0264.863] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=4) returned 1 [0264.863] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=8) returned 1 [0264.863] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=4) returned 1 [0264.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=8) returned 1 [0264.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=4) returned 1 [0264.864] SetLastError (dwErrCode=0x0) [0264.864] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", lpFilePart=0x19f9f8*="ElevatedAppBlue.png") returned 0x55 [0264.864] GetLastError () returned 0x0 [0264.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=8) returned 1 [0264.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=4) returned 1 [0264.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=8) returned 1 [0264.864] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=4) returned 1 [0264.864] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.864] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\elevatedappblue.png")) returned 1 [0264.866] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x28, wMilliseconds=0x339)) [0264.866] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0264.866] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.866] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0264.866] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.866] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0264.866] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0264.866] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0264.866] CloseHandle (hObject=0x404) returned 1 [0264.866] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ElevatedAppBlue.png]omgp:[Vn>LB%Z6HVcvbc1#x1PEXwJ,inbXoND$gtbMMK-;`2D]", cchWideChar=76, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 76 [0264.866] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ElevatedAppBlue.png]omgp:[Vn>LB%Z6HVcvbc1#x1PEXwJ,inbXoND$gtbMMK-;`2D]", cchWideChar=76, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 76 [0264.866] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ElevatedAppBlue.png]omgp:[Vn>LB%Z6HVcvbc1#x1PEXwJ,inbXoND$gtbMMK-;`2D]", cchWideChar=76, lpMultiByteStr=0x252c708, cbMultiByte=76, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[ElevatedAppBlue.png]omgp:[Vn>LB%Z6HVcvbc1#x1PEXwJ,inbXoND$gtbMMK-;`2D]±ÇR\x02\x01", lpUsedDefaultChar=0x0) returned 76 [0264.876] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0264.876] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI=") returned 172 [0264.876] GetCurrentThreadId () returned 0x1130 [0264.876] GetCurrentThreadId () returned 0x1130 [0264.876] GetCurrentThreadId () returned 0x1130 [0264.876] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.876] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.876] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.876] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.876] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.876] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.876] SetLastError (dwErrCode=0x0) [0264.877] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320") returned 0x8d [0264.877] GetLastError () returned 0x0 [0264.877] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.877] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.877] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0264.877] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0264.877] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.877] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].wannacash ncov v310320")) returned 0x20 [0264.877] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [762].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0264.877] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0264.877] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.877] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2733 [0264.877] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0264.878] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0264.878] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.878] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.878] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.878] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.878] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.878] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.878] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.878] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3") returned 197 [0264.878] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0264.878] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3") returned 197 [0264.878] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2733 [0264.878] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.878] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0264.878] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zvxzknmZHK+FZ/ToJ5YW58PHyIarjAtJ3VAVcWFpRD6hB9kcTTWcATTZ0Gh4Hhbu+YbTNdFL9Sz5diw1VxRvBRF4i8FUwbt16MDbO74Wt7aOcsDn9wlDcGouAfctL2tKwDeUaemArAnSXaPm/90WOHLitx/vElAmZEn74OdnfhI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0264.878] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0264.879] CloseHandle (hObject=0x404) returned 1 [0264.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=8) returned 1 [0264.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=4) returned 1 [0264.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=8) returned 1 [0264.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=4) returned 1 [0264.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=8) returned 1 [0264.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=4) returned 1 [0264.879] SetLastError (dwErrCode=0x0) [0264.879] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", lpFilePart=0x19fa34*="ElevatedAppBlue.png") returned 0x55 [0264.879] GetLastError () returned 0x0 [0264.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=8) returned 1 [0264.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=4) returned 1 [0264.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=8) returned 1 [0264.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png", cchCount2=4) returned 1 [0264.879] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1")) returned 0x10 [0264.879] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\elevatedappblue.png")) returned 0 [0264.879] GetLastError () returned 0x2 [0264.879] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppBlue.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\elevatedappblue.png")) returned 0xffffffff [0264.880] SetLastError (dwErrCode=0x2) [0264.880] GetLastError () returned 0x2 [0264.880] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0264.880] LocalFree (hMem=0x92fe20) returned 0x0 [0264.880] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0264.880] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0264.880] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.6816.0313_1\\ElevatedAppWhite.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.6816.0313_1\\elevatedappwhite.png")) returned 0x20 [0264.880] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=35978657839) returned 1 [0264.880] GetCurrentThreadId () returned 0x1130 [0264.881] GetCurrentThreadId () returned 0x1130 [0264.881] GetCurrentThreadId () returned 0x1130 [0264.881] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="2z>j#H!?*582Q`d::I}=№ohwhvOHZHw;s5№", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0266.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CX-HeF_D\"B*yL=l#K.=OX->I}=№ohwhvOHZHw;s5№", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0266.805] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="CX-HeF_D\"B*yL=l#K.=OX->I}=№ohwhvOHZHw;s5№", cchWideChar=41, lpMultiByteStr=0x2533798, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CX-HeF_D\"B*yL=l#K.=OX->I}=â\x84\x96ohwhvOHZHw;s5â\x84\x96", lpUsedDefaultChar=0x0) returned 45 [0266.805] GetCurrentThreadId () returned 0x1130 [0266.805] GetCurrentThreadId () returned 0x1130 [0266.805] GetCurrentThreadId () returned 0x1130 [0266.805] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\error.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0266.805] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] GetCurrentThreadId () returned 0x1130 [0266.806] malloc (_Size=0x64) returned 0x1d1338 [0266.807] GetCurrentThreadId () returned 0x1130 [0266.807] GetCurrentThreadId () returned 0x1130 [0266.807] GetCurrentThreadId () returned 0x1130 [0266.807] GetCurrentThreadId () returned 0x1130 [0266.807] GetCurrentThreadId () returned 0x1130 [0266.807] GetCurrentThreadId () returned 0x1130 [0266.807] free (_Block=0x1d1338) [0266.807] malloc (_Size=0x60) returned 0x1d1338 [0266.807] free (_Block=0x1d1338) [0266.807] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0266.807] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1e64 [0266.807] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0266.807] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0266.807] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1e64 [0266.808] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0266.808] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x1e64, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x1e64, lpOverlapped=0x0) returned 1 [0266.810] malloc (_Size=0x8c) returned 0x1d1338 [0266.810] malloc (_Size=0xfc) returned 0x31d7d08 [0266.810] malloc (_Size=0x40) returned 0x1d14e8 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] malloc (_Size=0xa5c) returned 0x31e40b0 [0266.810] malloc (_Size=0x40) returned 0x1d7470 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.810] GetCurrentThreadId () returned 0x1130 [0266.811] GetCurrentThreadId () returned 0x1130 [0266.811] GetCurrentThreadId () returned 0x1130 [0266.811] GetCurrentThreadId () returned 0x1130 [0266.811] GetCurrentThreadId () returned 0x1130 [0266.811] GetCurrentThreadId () returned 0x1130 [0266.811] GetCurrentThreadId () returned 0x1130 [0266.811] GetCurrentThreadId () returned 0x1130 [0266.811] GetCurrentThreadId () returned 0x1130 [0266.811] GetCurrentThreadId () returned 0x1130 [0266.811] malloc (_Size=0xc) returned 0x31e1ec8 [0266.811] malloc (_Size=0x720) returned 0x31d2860 [0266.811] malloc (_Size=0xe3c) returned 0x1d9aa8 [0266.812] free (_Block=0x31d2860) [0266.812] malloc (_Size=0x15ac) returned 0x1da8f0 [0266.812] free (_Block=0x1d9aa8) [0266.812] malloc (_Size=0x23e4) returned 0x1dbea8 [0266.812] free (_Block=0x1da8f0) [0266.812] malloc (_Size=0x3274) returned 0x3a60048 [0266.812] free (_Block=0x1dbea8) [0266.812] GetCurrentThreadId () returned 0x1130 [0266.812] GetCurrentThreadId () returned 0x1130 [0266.812] GetCurrentThreadId () returned 0x1130 [0266.812] GetCurrentThreadId () returned 0x1130 [0266.812] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] free (_Block=0x31e40b0) [0266.813] free (_Block=0x1d14e8) [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.813] GetCurrentThreadId () returned 0x1130 [0266.814] GetCurrentThreadId () returned 0x1130 [0266.814] GetCurrentThreadId () returned 0x1130 [0266.814] GetCurrentThreadId () returned 0x1130 [0266.814] GetCurrentThreadId () returned 0x1130 [0266.814] GetCurrentThreadId () returned 0x1130 [0266.814] GetCurrentThreadId () returned 0x1130 [0266.814] GetCurrentThreadId () returned 0x1130 [0266.814] GetCurrentThreadId () returned 0x1130 [0266.814] free (_Block=0x3a60048) [0266.814] free (_Block=0x31e1ec8) [0266.814] free (_Block=0x1d7470) [0266.814] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba608*, nNumberOfBytesToWrite=0x294f, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba608*, lpNumberOfBytesWritten=0x19fbbc*=0x294f, lpOverlapped=0x0) returned 1 [0266.816] free (_Block=0x31d7d08) [0266.816] free (_Block=0x1d1338) [0266.816] CloseHandle (hObject=0x2b4) returned 1 [0266.816] CloseHandle (hObject=0x404) returned 1 [0266.816] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=8) returned 1 [0266.816] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=4) returned 1 [0266.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=8) returned 1 [0266.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=4) returned 1 [0266.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=8) returned 1 [0266.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=4) returned 1 [0266.817] SetLastError (dwErrCode=0x0) [0266.817] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", lpFilePart=0x19f9f8*="Error.png") returned 0x49 [0266.817] GetLastError () returned 0x0 [0266.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=8) returned 1 [0266.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=4) returned 1 [0266.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=8) returned 1 [0266.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=4) returned 1 [0266.817] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026")) returned 0x10 [0266.817] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\error.png")) returned 1 [0266.819] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x2a, wMilliseconds=0x312)) [0266.819] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0266.819] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0266.819] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0266.819] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0266.819] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0266.819] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0266.819] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0266.819] CloseHandle (hObject=0x404) returned 1 [0266.820] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Error.png]omgp:[CX-HeF_D\"B*yL=l#K.=OX->I}=№ohwhvOHZHw;s5№]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0266.820] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Error.png]omgp:[CX-HeF_D\"B*yL=l#K.=OX->I}=№ohwhvOHZHw;s5№]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0266.820] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Error.png]omgp:[CX-HeF_D\"B*yL=l#K.=OX->I}=№ohwhvOHZHw;s5№]", cchWideChar=64, lpMultiByteStr=0x2541be8, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[Error.png]omgp:[CX-HeF_D\"B*yL=l#K.=OX->I}=?ohwhvOHZHw;s5?]h", lpUsedDefaultChar=0x0) returned 64 [0266.829] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0266.829] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4=") returned 172 [0266.829] GetCurrentThreadId () returned 0x1130 [0266.829] GetCurrentThreadId () returned 0x1130 [0266.829] GetCurrentThreadId () returned 0x1130 [0266.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0266.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0266.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0266.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0266.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0266.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0266.829] SetLastError (dwErrCode=0x0) [0266.829] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320") returned 0x8b [0266.829] GetLastError () returned 0x0 [0266.829] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0266.830] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0266.830] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0266.830] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0266.830] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026")) returned 0x10 [0266.830] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].wannacash ncov v310320")) returned 0x20 [0266.830] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [781].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0266.830] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0266.830] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0266.830] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x294f [0266.830] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0266.831] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0266.935] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.935] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.935] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0266.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.935] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0266.935] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0266.935] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3") returned 197 [0266.935] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0266.935] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3") returned 197 [0266.936] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x294f [0266.936] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.936] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.936] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:URgpgOM/o4CCBZ7mpNJ+JKxV227n4p54ZcErAXRzZRF57qFOJc5kJ+AGHXpSyun9nAhQPraT8tGXVXPtxFU7uglHp/kt0Mi1P80tY4ppFqqIUOqhGms481BOoRyw6kmwlYwYsWKSKNmCd+hbdb6HSVMh00jDmin7Jn8LvF4GFk4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0266.936] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0266.936] CloseHandle (hObject=0x404) returned 1 [0266.936] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=8) returned 1 [0266.936] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=4) returned 1 [0266.936] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=8) returned 1 [0266.936] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=4) returned 1 [0266.936] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=8) returned 1 [0266.936] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=4) returned 1 [0266.937] SetLastError (dwErrCode=0x0) [0266.937] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", lpFilePart=0x19fa34*="Error.png") returned 0x49 [0266.937] GetLastError () returned 0x0 [0266.937] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=8) returned 1 [0266.937] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=4) returned 1 [0266.937] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=8) returned 1 [0266.937] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", cchCount2=4) returned 1 [0266.937] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026")) returned 0x10 [0266.937] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\error.png")) returned 0 [0266.937] GetLastError () returned 0x2 [0266.937] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\error.png")) returned 0xffffffff [0266.937] SetLastError (dwErrCode=0x2) [0266.937] GetLastError () returned 0x2 [0266.937] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0266.937] LocalFree (hMem=0x92fe20) returned 0x0 [0266.937] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0266.938] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0266.938] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\errorpage.html")) returned 0x20 [0266.946] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36185223283) returned 1 [0266.946] GetCurrentThreadId () returned 0x1130 [0266.946] GetCurrentThreadId () returned 0x1130 [0266.946] GetCurrentThreadId () returned 0x1130 [0266.946] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="U3w@G№I,5qenNS&1_+kPwsFA)V$V=HT<6?LCtR", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0266.946] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="U3w@G№I,5qenNS&1_+kPwsFA)V$V=HT<6?LCtR", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0266.946] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="U3w@G№I,5qenNS&1_+kPwsFA)V$V=HT<6?LCtR", cchWideChar=38, lpMultiByteStr=0x2525040, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="U3w@Gâ\x84\x96I,5qenNS&1_+kPwsFA)V$V=HT<6?LCtR", lpUsedDefaultChar=0x0) returned 40 [0266.946] GetCurrentThreadId () returned 0x1130 [0266.946] GetCurrentThreadId () returned 0x1130 [0266.947] GetCurrentThreadId () returned 0x1130 [0266.947] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\errorpage.html"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0266.947] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0266.968] GetCurrentThreadId () returned 0x1130 [0266.968] GetCurrentThreadId () returned 0x1130 [0266.968] GetCurrentThreadId () returned 0x1130 [0266.968] GetCurrentThreadId () returned 0x1130 [0266.968] GetCurrentThreadId () returned 0x1130 [0266.968] GetCurrentThreadId () returned 0x1130 [0266.968] GetCurrentThreadId () returned 0x1130 [0266.968] GetCurrentThreadId () returned 0x1130 [0266.968] GetCurrentThreadId () returned 0x1130 [0266.969] GetCurrentThreadId () returned 0x1130 [0266.969] GetCurrentThreadId () returned 0x1130 [0266.969] GetCurrentThreadId () returned 0x1130 [0266.969] GetCurrentThreadId () returned 0x1130 [0266.969] malloc (_Size=0x64) returned 0x1d1338 [0266.969] GetCurrentThreadId () returned 0x1130 [0266.969] GetCurrentThreadId () returned 0x1130 [0266.969] GetCurrentThreadId () returned 0x1130 [0266.969] GetCurrentThreadId () returned 0x1130 [0266.969] GetCurrentThreadId () returned 0x1130 [0266.969] GetCurrentThreadId () returned 0x1130 [0266.969] free (_Block=0x1d1338) [0266.969] malloc (_Size=0x60) returned 0x1d1338 [0266.969] free (_Block=0x1d1338) [0266.969] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0266.969] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x13c4 [0266.970] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0266.970] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0266.970] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x13c4 [0266.970] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0266.970] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x13c4, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x13c4, lpOverlapped=0x0) returned 1 [0266.972] malloc (_Size=0x8c) returned 0x1d1338 [0266.972] malloc (_Size=0xfc) returned 0x31d7c00 [0266.972] malloc (_Size=0x40) returned 0x1d14e8 [0266.972] GetCurrentThreadId () returned 0x1130 [0266.972] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] malloc (_Size=0xa5c) returned 0x31e40b0 [0266.973] malloc (_Size=0x40) returned 0x1d7470 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.973] GetCurrentThreadId () returned 0x1130 [0266.974] GetCurrentThreadId () returned 0x1130 [0266.974] GetCurrentThreadId () returned 0x1130 [0266.974] GetCurrentThreadId () returned 0x1130 [0266.974] GetCurrentThreadId () returned 0x1130 [0266.974] GetCurrentThreadId () returned 0x1130 [0266.974] GetCurrentThreadId () returned 0x1130 [0266.974] GetCurrentThreadId () returned 0x1130 [0266.974] GetCurrentThreadId () returned 0x1130 [0266.974] malloc (_Size=0xc) returned 0x31e1e68 [0266.974] malloc (_Size=0x720) returned 0x31d2860 [0266.974] malloc (_Size=0xe3c) returned 0x1d9aa8 [0266.975] free (_Block=0x31d2860) [0266.975] malloc (_Size=0x15ac) returned 0x1da8f0 [0266.975] free (_Block=0x1d9aa8) [0266.975] malloc (_Size=0x23e4) returned 0x1dbea8 [0266.975] free (_Block=0x1da8f0) [0266.975] GetCurrentThreadId () returned 0x1130 [0266.975] GetCurrentThreadId () returned 0x1130 [0266.975] GetCurrentThreadId () returned 0x1130 [0266.975] GetCurrentThreadId () returned 0x1130 [0266.975] GetCurrentThreadId () returned 0x1130 [0266.975] GetCurrentThreadId () returned 0x1130 [0266.975] GetCurrentThreadId () returned 0x1130 [0266.975] GetCurrentThreadId () returned 0x1130 [0266.975] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] free (_Block=0x31e40b0) [0266.976] free (_Block=0x1d14e8) [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.976] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] GetCurrentThreadId () returned 0x1130 [0266.977] free (_Block=0x1dbea8) [0266.978] free (_Block=0x31e1e68) [0266.978] free (_Block=0x1d7470) [0266.978] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b9008*, nNumberOfBytesToWrite=0x1aea, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b9008*, lpNumberOfBytesWritten=0x19fbbc*=0x1aea, lpOverlapped=0x0) returned 1 [0266.979] free (_Block=0x31d7c00) [0266.979] free (_Block=0x1d1338) [0266.979] CloseHandle (hObject=0x2b4) returned 1 [0266.979] CloseHandle (hObject=0x404) returned 1 [0266.980] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=8) returned 1 [0266.980] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=4) returned 1 [0266.980] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=8) returned 1 [0266.980] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=4) returned 1 [0266.980] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=8) returned 1 [0266.980] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=4) returned 1 [0266.980] SetLastError (dwErrCode=0x0) [0266.980] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", lpFilePart=0x19f9f8*="ErrorPage.html") returned 0x4e [0266.980] GetLastError () returned 0x0 [0266.980] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=8) returned 1 [0266.980] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=4) returned 1 [0266.980] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=8) returned 1 [0266.980] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=4) returned 1 [0266.980] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026")) returned 0x10 [0266.980] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\errorpage.html")) returned 1 [0266.982] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x2a, wMilliseconds=0x3ae)) [0266.982] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0266.982] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0266.983] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0266.983] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0266.983] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0266.983] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0266.983] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0266.983] CloseHandle (hObject=0x404) returned 1 [0266.983] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ErrorPage.html]omgp:[U3w@G№I,5qenNS&1_+kPwsFA)V$V=HT<6?LCtR]", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0266.983] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ErrorPage.html]omgp:[U3w@G№I,5qenNS&1_+kPwsFA)V$V=HT<6?LCtR]", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0266.983] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ErrorPage.html]omgp:[U3w@G№I,5qenNS&1_+kPwsFA)V$V=HT<6?LCtR]", cchWideChar=66, lpMultiByteStr=0x2541be8, cbMultiByte=66, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[ErrorPage.html]omgp:[U3w@G?I,5qenNS&1_+kPwsFA)V$V=HT<6?LCtR]", lpUsedDefaultChar=0x0) returned 66 [0266.994] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0266.994] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4=") returned 172 [0266.994] GetCurrentThreadId () returned 0x1130 [0266.994] GetCurrentThreadId () returned 0x1130 [0266.994] GetCurrentThreadId () returned 0x1130 [0266.994] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0266.994] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0266.994] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0266.994] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0266.994] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0266.994] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0266.994] SetLastError (dwErrCode=0x0) [0266.994] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320") returned 0x8b [0266.994] GetLastError () returned 0x0 [0266.994] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0266.994] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0266.995] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0266.995] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0266.995] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026")) returned 0x10 [0266.995] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].wannacash ncov v310320")) returned 0x20 [0266.995] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\Файл зашифрован. Пиши. Почта clubnika@elude.in [782].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0266.995] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0266.995] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0266.995] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1aea [0266.995] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0266.996] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0266.996] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.996] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.996] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0266.996] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.996] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.996] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0266.996] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0266.996] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3") returned 197 [0266.996] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0266.996] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3") returned 197 [0266.996] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1aea [0266.996] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.996] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0266.996] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qthWCrhKT8uEtno9lOg1XBmYnryMPZvjR2UDGs0cek51FYUgHbC9tmNKK/M1W9ZkgzcK6Q4u9GUPsN54RA9Ya2LmdFeJueI1rjN/RbBm2jSgDk1LGBMhf6LjY6w4sfy9jKq7GC/ekHAZ4lUIHmc0XDFRoEGwN7GrQJ9NVF2pwW4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0266.996] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0266.997] CloseHandle (hObject=0x404) returned 1 [0266.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=8) returned 1 [0266.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=4) returned 1 [0266.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=8) returned 1 [0266.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=4) returned 1 [0266.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=8) returned 1 [0266.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=4) returned 1 [0266.997] SetLastError (dwErrCode=0x0) [0266.997] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", lpFilePart=0x19fa34*="ErrorPage.html") returned 0x4e [0266.997] GetLastError () returned 0x0 [0266.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=8) returned 1 [0266.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=4) returned 1 [0266.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=8) returned 1 [0266.997] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", cchCount2=4) returned 1 [0266.997] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026")) returned 0x10 [0266.998] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\errorpage.html")) returned 0 [0266.998] GetLastError () returned 0x2 [0266.998] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\errorpage.html")) returned 0xffffffff [0266.998] SetLastError (dwErrCode=0x2) [0266.998] GetLastError () returned 0x2 [0266.998] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0266.998] LocalFree (hMem=0x92fe20) returned 0x0 [0266.998] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0266.998] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0266.999] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\17.3.7076.1026\\LoadingPage.html" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\17.3.7076.1026\\loadingpage.html")) returned 0x20 [0266.999] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36190516046) returned 1 [0266.999] GetCurrentThreadId () returned 0x1130 [0266.999] GetCurrentThreadId () returned 0x1130 [0266.999] GetCurrentThreadId () returned 0x1130 [0266.999] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="z.q№XLxCFweP/C7duq!55\"w2Mr5mfkQ9\\~m=", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0271.268] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="%r;xg№V!№`1jU=TykxrW9qbcm&>7duq!55\"w2Mr5mfkQ9\\~m=", cchWideChar=49, lpMultiByteStr=0x25169b0, cbMultiByte=53, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="%r;xgâ\x84\x96V!â\x84\x96`1jU=TykxrW9qbcm&>7duq!55\"w2Mr5mfkQ9\\~m=", lpUsedDefaultChar=0x0) returned 53 [0271.268] GetCurrentThreadId () returned 0x1130 [0271.268] GetCurrentThreadId () returned 0x1130 [0271.268] GetCurrentThreadId () returned 0x1130 [0271.268] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\standaloneupdater\\update.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.268] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\standaloneupdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] malloc (_Size=0x64) returned 0x1d1338 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.346] GetCurrentThreadId () returned 0x1130 [0271.347] free (_Block=0x1d1338) [0271.347] malloc (_Size=0x60) returned 0x1d1338 [0271.347] free (_Block=0x1d1338) [0271.347] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.347] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x183 [0271.347] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.347] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.347] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x183 [0271.347] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.347] ReadFile (in: hFile=0x404, lpBuffer=0x2456078, nNumberOfBytesToRead=0x183, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x2456078*, lpNumberOfBytesRead=0x19fbc8*=0x183, lpOverlapped=0x0) returned 1 [0271.348] malloc (_Size=0x8c) returned 0x1d1338 [0271.348] malloc (_Size=0xfc) returned 0x31d72b8 [0271.348] malloc (_Size=0x40) returned 0x1d14e8 [0271.348] GetCurrentThreadId () returned 0x1130 [0271.348] GetCurrentThreadId () returned 0x1130 [0271.348] GetCurrentThreadId () returned 0x1130 [0271.348] GetCurrentThreadId () returned 0x1130 [0271.348] GetCurrentThreadId () returned 0x1130 [0271.348] GetCurrentThreadId () returned 0x1130 [0271.348] GetCurrentThreadId () returned 0x1130 [0271.348] GetCurrentThreadId () returned 0x1130 [0271.348] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] malloc (_Size=0xa5c) returned 0x31e40b0 [0271.349] malloc (_Size=0x40) returned 0x1d7470 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] malloc (_Size=0xc) returned 0x31e1dc0 [0271.349] malloc (_Size=0x2b8) returned 0x31e4b18 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.349] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] free (_Block=0x31e40b0) [0271.350] free (_Block=0x1d14e8) [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.350] GetCurrentThreadId () returned 0x1130 [0271.351] GetCurrentThreadId () returned 0x1130 [0271.351] free (_Block=0x31e4b18) [0271.351] free (_Block=0x31e1dc0) [0271.351] free (_Block=0x1d7470) [0271.351] WriteFile (in: hFile=0x2b4, lpBuffer=0x2413fd8*, nNumberOfBytesToWrite=0x235, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2413fd8*, lpNumberOfBytesWritten=0x19fbbc*=0x235, lpOverlapped=0x0) returned 1 [0271.352] free (_Block=0x31d72b8) [0271.352] free (_Block=0x1d1338) [0271.352] CloseHandle (hObject=0x2b4) returned 1 [0271.352] CloseHandle (hObject=0x404) returned 1 [0271.352] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=8) returned 1 [0271.352] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=4) returned 1 [0271.352] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=8) returned 1 [0271.352] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=4) returned 1 [0271.352] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=8) returned 1 [0271.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=4) returned 1 [0271.353] SetLastError (dwErrCode=0x0) [0271.353] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", lpFilePart=0x19f9f8*="Update.xml") returned 0x4d [0271.353] GetLastError () returned 0x0 [0271.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=8) returned 1 [0271.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=4) returned 1 [0271.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=8) returned 1 [0271.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=4) returned 1 [0271.353] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\standaloneupdater")) returned 0x10 [0271.353] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\standaloneupdater\\update.xml")) returned 1 [0271.354] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x2f, wMilliseconds=0x141)) [0271.354] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0271.354] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0271.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0271.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0271.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0271.355] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0271.355] CloseHandle (hObject=0x404) returned 1 [0271.355] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Update.xml]omgp:[%r;xg№V!№`1jU=TykxrW9qbcm&>7duq!55\"w2Mr5mfkQ9\\~m=]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0271.355] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Update.xml]omgp:[%r;xg№V!№`1jU=TykxrW9qbcm&>7duq!55\"w2Mr5mfkQ9\\~m=]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0271.355] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Update.xml]omgp:[%r;xg№V!№`1jU=TykxrW9qbcm&>7duq!55\"w2Mr5mfkQ9\\~m=]", cchWideChar=73, lpMultiByteStr=0x252c708, cbMultiByte=73, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[Update.xml]omgp:[%r;xg?V!?`1jU=TykxrW9qbcm&>7duq!55\"w2Mr5mfkQ9\\~m=]", lpUsedDefaultChar=0x0) returned 73 [0271.364] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0271.364] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0=") returned 172 [0271.364] GetCurrentThreadId () returned 0x1130 [0271.364] GetCurrentThreadId () returned 0x1130 [0271.364] GetCurrentThreadId () returned 0x1130 [0271.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.364] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.365] SetLastError (dwErrCode=0x0) [0271.365] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320") returned 0x8e [0271.365] GetLastError () returned 0x0 [0271.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.365] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\standaloneupdater")) returned 0x10 [0271.365] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\standaloneupdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].wannacash ncov v310320")) returned 0x20 [0271.365] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\standaloneupdater\\Файл зашифрован. Пиши. Почта clubnika@elude.in [828].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.384] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0271.384] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0271.384] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x235 [0271.384] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0271.384] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0271.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.384] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.384] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.384] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.385] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.385] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0271.385] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3") returned 197 [0271.385] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0271.385] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3") returned 197 [0271.385] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x235 [0271.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:jPzV1dXq0mXwrhO8R3q+KanSUILfoA2WYmjELSO/DQyTWkWRSCXz93P/TMwKwbce+Xz77v5LtnuRFUf1pT+oKWYVdEN4CDB7VVVQK/btSgTTp889eHgT+zhtYh6zOnoM9Eg3Ds75MAEPIb8nwd7FExL+UBO6LIDcg7XdcdTXox0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.385] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0271.385] CloseHandle (hObject=0x404) returned 1 [0271.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=8) returned 1 [0271.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=4) returned 1 [0271.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=8) returned 1 [0271.385] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=4) returned 1 [0271.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=8) returned 1 [0271.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=4) returned 1 [0271.386] SetLastError (dwErrCode=0x0) [0271.386] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", lpFilePart=0x19fa34*="Update.xml") returned 0x4d [0271.386] GetLastError () returned 0x0 [0271.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=8) returned 1 [0271.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=4) returned 1 [0271.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=8) returned 1 [0271.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", cchCount2=4) returned 1 [0271.386] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\standaloneupdater")) returned 0x10 [0271.386] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\standaloneupdater\\update.xml")) returned 0 [0271.386] GetLastError () returned 0x2 [0271.386] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\standaloneupdater\\update.xml")) returned 0xffffffff [0271.386] SetLastError (dwErrCode=0x2) [0271.386] GetLastError () returned 0x2 [0271.386] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0271.386] LocalFree (hMem=0x92fe20) returned 0x0 [0271.386] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0271.387] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0271.387] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\update\\update.xml")) returned 0x20 [0271.387] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36629333620) returned 1 [0271.387] GetCurrentThreadId () returned 0x1130 [0271.387] GetCurrentThreadId () returned 0x1130 [0271.387] GetCurrentThreadId () returned 0x1130 [0271.387] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="R9Ht%TsS-U}PJW&ugHslI5XT(J-&p#~um^=%QG", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0271.387] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="R9Ht%TsS-U}PJW&ugHslI5XT(J-&p#~um^=%QG", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0271.387] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="R9Ht%TsS-U}PJW&ugHslI5XT(J-&p#~um^=%QG", cchWideChar=38, lpMultiByteStr=0x2524fd0, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="R9Ht%TsS-U}PJW&ugHslI5XT(J-&p#~um^=%QG", lpUsedDefaultChar=0x0) returned 38 [0271.388] GetCurrentThreadId () returned 0x1130 [0271.388] GetCurrentThreadId () returned 0x1130 [0271.388] GetCurrentThreadId () returned 0x1130 [0271.388] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\update\\update.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.388] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0271.388] GetCurrentThreadId () returned 0x1130 [0271.388] GetCurrentThreadId () returned 0x1130 [0271.388] GetCurrentThreadId () returned 0x1130 [0271.388] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] malloc (_Size=0x64) returned 0x1d1338 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] GetCurrentThreadId () returned 0x1130 [0271.389] free (_Block=0x1d1338) [0271.389] malloc (_Size=0x60) returned 0x1d1338 [0271.389] free (_Block=0x1d1338) [0271.389] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.390] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x183 [0271.390] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.390] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.390] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x183 [0271.390] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.390] ReadFile (in: hFile=0x404, lpBuffer=0x2455ed8, nNumberOfBytesToRead=0x183, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x2455ed8*, lpNumberOfBytesRead=0x19fbc8*=0x183, lpOverlapped=0x0) returned 1 [0271.391] malloc (_Size=0x8c) returned 0x1d1338 [0271.391] malloc (_Size=0xfc) returned 0x31d7d08 [0271.391] malloc (_Size=0x40) returned 0x1d14e8 [0271.391] GetCurrentThreadId () returned 0x1130 [0271.391] GetCurrentThreadId () returned 0x1130 [0271.391] GetCurrentThreadId () returned 0x1130 [0271.391] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] malloc (_Size=0xa5c) returned 0x31e40b0 [0271.392] malloc (_Size=0x40) returned 0x1d7470 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] malloc (_Size=0xc) returned 0x31e1dc0 [0271.392] malloc (_Size=0x2b8) returned 0x31e4b18 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.392] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] free (_Block=0x31e40b0) [0271.393] free (_Block=0x1d14e8) [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.393] GetCurrentThreadId () returned 0x1130 [0271.394] GetCurrentThreadId () returned 0x1130 [0271.394] GetCurrentThreadId () returned 0x1130 [0271.394] GetCurrentThreadId () returned 0x1130 [0271.394] GetCurrentThreadId () returned 0x1130 [0271.394] GetCurrentThreadId () returned 0x1130 [0271.394] GetCurrentThreadId () returned 0x1130 [0271.394] GetCurrentThreadId () returned 0x1130 [0271.394] GetCurrentThreadId () returned 0x1130 [0271.394] free (_Block=0x31e4b18) [0271.394] free (_Block=0x31e1dc0) [0271.394] free (_Block=0x1d7470) [0271.394] WriteFile (in: hFile=0x2b4, lpBuffer=0x2413fd8*, nNumberOfBytesToWrite=0x235, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2413fd8*, lpNumberOfBytesWritten=0x19fbbc*=0x235, lpOverlapped=0x0) returned 1 [0271.395] free (_Block=0x31d7d08) [0271.395] free (_Block=0x1d1338) [0271.395] CloseHandle (hObject=0x2b4) returned 1 [0271.401] CloseHandle (hObject=0x404) returned 1 [0271.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=8) returned 1 [0271.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=4) returned 1 [0271.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=8) returned 1 [0271.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=4) returned 1 [0271.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=8) returned 1 [0271.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=4) returned 1 [0271.401] SetLastError (dwErrCode=0x0) [0271.401] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", lpFilePart=0x19f9f8*="update.xml") returned 0x42 [0271.401] GetLastError () returned 0x0 [0271.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=8) returned 1 [0271.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=4) returned 1 [0271.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=8) returned 1 [0271.401] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=4) returned 1 [0271.401] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\update")) returned 0x10 [0271.402] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\update\\update.xml")) returned 1 [0271.403] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x2f, wMilliseconds=0x16f)) [0271.403] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0271.403] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.403] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0271.403] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0271.403] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0271.403] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0271.404] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0271.404] CloseHandle (hObject=0x404) returned 1 [0271.404] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[update.xml]omgp:[R9Ht%TsS-U}PJW&ugHslI5XT(J-&p#~um^=%QG]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0271.404] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[update.xml]omgp:[R9Ht%TsS-U}PJW&ugHslI5XT(J-&p#~um^=%QG]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0271.404] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[update.xml]omgp:[R9Ht%TsS-U}PJW&ugHslI5XT(J-&p#~um^=%QG]", cchWideChar=62, lpMultiByteStr=0x2541d78, cbMultiByte=62, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[update.xml]omgp:[R9Ht%TsS-U}PJW&ugHslI5XT(J-&p#~um^=%QG]#", lpUsedDefaultChar=0x0) returned 62 [0271.413] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0271.413] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs=") returned 172 [0271.413] GetCurrentThreadId () returned 0x1130 [0271.413] GetCurrentThreadId () returned 0x1130 [0271.413] GetCurrentThreadId () returned 0x1130 [0271.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.413] SetLastError (dwErrCode=0x0) [0271.413] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320") returned 0x83 [0271.413] GetLastError () returned 0x0 [0271.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.413] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\update")) returned 0x10 [0271.414] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].wannacash ncov v310320")) returned 0x20 [0271.414] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\update\\Файл зашифрован. Пиши. Почта clubnika@elude.in [829].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.414] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0271.414] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0271.414] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x235 [0271.414] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0271.414] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0271.414] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.414] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.414] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.414] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.415] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0271.415] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3") returned 197 [0271.415] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0271.415] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3") returned 197 [0271.415] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x235 [0271.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5biqwlCY1X1ot/FSPC9d5oFg+q9DhXGyiMPBTKGbPLaVP6/1L4No5n1zq6pv6H3SzImQBzpCMvlD/59kYqfDO2yIv88zK4TtMNXKhcp0HpZ25E7KX2IPMmeZFLlvgYA46X43xRrI+YPdp3oPTLbQCZrsJV4jyF6Q53z3PKqD1Hs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.415] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0271.415] CloseHandle (hObject=0x404) returned 1 [0271.415] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=8) returned 1 [0271.415] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=4) returned 1 [0271.415] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=8) returned 1 [0271.415] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=4) returned 1 [0271.415] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=8) returned 1 [0271.415] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=4) returned 1 [0271.415] SetLastError (dwErrCode=0x0) [0271.416] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", lpFilePart=0x19fa34*="update.xml") returned 0x42 [0271.416] GetLastError () returned 0x0 [0271.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=8) returned 1 [0271.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=4) returned 1 [0271.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=8) returned 1 [0271.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml", cchCount2=4) returned 1 [0271.416] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\update")) returned 0x10 [0271.416] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\update\\update.xml")) returned 0 [0271.416] GetLastError () returned 0x2 [0271.416] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\OneDrive\\Update\\update.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\onedrive\\update\\update.xml")) returned 0xffffffff [0271.416] SetLastError (dwErrCode=0x2) [0271.416] GetLastError () returned 0x2 [0271.416] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0271.416] LocalFree (hMem=0x92fe20) returned 0x0 [0271.416] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0271.417] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0271.417] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_availabilityoptions_2_552986138d849b4eab2449c96be58de9.dat")) returned 0x20 [0271.418] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36632403623) returned 1 [0271.418] GetCurrentThreadId () returned 0x1130 [0271.418] GetCurrentThreadId () returned 0x1130 [0271.418] GetCurrentThreadId () returned 0x1130 [0271.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="M.BHE>\"p$7{N_=E4Y`=p65>!y\\>Z{!\\5:n`L?zf>\"!m(hFw", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0271.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="M.BHE>\"p$7{N_=E4Y`=p65>!y\\>Z{!\\5:n`L?zf>\"!m(hFw", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0271.418] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="M.BHE>\"p$7{N_=E4Y`=p65>!y\\>Z{!\\5:n`L?zf>\"!m(hFw", cchWideChar=47, lpMultiByteStr=0x25337d8, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="M.BHE>\"p$7{N_=E4Y`=p65>!y\\>Z{!\\5:n`L?zf>\"!m(hFw", lpUsedDefaultChar=0x0) returned 47 [0271.418] GetCurrentThreadId () returned 0x1130 [0271.418] GetCurrentThreadId () returned 0x1130 [0271.418] GetCurrentThreadId () returned 0x1130 [0271.418] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_availabilityoptions_2_552986138d849b4eab2449c96be58de9.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.418] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.419] GetCurrentThreadId () returned 0x1130 [0271.420] malloc (_Size=0x64) returned 0x1d1338 [0271.420] GetCurrentThreadId () returned 0x1130 [0271.420] GetCurrentThreadId () returned 0x1130 [0271.420] GetCurrentThreadId () returned 0x1130 [0271.420] GetCurrentThreadId () returned 0x1130 [0271.420] GetCurrentThreadId () returned 0x1130 [0271.420] GetCurrentThreadId () returned 0x1130 [0271.420] free (_Block=0x1d1338) [0271.420] malloc (_Size=0x60) returned 0x1d1338 [0271.420] free (_Block=0x1d1338) [0271.420] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.420] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1a6 [0271.420] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.420] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.420] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1a6 [0271.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.421] ReadFile (in: hFile=0x404, lpBuffer=0x24362f8, nNumberOfBytesToRead=0x1a6, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24362f8*, lpNumberOfBytesRead=0x19fbc8*=0x1a6, lpOverlapped=0x0) returned 1 [0271.460] malloc (_Size=0x8c) returned 0x1d1338 [0271.460] malloc (_Size=0xfc) returned 0x31d7e10 [0271.461] malloc (_Size=0x40) returned 0x1d14e8 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] malloc (_Size=0xa5c) returned 0x31e40b0 [0271.461] malloc (_Size=0x40) returned 0x1d7470 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.461] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] malloc (_Size=0xc) returned 0x31e1ca0 [0271.462] malloc (_Size=0x310) returned 0x31e4b18 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] free (_Block=0x31e40b0) [0271.462] free (_Block=0x1d14e8) [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.462] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] GetCurrentThreadId () returned 0x1130 [0271.463] free (_Block=0x31e4b18) [0271.463] free (_Block=0x31e1ca0) [0271.463] free (_Block=0x1d7470) [0271.463] WriteFile (in: hFile=0x2b4, lpBuffer=0x2413fd8*, nNumberOfBytesToWrite=0x262, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2413fd8*, lpNumberOfBytesWritten=0x19fbbc*=0x262, lpOverlapped=0x0) returned 1 [0271.465] free (_Block=0x31d7e10) [0271.465] free (_Block=0x1d1338) [0271.465] CloseHandle (hObject=0x2b4) returned 1 [0271.465] CloseHandle (hObject=0x404) returned 1 [0271.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=8) returned 1 [0271.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=4) returned 1 [0271.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=8) returned 1 [0271.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=4) returned 1 [0271.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=8) returned 1 [0271.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=4) returned 1 [0271.466] SetLastError (dwErrCode=0x0) [0271.466] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", lpFilePart=0x19f9f8*="Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat") returned 0x7b [0271.466] GetLastError () returned 0x0 [0271.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=8) returned 1 [0271.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=4) returned 1 [0271.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=8) returned 1 [0271.466] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=4) returned 1 [0271.466] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache")) returned 0x10 [0271.466] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_availabilityoptions_2_552986138d849b4eab2449c96be58de9.dat")) returned 1 [0271.468] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x2f, wMilliseconds=0x1ae)) [0271.468] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0271.468] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0271.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0271.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0271.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0271.468] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0271.468] CloseHandle (hObject=0x404) returned 1 [0271.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat]omgp:[M.BHE>\"p$7{N_=E4Y`=p65>!y\\>Z{!\\5:n`L?zf>\"!m(hFw]", cchWideChar=126, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 126 [0271.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat]omgp:[M.BHE>\"p$7{N_=E4Y`=p65>!y\\>Z{!\\5:n`L?zf>\"!m(hFw]", cchWideChar=126, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 126 [0271.469] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat]omgp:[M.BHE>\"p$7{N_=E4Y`=p65>!y\\>Z{!\\5:n`L?zf>\"!m(hFw]", cchWideChar=126, lpMultiByteStr=0x24aa398, cbMultiByte=126, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat]omgp:[M.BHE>\"p$7{N_=E4Y`=p65>!y\\>Z{!\\5:n`L?zf>\"!m(hFw]]", lpUsedDefaultChar=0x0) returned 126 [0271.486] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e438, cbMultiByte=344, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 344 [0271.486] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x248e438, cbMultiByte=344, lpWideCharStr=0x39b67cc, cchWideChar=344 | out: lpWideCharStr="5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg==") returned 344 [0271.486] GetCurrentThreadId () returned 0x1130 [0271.486] GetCurrentThreadId () returned 0x1130 [0271.486] GetCurrentThreadId () returned 0x1130 [0271.486] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.486] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.486] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.486] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.486] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.486] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.486] SetLastError (dwErrCode=0x0) [0271.486] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320") returned 0x85 [0271.486] GetLastError () returned 0x0 [0271.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.487] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.487] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache")) returned 0x10 [0271.487] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].wannacash ncov v310320")) returned 0x20 [0271.487] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [830].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.487] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0271.487] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0271.487] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x262 [0271.488] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0271.488] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0271.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0271.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0271.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e438, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0271.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0271.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0271.488] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0271.488] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e438, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0271.488] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e438, cbMultiByte=369, lpWideCharStr=0x39bf51c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3") returned 369 [0271.488] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 369 [0271.488] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x248e2b8, cbMultiByte=369, lpWideCharStr=0x39bf83c, cchWideChar=369 | out: lpWideCharStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3") returned 369 [0271.488] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x262 [0271.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0271.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", cchWideChar=369, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 369 [0271.488] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", cchWideChar=369, lpMultiByteStr=0x248e5b8, cbMultiByte=369, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5v33GGg+F5LqPjzSAyuZ2emsA/QoikuOIzZfBLl6oM0lOG6e0sBt8oczbz7kvXbZMFp9wMLW0znjWLbVG5afkPHYWskk5bcvRPRhk0OycKvcOA9f7e2+h/uZRzfD9FRrNkF69K4VGt4T4ZR1oy9+nhwUoYlMnWIVg8aRJ8QbTUnJlCcjQok2Sgjhg2uelCV8SHnL3urU1dUf8ORZsReZlswuUl0ZD669bw9Hz08k8BvDcO5yw91myE/3GtDn1gzXKVZUMyPuxPkD2JtNpEMdF+MHSZPnu0ZPwKCKBkTEm+UFVZJY2p0GXDWBUH8JwCT1w6Ef2Cpa6ZzKfkZs4shJVg== key:pb3", lpUsedDefaultChar=0x0) returned 369 [0271.488] WriteFile (in: hFile=0x404, lpBuffer=0x248e5b8*, nNumberOfBytesToWrite=0x171, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x248e5b8*, lpNumberOfBytesWritten=0x19fc04*=0x171, lpOverlapped=0x0) returned 1 [0271.489] CloseHandle (hObject=0x404) returned 1 [0271.489] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=8) returned 1 [0271.489] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=4) returned 1 [0271.489] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=8) returned 1 [0271.489] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=4) returned 1 [0271.489] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=8) returned 1 [0271.489] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=4) returned 1 [0271.489] SetLastError (dwErrCode=0x0) [0271.489] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", lpFilePart=0x19fa34*="Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat") returned 0x7b [0271.489] GetLastError () returned 0x0 [0271.489] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=8) returned 1 [0271.489] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=4) returned 1 [0271.489] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=8) returned 1 [0271.489] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat", cchCount2=4) returned 1 [0271.489] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache")) returned 0x10 [0271.489] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_availabilityoptions_2_552986138d849b4eab2449c96be58de9.dat")) returned 0 [0271.490] GetLastError () returned 0x2 [0271.490] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_AvailabilityOptions_2_552986138D849B4EAB2449C96BE58DE9.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_availabilityoptions_2_552986138d849b4eab2449c96be58de9.dat")) returned 0xffffffff [0271.490] SetLastError (dwErrCode=0x2) [0271.490] GetLastError () returned 0x2 [0271.490] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0271.490] LocalFree (hMem=0x92fe20) returned 0x0 [0271.490] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0271.492] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0271.492] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_calendar_2_5a35e38a428e384aaa89f0fabc43bc63.dat")) returned 0x20 [0271.492] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36639942419) returned 1 [0271.493] GetCurrentThreadId () returned 0x1130 [0271.493] GetCurrentThreadId () returned 0x1130 [0271.493] GetCurrentThreadId () returned 0x1130 [0271.493] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#1b6b},WLfJ&*_U}n?oT-8iERsY<|S_c);M+W2nasqxR№O=4!", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0271.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#1b6b},WLfJ&*_U}n?oT-8iERsY<|S_c);M+W2nasqxR№O=4!", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0271.494] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#1b6b},WLfJ&*_U}n?oT-8iERsY<|S_c);M+W2nasqxR№O=4!", cchWideChar=49, lpMultiByteStr=0x25337d8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="#1b6b},WLfJ&*_U}n?oT-8iERsY<|S_c);M+W2nasqxRâ\x84\x96O=4!", lpUsedDefaultChar=0x0) returned 51 [0271.494] GetCurrentThreadId () returned 0x1130 [0271.494] GetCurrentThreadId () returned 0x1130 [0271.494] GetCurrentThreadId () returned 0x1130 [0271.494] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_calendar_2_5a35e38a428e384aaa89f0fabc43bc63.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.494] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] malloc (_Size=0x64) returned 0x1d1338 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.495] GetCurrentThreadId () returned 0x1130 [0271.496] GetCurrentThreadId () returned 0x1130 [0271.496] GetCurrentThreadId () returned 0x1130 [0271.496] GetCurrentThreadId () returned 0x1130 [0271.496] free (_Block=0x1d1338) [0271.496] malloc (_Size=0x60) returned 0x1d1338 [0271.496] free (_Block=0x1d1338) [0271.496] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.496] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x24c [0271.496] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.496] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.496] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x24c [0271.496] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.496] ReadFile (in: hFile=0x404, lpBuffer=0x2413fd8, nNumberOfBytesToRead=0x24c, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x2413fd8*, lpNumberOfBytesRead=0x19fbc8*=0x24c, lpOverlapped=0x0) returned 1 [0271.540] malloc (_Size=0x8c) returned 0x1d1338 [0271.541] malloc (_Size=0xfc) returned 0x31d73c0 [0271.541] malloc (_Size=0x40) returned 0x1d14e8 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] malloc (_Size=0xa5c) returned 0x31e40b0 [0271.541] malloc (_Size=0x40) returned 0x1d7470 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.541] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] malloc (_Size=0xc) returned 0x31e1e20 [0271.542] malloc (_Size=0x414) returned 0x31e4b18 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] GetCurrentThreadId () returned 0x1130 [0271.542] free (_Block=0x31e40b0) [0271.542] free (_Block=0x1d14e8) [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] GetCurrentThreadId () returned 0x1130 [0271.543] free (_Block=0x31e4b18) [0271.543] free (_Block=0x31e1e20) [0271.543] free (_Block=0x1d7470) [0271.543] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d0658*, nNumberOfBytesToWrite=0x339, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d0658*, lpNumberOfBytesWritten=0x19fbbc*=0x339, lpOverlapped=0x0) returned 1 [0271.544] free (_Block=0x31d73c0) [0271.544] free (_Block=0x1d1338) [0271.544] CloseHandle (hObject=0x2b4) returned 1 [0271.544] CloseHandle (hObject=0x404) returned 1 [0271.544] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=8) returned 1 [0271.544] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=4) returned 1 [0271.545] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=8) returned 1 [0271.545] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=4) returned 1 [0271.545] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=8) returned 1 [0271.545] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=4) returned 1 [0271.545] SetLastError (dwErrCode=0x0) [0271.545] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", lpFilePart=0x19f9f8*="Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat") returned 0x70 [0271.545] GetLastError () returned 0x0 [0271.545] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=8) returned 1 [0271.545] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=4) returned 1 [0271.545] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=8) returned 1 [0271.545] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=4) returned 1 [0271.545] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache")) returned 0x10 [0271.545] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_calendar_2_5a35e38a428e384aaa89f0fabc43bc63.dat")) returned 1 [0271.547] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x2f, wMilliseconds=0x1fc)) [0271.547] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0271.547] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0271.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0271.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0271.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0271.547] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0271.547] CloseHandle (hObject=0x404) returned 1 [0271.547] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat]omgp:[#1b6b},WLfJ&*_U}n?oT-8iERsY<|S_c);M+W2nasqxR№O=4!]", cchWideChar=117, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 117 [0271.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat]omgp:[#1b6b},WLfJ&*_U}n?oT-8iERsY<|S_c);M+W2nasqxR№O=4!]", cchWideChar=117, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 117 [0271.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat]omgp:[#1b6b},WLfJ&*_U}n?oT-8iERsY<|S_c);M+W2nasqxR№O=4!]", cchWideChar=117, lpMultiByteStr=0x24d5808, cbMultiByte=117, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat]omgp:[#1b6b},WLfJ&*_U}n?oT-8iERsY<|S_c);M+W2nasqxR?O=4!]ÈIV", lpUsedDefaultChar=0x0) returned 117 [0271.560] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0271.560] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc=") returned 172 [0271.560] GetCurrentThreadId () returned 0x1130 [0271.560] GetCurrentThreadId () returned 0x1130 [0271.560] GetCurrentThreadId () returned 0x1130 [0271.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.560] SetLastError (dwErrCode=0x0) [0271.560] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320") returned 0x85 [0271.560] GetLastError () returned 0x0 [0271.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.560] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache")) returned 0x10 [0271.561] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].wannacash ncov v310320")) returned 0x20 [0271.561] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [831].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.561] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0271.561] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0271.561] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x339 [0271.561] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0271.561] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0271.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.562] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0271.562] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3") returned 197 [0271.562] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0271.562] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3") returned 197 [0271.562] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x339 [0271.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.562] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Xno5GY9Szn2d+gaWRJwrQclI3aeWHtxE98c8UXzn9k8IkakyfU0aZB86cAthQHKCqqYp9XjYBcXDimFQOdJJ/w3ENhJ4EyJkux+/jfzUdMJJgUOVx7VTM6tmlRz+osScFWPQ7GzU/WHniUVGV/EDQBg+wjh8QyWTrnh9+42qwQc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.562] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0271.562] CloseHandle (hObject=0x404) returned 1 [0271.563] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=8) returned 1 [0271.563] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=4) returned 1 [0271.563] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=8) returned 1 [0271.563] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=4) returned 1 [0271.563] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=8) returned 1 [0271.563] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=4) returned 1 [0271.563] SetLastError (dwErrCode=0x0) [0271.563] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", lpFilePart=0x19fa34*="Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat") returned 0x70 [0271.563] GetLastError () returned 0x0 [0271.563] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=8) returned 1 [0271.563] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=4) returned 1 [0271.563] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=8) returned 1 [0271.563] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat", cchCount2=4) returned 1 [0271.563] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache")) returned 0x10 [0271.563] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_calendar_2_5a35e38a428e384aaa89f0fabc43bc63.dat")) returned 0 [0271.563] GetLastError () returned 0x2 [0271.563] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_Calendar_2_5A35E38A428E384AAA89F0FABC43BC63.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_calendar_2_5a35e38a428e384aaa89f0fabc43bc63.dat")) returned 0xffffffff [0271.564] SetLastError (dwErrCode=0x2) [0271.564] GetLastError () returned 0x2 [0271.564] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0271.564] LocalFree (hMem=0x92fe20) returned 0x0 [0271.564] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0271.564] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0271.564] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_5feacddf00cbc74aad4aafff6b598f75.dat")) returned 0x20 [0271.565] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36647132274) returned 1 [0271.565] GetCurrentThreadId () returned 0x1130 [0271.565] GetCurrentThreadId () returned 0x1130 [0271.565] GetCurrentThreadId () returned 0x1130 [0271.565] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Xn&XB$.+jjSWAPYDsgPvF/(m2)S", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0271.565] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Xn&XB$.+jjSWAPYDsgPvF/(m2)S", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0271.565] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Xn&XB$.+jjSWAPYDsgPvF/(m2)S", cchWideChar=27, lpMultiByteStr=0x2508f10, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Xn&XB$.+jjSWAPYDsgPvF/(m2)S", lpUsedDefaultChar=0x0) returned 27 [0271.565] GetCurrentThreadId () returned 0x1130 [0271.566] GetCurrentThreadId () returned 0x1130 [0271.566] GetCurrentThreadId () returned 0x1130 [0271.566] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_5feacddf00cbc74aad4aafff6b598f75.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.566] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0271.566] GetCurrentThreadId () returned 0x1130 [0271.566] GetCurrentThreadId () returned 0x1130 [0271.566] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] malloc (_Size=0x64) returned 0x1d1338 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] GetCurrentThreadId () returned 0x1130 [0271.567] free (_Block=0x1d1338) [0271.567] malloc (_Size=0x60) returned 0x1d1338 [0271.568] free (_Block=0x1d1338) [0271.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xcf [0271.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xcf [0271.568] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0271.568] ReadFile (in: hFile=0x404, lpBuffer=0x246d078, nNumberOfBytesToRead=0xcf, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesRead=0x19fbc8*=0xcf, lpOverlapped=0x0) returned 1 [0271.569] malloc (_Size=0x8c) returned 0x1d1338 [0271.569] malloc (_Size=0xfc) returned 0x31d71b0 [0271.570] malloc (_Size=0x40) returned 0x1d14e8 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] malloc (_Size=0xa5c) returned 0x31e40b0 [0271.570] malloc (_Size=0x40) returned 0x1d7470 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.570] GetCurrentThreadId () returned 0x1130 [0271.572] malloc (_Size=0xc) returned 0x31e1e38 [0271.572] malloc (_Size=0x15c) returned 0x1d74b8 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.572] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] free (_Block=0x31e40b0) [0271.573] free (_Block=0x1d14e8) [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] GetCurrentThreadId () returned 0x1130 [0271.573] free (_Block=0x1d74b8) [0271.573] free (_Block=0x31e1e38) [0271.574] free (_Block=0x1d7470) [0271.574] WriteFile (in: hFile=0x2b4, lpBuffer=0x24c3208*, nNumberOfBytesToWrite=0x131, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24c3208*, lpNumberOfBytesWritten=0x19fbbc*=0x131, lpOverlapped=0x0) returned 1 [0271.575] free (_Block=0x31d71b0) [0271.575] free (_Block=0x1d1338) [0271.575] CloseHandle (hObject=0x2b4) returned 1 [0271.575] CloseHandle (hObject=0x404) returned 1 [0271.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=8) returned 1 [0271.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=4) returned 1 [0271.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=8) returned 1 [0271.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=4) returned 1 [0271.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=8) returned 1 [0271.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=4) returned 1 [0271.576] SetLastError (dwErrCode=0x0) [0271.576] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", lpFilePart=0x19f9f8*="Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat") returned 0x74 [0271.576] GetLastError () returned 0x0 [0271.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=8) returned 1 [0271.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=4) returned 1 [0271.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=8) returned 1 [0271.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=4) returned 1 [0271.576] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache")) returned 0x10 [0271.576] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_5feacddf00cbc74aad4aafff6b598f75.dat")) returned 1 [0271.578] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x2f, wMilliseconds=0x21d)) [0271.578] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0271.578] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.578] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0271.578] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0271.578] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0271.578] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0271.578] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0271.578] CloseHandle (hObject=0x404) returned 1 [0271.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat]omgp:[Xn&XB$.+jjSWAPYDsgPvF/(m2)S]", cchWideChar=99, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 99 [0271.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat]omgp:[Xn&XB$.+jjSWAPYDsgPvF/(m2)S]", cchWideChar=99, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 99 [0271.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat]omgp:[Xn&XB$.+jjSWAPYDsgPvF/(m2)S]", cchWideChar=99, lpMultiByteStr=0x2420418, cbMultiByte=99, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat]omgp:[Xn&XB$.+jjSWAPYDsgPvF/(m2)S]", lpUsedDefaultChar=0x0) returned 99 [0271.635] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0271.635] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM=") returned 172 [0271.635] GetCurrentThreadId () returned 0x1130 [0271.635] GetCurrentThreadId () returned 0x1130 [0271.635] GetCurrentThreadId () returned 0x1130 [0271.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.636] SetLastError (dwErrCode=0x0) [0271.636] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320") returned 0x85 [0271.636] GetLastError () returned 0x0 [0271.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0271.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0271.636] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache")) returned 0x10 [0271.636] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].wannacash ncov v310320")) returned 0x20 [0271.637] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [832].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0271.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0271.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0271.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x131 [0271.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0271.637] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0271.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.637] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0271.637] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3") returned 197 [0271.638] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0271.638] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3") returned 197 [0271.638] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x131 [0271.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0271.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:CB7PQEcYUgMvOAL/t/PyCEmbFsOEW9mCJFkRR5MwthJeSwKKUtBniI6220raiM0xXNRnOEgbYdzVBbBUZKwYCMt7/ggLrzGk8iSFNkhxItA156L931xgjkQwVeD3/dYV4Jz1n971QUjTgkTqDQY79mDrT4XcQBP9vTTG7RwZGRM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0271.638] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0271.639] CloseHandle (hObject=0x404) returned 1 [0271.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=8) returned 1 [0271.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=4) returned 1 [0271.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=8) returned 1 [0271.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=4) returned 1 [0271.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=8) returned 1 [0271.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=4) returned 1 [0271.640] SetLastError (dwErrCode=0x0) [0271.640] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", lpFilePart=0x19fa34*="Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat") returned 0x74 [0271.640] GetLastError () returned 0x0 [0271.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=8) returned 1 [0271.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=4) returned 1 [0271.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=8) returned 1 [0271.640] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat", cchCount2=4) returned 1 [0271.640] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache")) returned 0x10 [0271.640] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_5feacddf00cbc74aad4aafff6b598f75.dat")) returned 0 [0271.640] GetLastError () returned 0x2 [0271.640] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_5FEACDDF00CBC74AAD4AAFFF6B598F75.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_5feacddf00cbc74aad4aafff6b598f75.dat")) returned 0xffffffff [0271.640] SetLastError (dwErrCode=0x2) [0271.641] GetLastError () returned 0x2 [0271.641] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0271.641] LocalFree (hMem=0x92fe20) returned 0x0 [0271.641] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0271.641] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0271.641] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ConversationPrefs_2_A2BF86C562EDA944ABA29857A9A5D252.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_conversationprefs_2_a2bf86c562eda944aba29857a9a5d252.dat")) returned 0x20 [0271.641] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36654765214) returned 1 [0271.642] GetCurrentThreadId () returned 0x1130 [0271.642] GetCurrentThreadId () returned 0x1130 [0271.642] GetCurrentThreadId () returned 0x1130 [0271.642] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=")@7\\=lo!i(c^8S6cXnj9A!i(c^8S6cXnj9A!i(c^8S6cXnj9A!i(c^8S6cXnj9A!i(c^8S6cXnj9A!i(c^8S6cXnj9A!i(c^8S6cXnj9A!i(c^8S6cXnj9Az", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0273.605] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\`kfM_Xwj89i4q\\K&z", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0273.605] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\\`kfM_Xwj89i4q\\K&z", cchWideChar=49, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\\`kfM_Xwj89i4q\\K&z", lpUsedDefaultChar=0x0) returned 49 [0273.605] GetCurrentThreadId () returned 0x1130 [0273.605] GetCurrentThreadId () returned 0x1130 [0273.605] GetCurrentThreadId () returned 0x1130 [0273.605] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompatua\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.606] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] GetCurrentThreadId () returned 0x1130 [0273.608] malloc (_Size=0x64) returned 0x1d1338 [0273.609] GetCurrentThreadId () returned 0x1130 [0273.609] GetCurrentThreadId () returned 0x1130 [0273.609] GetCurrentThreadId () returned 0x1130 [0273.609] GetCurrentThreadId () returned 0x1130 [0273.609] GetCurrentThreadId () returned 0x1130 [0273.609] GetCurrentThreadId () returned 0x1130 [0273.609] free (_Block=0x1d1338) [0273.609] malloc (_Size=0x60) returned 0x1d1338 [0273.609] free (_Block=0x1d1338) [0273.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.609] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0273.609] malloc (_Size=0x8c) returned 0x1d1338 [0273.609] malloc (_Size=0xfc) returned 0x31d79f0 [0273.609] malloc (_Size=0x40) returned 0x1d14e8 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] malloc (_Size=0xa5c) returned 0x1d9aa8 [0273.610] malloc (_Size=0x40) returned 0x1d7470 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] malloc (_Size=0xc) returned 0x31e1dc0 [0273.610] malloc (_Size=0x40) returned 0x1d74b8 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.610] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] GetCurrentThreadId () returned 0x1130 [0273.611] free (_Block=0x1d9aa8) [0273.612] free (_Block=0x1d14e8) [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.612] GetCurrentThreadId () returned 0x1130 [0273.613] free (_Block=0x1d74b8) [0273.613] free (_Block=0x31e1dc0) [0273.613] free (_Block=0x1d7470) [0273.613] WriteFile (in: hFile=0x2b4, lpBuffer=0x2533798*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2533798*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0273.614] free (_Block=0x31d79f0) [0273.614] free (_Block=0x1d1338) [0273.614] CloseHandle (hObject=0x2b4) returned 1 [0273.614] CloseHandle (hObject=0x404) returned 1 [0273.614] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=8) returned 1 [0273.614] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=4) returned 1 [0273.614] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=8) returned 1 [0273.614] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=4) returned 1 [0273.614] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=8) returned 1 [0273.614] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=4) returned 1 [0273.614] SetLastError (dwErrCode=0x0) [0273.614] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x68 [0273.614] GetLastError () returned 0x0 [0273.614] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=8) returned 1 [0273.614] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=4) returned 1 [0273.614] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=8) returned 1 [0273.614] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=4) returned 1 [0273.614] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompatua")) returned 0x2016 [0273.614] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompatua\\container.dat")) returned 1 [0273.615] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x31, wMilliseconds=0x240)) [0273.615] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0273.615] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.615] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0273.615] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0273.615] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0273.615] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0273.615] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0273.615] CloseHandle (hObject=0x404) returned 1 [0273.616] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[\\`kfM_Xwj89i4q\\K&z]", cchWideChar=76, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 76 [0273.616] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[\\`kfM_Xwj89i4q\\K&z]", cchWideChar=76, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 76 [0273.616] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[\\`kfM_Xwj89i4q\\K&z]", cchWideChar=76, lpMultiByteStr=0x252c708, cbMultiByte=76, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[\\`kfM_Xwj89i4q\\K&z]±ÇR\x02\x01", lpUsedDefaultChar=0x0) returned 76 [0273.670] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0273.670] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI=") returned 172 [0273.670] GetCurrentThreadId () returned 0x1130 [0273.671] GetCurrentThreadId () returned 0x1130 [0273.671] GetCurrentThreadId () returned 0x1130 [0273.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.671] SetLastError (dwErrCode=0x0) [0273.671] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320") returned 0xa6 [0273.671] GetLastError () returned 0x0 [0273.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.671] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompatua")) returned 0x2016 [0273.672] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].wannacash ncov v310320")) returned 0x2020 [0273.672] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompatua\\Файл зашифрован. Пиши. Почта clubnika@elude.in [867].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.672] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0273.672] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0273.672] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0273.672] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0273.672] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0273.672] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.672] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.672] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.672] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.672] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.672] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.672] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0273.672] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3") returned 197 [0273.672] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0273.672] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3") returned 197 [0273.673] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0273.673] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.673] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.673] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5EcR3FhDlfOFfljaB21spxkynhCP14I1eHetBH2pcpgfMbjrq7fKDFLJmvF1rixXjnc4U48zVug6IiPPhEvhWgVJSv+rggMmNzrIqmvK62IUoX8v3kLksWOtiNVswj/zeg3IZBfmTPMLwgZg/co5/iB8cFatXxmqXXY4RCsTFnI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.673] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0273.673] CloseHandle (hObject=0x404) returned 1 [0273.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=8) returned 1 [0273.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=4) returned 1 [0273.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=8) returned 1 [0273.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=4) returned 1 [0273.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=8) returned 1 [0273.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=4) returned 1 [0273.673] SetLastError (dwErrCode=0x0) [0273.673] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x68 [0273.673] GetLastError () returned 0x0 [0273.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=8) returned 1 [0273.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=4) returned 1 [0273.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=8) returned 1 [0273.674] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat", cchCount2=4) returned 1 [0273.674] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompatua")) returned 0x2016 [0273.674] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompatua\\container.dat")) returned 0 [0273.674] GetLastError () returned 0x2 [0273.674] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompatua\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompatua\\container.dat")) returned 0xffffffff [0273.674] SetLastError (dwErrCode=0x2) [0273.674] GetLastError () returned 0x2 [0273.674] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0273.674] LocalFree (hMem=0x92fe20) returned 0x0 [0273.674] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0273.674] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0273.674] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_ieflipahead\\container.dat")) returned 0x2026 [0273.675] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36858087918) returned 1 [0273.675] GetCurrentThreadId () returned 0x1130 [0273.675] GetCurrentThreadId () returned 0x1130 [0273.675] GetCurrentThreadId () returned 0x1130 [0273.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8U\\mQ>kkKErdIlrUq№KB?6%№F)NlT$$;kq/zKrE", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0273.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8U\\mQ>kkKErdIlrUq№KB?6%№F)NlT$$;kq/zKrE", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0273.675] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8U\\mQ>kkKErdIlrUq№KB?6%№F)NlT$$;kq/zKrE", cchWideChar=39, lpMultiByteStr=0x2524fd0, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="8U\\mQ>kkKErdIlrUqâ\x84\x96KB?6%â\x84\x96F)NlT$$;kq/zKrE", lpUsedDefaultChar=0x0) returned 43 [0273.675] GetCurrentThreadId () returned 0x1130 [0273.675] GetCurrentThreadId () returned 0x1130 [0273.675] GetCurrentThreadId () returned 0x1130 [0273.675] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_ieflipahead\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.675] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] malloc (_Size=0x64) returned 0x1d1338 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] GetCurrentThreadId () returned 0x1130 [0273.678] free (_Block=0x1d1338) [0273.678] malloc (_Size=0x60) returned 0x1d1338 [0273.678] free (_Block=0x1d1338) [0273.678] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.679] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.679] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.679] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.679] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.679] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.679] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0273.679] malloc (_Size=0x8c) returned 0x1d1338 [0273.679] malloc (_Size=0xfc) returned 0x31d77e0 [0273.679] malloc (_Size=0x40) returned 0x1d14e8 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] GetCurrentThreadId () returned 0x1130 [0273.679] malloc (_Size=0xa5c) returned 0x1d9aa8 [0273.680] malloc (_Size=0x40) returned 0x1d7470 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] malloc (_Size=0xc) returned 0x31e1d18 [0273.680] malloc (_Size=0x40) returned 0x1d74b8 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.680] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] free (_Block=0x1d9aa8) [0273.681] free (_Block=0x1d14e8) [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] GetCurrentThreadId () returned 0x1130 [0273.681] free (_Block=0x1d74b8) [0273.681] free (_Block=0x31e1d18) [0273.681] free (_Block=0x1d7470) [0273.681] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0273.682] free (_Block=0x31d77e0) [0273.682] free (_Block=0x1d1338) [0273.682] CloseHandle (hObject=0x2b4) returned 1 [0273.682] CloseHandle (hObject=0x404) returned 1 [0273.683] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=8) returned 1 [0273.683] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=4) returned 1 [0273.683] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=8) returned 1 [0273.683] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=4) returned 1 [0273.683] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=8) returned 1 [0273.683] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=4) returned 1 [0273.683] SetLastError (dwErrCode=0x0) [0273.683] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x69 [0273.683] GetLastError () returned 0x0 [0273.683] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=8) returned 1 [0273.683] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=4) returned 1 [0273.683] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=8) returned 1 [0273.683] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=4) returned 1 [0273.683] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_ieflipahead")) returned 0x2016 [0273.685] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_ieflipahead\\container.dat")) returned 1 [0273.686] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x31, wMilliseconds=0x28e)) [0273.686] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0273.686] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.686] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0273.686] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0273.686] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0273.686] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0273.687] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0273.687] CloseHandle (hObject=0x404) returned 1 [0273.688] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[8U\\mQ>kkKErdIlrUq№KB?6%№F)NlT$$;kq/zKrE]", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0273.688] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[8U\\mQ>kkKErdIlrUq№KB?6%№F)NlT$$;kq/zKrE]", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0273.688] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[8U\\mQ>kkKErdIlrUq№KB?6%№F)NlT$$;kq/zKrE]", cchWideChar=66, lpMultiByteStr=0x2541d78, cbMultiByte=66, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[8U\\mQ>kkKErdIlrUq?KB?6%?F)NlT$$;kq/zKrE]", lpUsedDefaultChar=0x0) returned 66 [0273.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0273.694] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs=") returned 172 [0273.694] GetCurrentThreadId () returned 0x1130 [0273.694] GetCurrentThreadId () returned 0x1130 [0273.694] GetCurrentThreadId () returned 0x1130 [0273.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.694] SetLastError (dwErrCode=0x0) [0273.695] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320") returned 0xa7 [0273.695] GetLastError () returned 0x0 [0273.695] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.695] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.695] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.695] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.695] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_ieflipahead")) returned 0x2016 [0273.695] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].wannacash ncov v310320")) returned 0x2020 [0273.695] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_ieflipahead\\Файл зашифрован. Пиши. Почта clubnika@elude.in [868].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.695] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0273.695] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0273.695] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0273.695] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0273.695] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0273.696] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.696] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.696] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0273.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3") returned 197 [0273.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0273.696] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3") returned 197 [0273.696] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0273.696] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.696] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.696] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:lM2Lzt19KvmK8KQ+f+SU8SRYMNxNpiGfpAJ2PVdwxFgbvFbbmSyefk6tf97/0dTugYaVINpTuMD+LT6UXazU8OH+sUqZlumIpMyVlnnE4glpKKv0+Bjx+FiQSZ7fO3w/MJoIR0/4NxfWSj9sVGTST2RmSbrN5b0m5XaBf9kXcEs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.696] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0273.696] CloseHandle (hObject=0x404) returned 1 [0273.696] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=8) returned 1 [0273.696] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=4) returned 1 [0273.696] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=8) returned 1 [0273.696] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=4) returned 1 [0273.696] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=8) returned 1 [0273.696] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=4) returned 1 [0273.696] SetLastError (dwErrCode=0x0) [0273.697] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x69 [0273.697] GetLastError () returned 0x0 [0273.697] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=8) returned 1 [0273.697] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=4) returned 1 [0273.697] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=8) returned 1 [0273.697] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat", cchCount2=4) returned 1 [0273.697] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_ieflipahead")) returned 0x2016 [0273.697] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_ieflipahead\\container.dat")) returned 0 [0273.697] GetLastError () returned 0x2 [0273.697] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_ieflipahead\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\microsoftedge\\sharedcachecontainers\\microsoftedge_ieflipahead\\container.dat")) returned 0xffffffff [0273.697] SetLastError (dwErrCode=0x2) [0273.697] GetLastError () returned 0x2 [0273.697] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0273.697] LocalFree (hMem=0x92fe20) returned 0x0 [0273.697] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0273.697] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0273.698] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\\settings\\settings.dat")) returned 0x20 [0273.698] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36860455026) returned 1 [0273.698] GetCurrentThreadId () returned 0x1130 [0273.698] GetCurrentThreadId () returned 0x1130 [0273.699] GetCurrentThreadId () returned 0x1130 [0273.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P+UO(KnA|3d1A-RHXe@#53?i$j:_+l>G", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0273.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P+UO(KnA|3d1A-RHXe@#53?i$j:_+l>G", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0273.699] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="P+UO(KnA|3d1A-RHXe@#53?i$j:_+l>G", cchWideChar=32, lpMultiByteStr=0x250f7b8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="P+UO(KnA|3d1A-RHXe@#53?i$j:_+l>G", lpUsedDefaultChar=0x0) returned 32 [0273.699] GetCurrentThreadId () returned 0x1130 [0273.699] GetCurrentThreadId () returned 0x1130 [0273.699] GetCurrentThreadId () returned 0x1130 [0273.699] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.700] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] malloc (_Size=0x64) returned 0x1d1338 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.702] GetCurrentThreadId () returned 0x1130 [0273.703] GetCurrentThreadId () returned 0x1130 [0273.703] GetCurrentThreadId () returned 0x1130 [0273.703] GetCurrentThreadId () returned 0x1130 [0273.703] GetCurrentThreadId () returned 0x1130 [0273.703] free (_Block=0x1d1338) [0273.703] malloc (_Size=0x60) returned 0x1d1338 [0273.703] free (_Block=0x1d1338) [0273.703] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.703] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0273.703] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.703] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.703] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0273.703] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.703] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0273.747] malloc (_Size=0x8c) returned 0x1d1338 [0273.748] malloc (_Size=0xfc) returned 0x31d7c00 [0273.748] malloc (_Size=0x40) returned 0x1d14e8 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] malloc (_Size=0xa5c) returned 0x1d9aa8 [0273.748] malloc (_Size=0x40) returned 0x1d7470 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.748] GetCurrentThreadId () returned 0x1130 [0273.749] GetCurrentThreadId () returned 0x1130 [0273.749] GetCurrentThreadId () returned 0x1130 [0273.749] GetCurrentThreadId () returned 0x1130 [0273.749] GetCurrentThreadId () returned 0x1130 [0273.749] GetCurrentThreadId () returned 0x1130 [0273.749] malloc (_Size=0xc) returned 0x31e1e20 [0273.749] malloc (_Size=0x720) returned 0x31d2860 [0273.749] malloc (_Size=0xe3c) returned 0x1da510 [0273.749] free (_Block=0x31d2860) [0273.749] malloc (_Size=0x15ac) returned 0x1db358 [0273.749] free (_Block=0x1da510) [0273.749] malloc (_Size=0x23e4) returned 0x1dc910 [0273.749] free (_Block=0x1db358) [0273.750] malloc (_Size=0x3274) returned 0x31e40b0 [0273.750] free (_Block=0x1dc910) [0273.750] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] free (_Block=0x1d9aa8) [0273.751] free (_Block=0x1d14e8) [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.751] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] GetCurrentThreadId () returned 0x1130 [0273.752] free (_Block=0x31e40b0) [0273.752] free (_Block=0x31e1e20) [0273.752] free (_Block=0x1d7470) [0273.752] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0273.754] free (_Block=0x31d7c00) [0273.754] free (_Block=0x1d1338) [0273.754] CloseHandle (hObject=0x2b4) returned 1 [0273.754] CloseHandle (hObject=0x404) returned 1 [0273.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.754] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.754] SetLastError (dwErrCode=0x0) [0273.754] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x6f [0273.755] GetLastError () returned 0x0 [0273.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.755] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.755] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\\settings")) returned 0x10 [0273.755] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\\settings\\settings.dat")) returned 1 [0273.757] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x31, wMilliseconds=0x2cc)) [0273.757] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0273.757] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0273.758] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0273.758] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0273.758] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0273.758] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0273.758] CloseHandle (hObject=0x404) returned 1 [0273.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[P+UO(KnA|3d1A-RHXe@#53?i$j:_+l>G]", cchWideChar=58, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 58 [0273.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[P+UO(KnA|3d1A-RHXe@#53?i$j:_+l>G]", cchWideChar=58, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 58 [0273.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[P+UO(KnA|3d1A-RHXe@#53?i$j:_+l>G]", cchWideChar=58, lpMultiByteStr=0x2516b18, cbMultiByte=58, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[P+UO(KnA|3d1A-RHXe@#53?i$j:_+l>G]", lpUsedDefaultChar=0x0) returned 58 [0273.768] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0273.768] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY=") returned 172 [0273.768] GetCurrentThreadId () returned 0x1130 [0273.768] GetCurrentThreadId () returned 0x1130 [0273.768] GetCurrentThreadId () returned 0x1130 [0273.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.769] SetLastError (dwErrCode=0x0) [0273.769] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320") returned 0xae [0273.769] GetLastError () returned 0x0 [0273.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.769] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\\settings")) returned 0x10 [0273.769] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].wannacash ncov v310320")) returned 0x20 [0273.769] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [869].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.769] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0273.770] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0273.770] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0273.770] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0273.770] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0273.770] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.770] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.770] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.770] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.770] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.770] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.770] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0273.770] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3") returned 197 [0273.770] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0273.770] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3") returned 197 [0273.770] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0273.770] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.770] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.770] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YZ+apKD6jEJQtbCIeedXr3sMlLh1/XDhdCpPXYmKGXWK6QSwq9fMuuN78EkoV83EerEDxXqdPlENuAo+2CBcDIC7S1++hJEe/KpVHNdHgQMOiS0IuRjB0w3u4gqwid+zUiEB5RgNogSXZSEaK6Hk7mL5qsRidC+HSeYiD0TmEmY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.771] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0273.771] CloseHandle (hObject=0x404) returned 1 [0273.771] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.771] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.771] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.771] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.771] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.771] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.771] SetLastError (dwErrCode=0x0) [0273.771] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x6f [0273.771] GetLastError () returned 0x0 [0273.771] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.771] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.771] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.771] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.771] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\\settings")) returned 0x10 [0273.772] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\\settings\\settings.dat")) returned 0 [0273.772] GetLastError () returned 0x2 [0273.772] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\1527c705-839a-4832-9118-54d4bd6a0c89_cw5n1h2txyewy\\settings\\settings.dat")) returned 0xffffffff [0273.772] SetLastError (dwErrCode=0x2) [0273.772] GetLastError () returned 0x2 [0273.772] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0273.772] LocalFree (hMem=0x92fe20) returned 0x0 [0273.772] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0273.772] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0273.772] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\9e2f88e3.twitter_wgeqdkkx372wm\\settings\\settings.dat")) returned 0x20 [0273.774] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36868042352) returned 1 [0273.774] GetCurrentThreadId () returned 0x1130 [0273.774] GetCurrentThreadId () returned 0x1130 [0273.774] GetCurrentThreadId () returned 0x1130 [0273.774] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vjW)`|2``p$z@oh`|:kO~l)№1DQ*(", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0273.774] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vjW)`|2``p$z@oh`|:kO~l)№1DQ*(", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0273.775] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="vjW)`|2``p$z@oh`|:kO~l)№1DQ*(", cchWideChar=29, lpMultiByteStr=0x250f7e8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vjW)`|2``p$z@oh`|:kO~l)â\x84\x961DQ*(", lpUsedDefaultChar=0x0) returned 31 [0273.775] GetCurrentThreadId () returned 0x1130 [0273.775] GetCurrentThreadId () returned 0x1130 [0273.775] GetCurrentThreadId () returned 0x1130 [0273.775] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\9e2f88e3.twitter_wgeqdkkx372wm\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.775] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\9e2f88e3.twitter_wgeqdkkx372wm\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0273.776] GetCurrentThreadId () returned 0x1130 [0273.776] GetCurrentThreadId () returned 0x1130 [0273.776] GetCurrentThreadId () returned 0x1130 [0273.776] GetCurrentThreadId () returned 0x1130 [0273.776] GetCurrentThreadId () returned 0x1130 [0273.776] GetCurrentThreadId () returned 0x1130 [0273.776] GetCurrentThreadId () returned 0x1130 [0273.776] GetCurrentThreadId () returned 0x1130 [0273.777] GetCurrentThreadId () returned 0x1130 [0273.777] GetCurrentThreadId () returned 0x1130 [0273.777] GetCurrentThreadId () returned 0x1130 [0273.777] GetCurrentThreadId () returned 0x1130 [0273.777] GetCurrentThreadId () returned 0x1130 [0273.777] malloc (_Size=0x64) returned 0x1d1338 [0273.777] GetCurrentThreadId () returned 0x1130 [0273.777] GetCurrentThreadId () returned 0x1130 [0273.777] GetCurrentThreadId () returned 0x1130 [0273.777] GetCurrentThreadId () returned 0x1130 [0273.777] GetCurrentThreadId () returned 0x1130 [0273.778] GetCurrentThreadId () returned 0x1130 [0273.778] free (_Block=0x1d1338) [0273.778] malloc (_Size=0x60) returned 0x1d1338 [0273.778] free (_Block=0x1d1338) [0273.778] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.778] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0273.778] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.778] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.778] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0273.778] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.778] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0273.825] malloc (_Size=0x8c) returned 0x1d1338 [0273.825] malloc (_Size=0xfc) returned 0x31d78e8 [0273.825] malloc (_Size=0x40) returned 0x1d14e8 [0273.825] GetCurrentThreadId () returned 0x1130 [0273.825] GetCurrentThreadId () returned 0x1130 [0273.825] GetCurrentThreadId () returned 0x1130 [0273.825] GetCurrentThreadId () returned 0x1130 [0273.825] GetCurrentThreadId () returned 0x1130 [0273.825] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] malloc (_Size=0xa5c) returned 0x1d9aa8 [0273.826] malloc (_Size=0x40) returned 0x1d7470 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] GetCurrentThreadId () returned 0x1130 [0273.826] malloc (_Size=0xc) returned 0x31e1ca0 [0273.826] malloc (_Size=0x720) returned 0x31d2860 [0273.826] malloc (_Size=0xe3c) returned 0x1da510 [0273.826] free (_Block=0x31d2860) [0273.827] malloc (_Size=0x15ac) returned 0x1db358 [0273.827] free (_Block=0x1da510) [0273.827] malloc (_Size=0x23e4) returned 0x1dc910 [0273.827] free (_Block=0x1db358) [0273.827] malloc (_Size=0x3274) returned 0x31e40b0 [0273.827] free (_Block=0x1dc910) [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.827] GetCurrentThreadId () returned 0x1130 [0273.828] GetCurrentThreadId () returned 0x1130 [0273.828] free (_Block=0x1d9aa8) [0273.828] free (_Block=0x1d14e8) [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] GetCurrentThreadId () returned 0x1130 [0273.829] free (_Block=0x31e40b0) [0273.830] free (_Block=0x31e1ca0) [0273.830] free (_Block=0x1d7470) [0273.830] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0273.832] free (_Block=0x31d78e8) [0273.832] free (_Block=0x1d1338) [0273.832] CloseHandle (hObject=0x2b4) returned 1 [0273.832] CloseHandle (hObject=0x404) returned 1 [0273.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.832] SetLastError (dwErrCode=0x0) [0273.832] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x5b [0273.832] GetLastError () returned 0x0 [0273.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.832] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.833] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.833] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.833] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\9e2f88e3.twitter_wgeqdkkx372wm\\settings")) returned 0x10 [0273.833] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\9e2f88e3.twitter_wgeqdkkx372wm\\settings\\settings.dat")) returned 1 [0273.834] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x31, wMilliseconds=0x31a)) [0273.835] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0273.835] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0273.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0273.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0273.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0273.835] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0273.835] CloseHandle (hObject=0x404) returned 1 [0273.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[vjW)`|2``p$z@oh`|:kO~l)№1DQ*(]", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0273.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[vjW)`|2``p$z@oh`|:kO~l)№1DQ*(]", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0273.835] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[vjW)`|2``p$z@oh`|:kO~l)№1DQ*(]", cchWideChar=55, lpMultiByteStr=0x2516968, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[vjW)`|2``p$z@oh`|:kO~l)?1DQ*(]", lpUsedDefaultChar=0x0) returned 55 [0273.842] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0273.842] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg=") returned 172 [0273.842] GetCurrentThreadId () returned 0x1130 [0273.842] GetCurrentThreadId () returned 0x1130 [0273.842] GetCurrentThreadId () returned 0x1130 [0273.842] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.842] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.842] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.842] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.842] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.842] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.842] SetLastError (dwErrCode=0x0) [0273.842] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320") returned 0x9a [0273.842] GetLastError () returned 0x0 [0273.842] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.842] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.842] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.842] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.842] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\9e2f88e3.twitter_wgeqdkkx372wm\\settings")) returned 0x10 [0273.842] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\9e2f88e3.twitter_wgeqdkkx372wm\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].wannacash ncov v310320")) returned 0x20 [0273.842] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\9e2f88e3.twitter_wgeqdkkx372wm\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [870].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.843] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0273.843] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0273.843] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0273.843] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0273.843] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0273.843] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.843] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.843] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.843] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.843] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.843] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.843] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0273.843] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3") returned 197 [0273.843] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0273.843] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3") returned 197 [0273.843] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0273.843] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.843] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.843] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UM4dHbvasBkD37uZIXY5u1dQnRz3VYZ0oGlhGPPro/s7Xe4lHQnhugKF0YpabAzpRQC2E/VmgD61ZL+S2+xEUeq/sjECRJylws+xwvFhtbMJh01zgmp1PtY0P0HI4np0757qgTyrYoSWZ9QsmikKc+zt7Wnns5mBGZRiiQR4Gmg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.843] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0273.844] CloseHandle (hObject=0x404) returned 1 [0273.844] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.844] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.844] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.844] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.844] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.844] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.844] SetLastError (dwErrCode=0x0) [0273.844] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x5b [0273.844] GetLastError () returned 0x0 [0273.844] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.844] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.844] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.844] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.844] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\9e2f88e3.twitter_wgeqdkkx372wm\\settings")) returned 0x10 [0273.844] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\9e2f88e3.twitter_wgeqdkkx372wm\\settings\\settings.dat")) returned 0 [0273.844] GetLastError () returned 0x2 [0273.844] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\9E2F88E3.Twitter_wgeqdkkx372wm\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\9e2f88e3.twitter_wgeqdkkx372wm\\settings\\settings.dat")) returned 0xffffffff [0273.844] SetLastError (dwErrCode=0x2) [0273.844] GetLastError () returned 0x2 [0273.844] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0273.845] LocalFree (hMem=0x92fe20) returned 0x0 [0273.845] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0273.845] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0273.845] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\settings\\settings.dat")) returned 0x20 [0273.845] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36875146034) returned 1 [0273.845] GetCurrentThreadId () returned 0x1130 [0273.845] GetCurrentThreadId () returned 0x1130 [0273.845] GetCurrentThreadId () returned 0x1130 [0273.845] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@I@\\D~{x_q*`i!j.=R*MD.sC1L/r}l-$\\}3},b;P:,hG", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0273.845] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@I@\\D~{x_q*`i!j.=R*MD.sC1L/r}l-$\\}3},b;P:,hG", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0273.846] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@I@\\D~{x_q*`i!j.=R*MD.sC1L/r}l-$\\}3},b;P:,hG", cchWideChar=44, lpMultiByteStr=0x2524fd0, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="@I@\\D~{x_q*`i!j.=R*MD.sC1L/r}l-$\\}3},b;P:,hGqPR\x02\x01", lpUsedDefaultChar=0x0) returned 44 [0273.846] GetCurrentThreadId () returned 0x1130 [0273.846] GetCurrentThreadId () returned 0x1130 [0273.846] GetCurrentThreadId () returned 0x1130 [0273.846] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.846] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0273.848] GetCurrentThreadId () returned 0x1130 [0273.848] GetCurrentThreadId () returned 0x1130 [0273.848] GetCurrentThreadId () returned 0x1130 [0273.848] GetCurrentThreadId () returned 0x1130 [0273.848] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] malloc (_Size=0x64) returned 0x1d1338 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] GetCurrentThreadId () returned 0x1130 [0273.849] free (_Block=0x1d1338) [0273.849] malloc (_Size=0x60) returned 0x1d1338 [0273.849] free (_Block=0x1d1338) [0273.849] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.849] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0273.849] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.849] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.850] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0273.850] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0273.850] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0273.851] malloc (_Size=0x8c) returned 0x1d1338 [0273.851] malloc (_Size=0xfc) returned 0x31d72b8 [0273.851] malloc (_Size=0x40) returned 0x1d14e8 [0273.851] GetCurrentThreadId () returned 0x1130 [0273.851] GetCurrentThreadId () returned 0x1130 [0273.851] GetCurrentThreadId () returned 0x1130 [0273.851] GetCurrentThreadId () returned 0x1130 [0273.851] GetCurrentThreadId () returned 0x1130 [0273.851] GetCurrentThreadId () returned 0x1130 [0273.851] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] malloc (_Size=0xa5c) returned 0x1d9aa8 [0273.852] malloc (_Size=0x40) returned 0x1d7470 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] GetCurrentThreadId () returned 0x1130 [0273.852] malloc (_Size=0xc) returned 0x31e1ca0 [0273.852] malloc (_Size=0x720) returned 0x31d2860 [0273.853] malloc (_Size=0xe3c) returned 0x1da510 [0273.853] free (_Block=0x31d2860) [0273.853] malloc (_Size=0x15ac) returned 0x1db358 [0273.853] free (_Block=0x1da510) [0273.853] malloc (_Size=0x23e4) returned 0x1dc910 [0273.853] free (_Block=0x1db358) [0273.853] malloc (_Size=0x3274) returned 0x31e40b0 [0273.854] free (_Block=0x1dc910) [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] free (_Block=0x1d9aa8) [0273.854] free (_Block=0x1d14e8) [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.854] GetCurrentThreadId () returned 0x1130 [0273.855] GetCurrentThreadId () returned 0x1130 [0273.855] GetCurrentThreadId () returned 0x1130 [0273.855] GetCurrentThreadId () returned 0x1130 [0273.855] GetCurrentThreadId () returned 0x1130 [0273.855] GetCurrentThreadId () returned 0x1130 [0273.855] GetCurrentThreadId () returned 0x1130 [0273.855] GetCurrentThreadId () returned 0x1130 [0273.855] free (_Block=0x31e40b0) [0273.856] free (_Block=0x31e1ca0) [0273.856] free (_Block=0x1d7470) [0273.856] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0273.857] free (_Block=0x31d72b8) [0273.857] free (_Block=0x1d1338) [0273.857] CloseHandle (hObject=0x2b4) returned 1 [0273.857] CloseHandle (hObject=0x404) returned 1 [0273.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.857] SetLastError (dwErrCode=0x0) [0273.857] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x6f [0273.858] GetLastError () returned 0x0 [0273.858] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.858] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.858] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.858] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.858] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\settings")) returned 0x10 [0273.858] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\settings\\settings.dat")) returned 1 [0273.859] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x31, wMilliseconds=0x33a)) [0273.859] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0273.860] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.860] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0273.860] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0273.860] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0273.860] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0273.860] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0273.860] CloseHandle (hObject=0x404) returned 1 [0273.860] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[@I@\\D~{x_q*`i!j.=R*MD.sC1L/r}l-$\\}3},b;P:,hG]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0273.860] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[@I@\\D~{x_q*`i!j.=R*MD.sC1L/r}l-$\\}3},b;P:,hG]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0273.860] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[@I@\\D~{x_q*`i!j.=R*MD.sC1L/r}l-$\\}3},b;P:,hG]", cchWideChar=70, lpMultiByteStr=0x252c708, cbMultiByte=70, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[@I@\\D~{x_q*`i!j.=R*MD.sC1L/r}l-$\\}3},b;P:,hG]", lpUsedDefaultChar=0x0) returned 70 [0273.867] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0273.867] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4=") returned 172 [0273.867] GetCurrentThreadId () returned 0x1130 [0273.868] GetCurrentThreadId () returned 0x1130 [0273.868] GetCurrentThreadId () returned 0x1130 [0273.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.868] SetLastError (dwErrCode=0x0) [0273.868] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320") returned 0xae [0273.868] GetLastError () returned 0x0 [0273.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0273.868] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0273.868] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\settings")) returned 0x10 [0273.868] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].wannacash ncov v310320")) returned 0x20 [0273.869] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [871].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0273.869] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0273.869] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0273.869] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0273.869] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0273.869] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0273.869] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.869] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.869] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.869] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.869] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.869] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.870] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0273.870] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3") returned 197 [0273.870] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0273.870] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3") returned 197 [0273.870] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0273.870] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.870] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0273.870] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:sbo1GvY6fOfvaLUdPJR38PIHcEADGDxoZ+O7ZLEQtFWZ/KuikbBSbeCsKD+WVW3th3CfLpGE1R5rq2LlbDUUZXw9AOMgXuX1aO80lSFgH28PaFnD/JJooieec95jPMJZlxrqfzuBwrP800/Ig30fBV2E0z3Qrqd4FJpG1uEi0T4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0273.870] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0273.870] CloseHandle (hObject=0x404) returned 1 [0273.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.870] SetLastError (dwErrCode=0x0) [0273.870] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x6f [0273.870] GetLastError () returned 0x0 [0273.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0273.870] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0273.871] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\settings")) returned 0x10 [0273.905] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\settings\\settings.dat")) returned 0 [0273.905] GetLastError () returned 0x2 [0273.905] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\\settings\\settings.dat")) returned 0xffffffff [0273.905] SetLastError (dwErrCode=0x2) [0273.905] GetLastError () returned 0x2 [0273.905] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0273.905] LocalFree (hMem=0x92fe20) returned 0x0 [0273.905] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0273.906] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0273.906] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\CortanaListenUIApp_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\cortanalistenuiapp_cw5n1h2txyewy\\settings\\settings.dat")) returned 0x20 [0273.906] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=36881258948) returned 1 [0273.907] GetCurrentThreadId () returned 0x1130 [0273.907] GetCurrentThreadId () returned 0x1130 [0273.907] GetCurrentThreadId () returned 0x1130 [0273.907] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1#&vi6SV!h96.G\")W^snu-v>Y=WLYhOGc>/FrwhY=WLYhOGc>/FrwhY=WLYhOGc>/FrwhY=WLYhOGc>/FrwhY=WLYhOGc>/FrwhY=WLYhOGc>/FrwhY=WLYhOGc>/FrwhY=WLYhOGc>/Frwh.sGD>(k}k.&5\";o+`Q4\\g>!k.sGD>(k}k.&5\";o+`Q4\\g>!k.sGD>(k}k.&5\";o+`Q4\\g>!k.sGD>(k}k.&5\";o+`Q4\\g>!k.sGD>(k}k.&5\";o+`Q4\\g>!k.sGD>(k}k.&5\";o+`Q4\\g>!k.sGD>(k}k.&5\";o+`Q4\\g>!k.sGD>(k}k.&5\";o+`Q4\\g>!k;pDDqJ", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0275.324] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="w5O5.DF__/BH/dm/|isE;pDDqJ", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0275.324] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="w5O5.DF__/BH/dm/|isE;pDDqJ", cchWideChar=45, lpMultiByteStr=0x25337d8, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="w5O5.DF__/BH/dm/|isE;pDDqJ", lpUsedDefaultChar=0x0) returned 47 [0275.324] GetCurrentThreadId () returned 0x1130 [0275.324] GetCurrentThreadId () returned 0x1130 [0275.324] GetCurrentThreadId () returned 0x1130 [0275.325] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.messaging_8wekyb3d8bbwe\\localstate\\shared.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0275.325] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.messaging_8wekyb3d8bbwe\\localstate\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] GetCurrentThreadId () returned 0x1130 [0275.326] malloc (_Size=0x64) returned 0x1d1338 [0275.327] GetCurrentThreadId () returned 0x1130 [0275.327] GetCurrentThreadId () returned 0x1130 [0275.327] GetCurrentThreadId () returned 0x1130 [0275.327] GetCurrentThreadId () returned 0x1130 [0275.327] GetCurrentThreadId () returned 0x1130 [0275.327] GetCurrentThreadId () returned 0x1130 [0275.327] free (_Block=0x1d1338) [0275.327] malloc (_Size=0x60) returned 0x1d1338 [0275.327] free (_Block=0x1d1338) [0275.327] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0275.327] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8c4 [0275.327] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0275.327] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0275.327] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8c4 [0275.327] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0275.328] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x8c4, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x8c4, lpOverlapped=0x0) returned 1 [0275.330] malloc (_Size=0x8c) returned 0x1d1338 [0275.330] malloc (_Size=0xfc) returned 0x31d7f18 [0275.330] malloc (_Size=0x40) returned 0x1d14e8 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] GetCurrentThreadId () returned 0x1130 [0275.330] malloc (_Size=0xa5c) returned 0x1d9aa8 [0275.331] malloc (_Size=0x40) returned 0x1d7470 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] malloc (_Size=0xc) returned 0x31e1ee0 [0275.331] malloc (_Size=0x720) returned 0x31d2860 [0275.331] malloc (_Size=0xe3c) returned 0x1da510 [0275.331] free (_Block=0x31d2860) [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.331] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] free (_Block=0x1d9aa8) [0275.332] free (_Block=0x1d14e8) [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.332] GetCurrentThreadId () returned 0x1130 [0275.333] GetCurrentThreadId () returned 0x1130 [0275.333] GetCurrentThreadId () returned 0x1130 [0275.333] GetCurrentThreadId () returned 0x1130 [0275.333] GetCurrentThreadId () returned 0x1130 [0275.333] GetCurrentThreadId () returned 0x1130 [0275.333] GetCurrentThreadId () returned 0x1130 [0275.333] GetCurrentThreadId () returned 0x1130 [0275.333] free (_Block=0x1da510) [0275.333] free (_Block=0x31e1ee0) [0275.333] free (_Block=0x1d7470) [0275.333] WriteFile (in: hFile=0x2b4, lpBuffer=0x24362d8*, nNumberOfBytesToWrite=0xc08, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x24362d8*, lpNumberOfBytesWritten=0x19fbbc*=0xc08, lpOverlapped=0x0) returned 1 [0275.334] free (_Block=0x31d7f18) [0275.334] free (_Block=0x1d1338) [0275.334] CloseHandle (hObject=0x2b4) returned 1 [0275.335] CloseHandle (hObject=0x404) returned 1 [0275.335] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=8) returned 1 [0275.335] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=4) returned 1 [0275.335] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=8) returned 1 [0275.335] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=4) returned 1 [0275.335] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=8) returned 1 [0275.335] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=4) returned 1 [0275.335] SetLastError (dwErrCode=0x0) [0275.335] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", lpFilePart=0x19f9f8*="shared.xml") returned 0x5e [0275.335] GetLastError () returned 0x0 [0275.335] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=8) returned 1 [0275.335] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=4) returned 1 [0275.335] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=8) returned 1 [0275.335] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=4) returned 1 [0275.335] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.messaging_8wekyb3d8bbwe\\localstate")) returned 0x10 [0275.336] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.messaging_8wekyb3d8bbwe\\localstate\\shared.xml")) returned 1 [0275.352] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x33, wMilliseconds=0x136)) [0275.352] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0275.353] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0275.353] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0275.353] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0275.353] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0275.353] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0275.353] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0275.353] CloseHandle (hObject=0x404) returned 1 [0275.353] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[shared.xml]omgp:[w5O5.DF__/BH/dm/|isE;pDDqJ]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0275.353] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[shared.xml]omgp:[w5O5.DF__/BH/dm/|isE;pDDqJ]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0275.353] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[shared.xml]omgp:[w5O5.DF__/BH/dm/|isE;pDDqJ]", cchWideChar=69, lpMultiByteStr=0x252c708, cbMultiByte=69, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[shared.xml]omgp:[w5O5.DF__/BH/dm/|isE;pDDqJ]", lpUsedDefaultChar=0x0) returned 69 [0275.443] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0275.443] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ=") returned 172 [0275.443] GetCurrentThreadId () returned 0x1130 [0275.443] GetCurrentThreadId () returned 0x1130 [0275.443] GetCurrentThreadId () returned 0x1130 [0275.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0275.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0275.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0275.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0275.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0275.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0275.443] SetLastError (dwErrCode=0x0) [0275.444] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320") returned 0x9f [0275.444] GetLastError () returned 0x0 [0275.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0275.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0275.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0275.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0275.444] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.messaging_8wekyb3d8bbwe\\localstate")) returned 0x10 [0275.444] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.messaging_8wekyb3d8bbwe\\localstate\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].wannacash ncov v310320")) returned 0x20 [0275.444] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.messaging_8wekyb3d8bbwe\\localstate\\Файл зашифрован. Пиши. Почта clubnika@elude.in [897].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0275.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0275.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0275.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xc08 [0275.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0275.445] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0275.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0275.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0275.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0275.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0275.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0275.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0275.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0275.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3") returned 197 [0275.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0275.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3") returned 197 [0275.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xc08 [0275.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0275.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0275.446] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PqaDAewU3xxcX4uNmhgmB4E60fvmHMiMm6Ku9WKLwVq4bc1GxlNV2vkYKENnVdvqnU3igTZYaxVzMEkdDTMZ6JWVql7+Zdj2JwqjF1Pw5XTrkoSjcHgsrDqTz8GPCVEBQc+cVieZ/1ksKKWOVgRxYGdYY+SzvawGbQXsQ50aoBQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0275.446] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0275.454] CloseHandle (hObject=0x404) returned 1 [0275.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=8) returned 1 [0275.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=4) returned 1 [0275.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=8) returned 1 [0275.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=4) returned 1 [0275.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=8) returned 1 [0275.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=4) returned 1 [0275.455] SetLastError (dwErrCode=0x0) [0275.455] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", lpFilePart=0x19fa34*="shared.xml") returned 0x5e [0275.455] GetLastError () returned 0x0 [0275.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=8) returned 1 [0275.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=4) returned 1 [0275.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=8) returned 1 [0275.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml", cchCount2=4) returned 1 [0275.455] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.messaging_8wekyb3d8bbwe\\localstate")) returned 0x10 [0275.455] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.messaging_8wekyb3d8bbwe\\localstate\\shared.xml")) returned 0 [0275.455] GetLastError () returned 0x2 [0275.455] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\LocalState\\shared.xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.messaging_8wekyb3d8bbwe\\localstate\\shared.xml")) returned 0xffffffff [0275.455] SetLastError (dwErrCode=0x2) [0275.455] GetLastError () returned 0x2 [0275.455] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0275.455] LocalFree (hMem=0x92fe20) returned 0x0 [0275.455] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0275.456] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0275.456] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Messaging_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.messaging_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0x20 [0275.457] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37036344030) returned 1 [0275.457] GetCurrentThreadId () returned 0x1130 [0275.457] GetCurrentThreadId () returned 0x1130 [0275.457] GetCurrentThreadId () returned 0x1130 [0275.457] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="M#j=$xm{`zp;%oeYb#goNq?|`}EJUg$rU@(C,r!J5/RCD`@C6", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0277.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"J*8^>oeYb#goNq?|`}EJUg$rU@(C,r!J5/RCD`@C6", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0277.030] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"J*8^>oeYb#goNq?|`}EJUg$rU@(C,r!J5/RCD`@C6", cchWideChar=42, lpMultiByteStr=0x2524fd0, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"J*8^>oeYb#goNq?|`}EJUg$rU@(C,r!J5/RCD`@C6", lpUsedDefaultChar=0x0) returned 42 [0277.030] GetCurrentThreadId () returned 0x1130 [0277.030] GetCurrentThreadId () returned 0x1130 [0277.030] GetCurrentThreadId () returned 0x1130 [0277.030] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\history\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.030] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\history\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] malloc (_Size=0x64) returned 0x1d1338 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] GetCurrentThreadId () returned 0x1130 [0277.031] free (_Block=0x1d1338) [0277.032] malloc (_Size=0x60) returned 0x1d1338 [0277.032] free (_Block=0x1d1338) [0277.032] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.032] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.032] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.032] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.032] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.032] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.032] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0277.032] malloc (_Size=0x8c) returned 0x1d1338 [0277.032] malloc (_Size=0xfc) returned 0x31d78e8 [0277.032] malloc (_Size=0x40) returned 0x1d14e8 [0277.032] GetCurrentThreadId () returned 0x1130 [0277.032] GetCurrentThreadId () returned 0x1130 [0277.032] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] malloc (_Size=0xa5c) returned 0x1d9aa8 [0277.033] malloc (_Size=0x40) returned 0x1d7470 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] GetCurrentThreadId () returned 0x1130 [0277.033] malloc (_Size=0xc) returned 0x31e1d18 [0277.034] malloc (_Size=0x40) returned 0x1d74b8 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] free (_Block=0x1d9aa8) [0277.034] free (_Block=0x1d14e8) [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.034] GetCurrentThreadId () returned 0x1130 [0277.035] GetCurrentThreadId () returned 0x1130 [0277.035] GetCurrentThreadId () returned 0x1130 [0277.035] GetCurrentThreadId () returned 0x1130 [0277.035] GetCurrentThreadId () returned 0x1130 [0277.035] GetCurrentThreadId () returned 0x1130 [0277.035] GetCurrentThreadId () returned 0x1130 [0277.035] GetCurrentThreadId () returned 0x1130 [0277.035] free (_Block=0x1d74b8) [0277.035] free (_Block=0x31e1d18) [0277.035] free (_Block=0x1d7470) [0277.035] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0277.036] free (_Block=0x31d78e8) [0277.036] free (_Block=0x1d1338) [0277.036] CloseHandle (hObject=0x2b4) returned 1 [0277.036] CloseHandle (hObject=0x404) returned 1 [0277.036] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0277.036] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0277.036] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0277.036] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0277.036] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0277.036] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0277.036] SetLastError (dwErrCode=0x0) [0277.036] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x79 [0277.037] GetLastError () returned 0x0 [0277.037] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0277.037] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0277.037] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0277.037] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0277.037] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\history")) returned 0x2016 [0277.037] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\history\\container.dat")) returned 1 [0277.038] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x34, wMilliseconds=0x3e4)) [0277.038] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0277.038] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.038] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0277.038] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.038] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0277.038] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.038] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0277.038] CloseHandle (hObject=0x404) returned 1 [0277.038] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[\"J*8^>oeYb#goNq?|`}EJUg$rU@(C,r!J5/RCD`@C6]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0277.038] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[\"J*8^>oeYb#goNq?|`}EJUg$rU@(C,r!J5/RCD`@C6]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0277.038] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[\"J*8^>oeYb#goNq?|`}EJUg$rU@(C,r!J5/RCD`@C6]", cchWideChar=69, lpMultiByteStr=0x252c708, cbMultiByte=69, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[\"J*8^>oeYb#goNq?|`}EJUg$rU@(C,r!J5/RCD`@C6]", lpUsedDefaultChar=0x0) returned 69 [0277.045] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0277.046] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII=") returned 172 [0277.046] GetCurrentThreadId () returned 0x1130 [0277.046] GetCurrentThreadId () returned 0x1130 [0277.046] GetCurrentThreadId () returned 0x1130 [0277.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.046] SetLastError (dwErrCode=0x0) [0277.046] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320") returned 0xb7 [0277.046] GetLastError () returned 0x0 [0277.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.046] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\history")) returned 0x2016 [0277.047] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\history\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].wannacash ncov v310320")) returned 0x2020 [0277.047] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\history\\Файл зашифрован. Пиши. Почта clubnika@elude.in [928].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.047] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0277.047] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.047] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0277.047] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.047] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0277.047] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.047] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.047] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.047] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.047] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.047] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.047] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.047] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3") returned 197 [0277.048] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.048] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3") returned 197 [0277.048] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0277.048] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.048] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.048] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Dz48sBlWbnuPGtVsIskrwgfy7CNBy/K7gIAM8i7IHOCvwBfs9DO5sNhsR3WgmzqeieocG7SDV1yn49UhQpJLzwR6gam5S/537MMFLI8wvlM1Bfg4LlOXz8BzXGlpRl+qBDt9AlC2fTpq8v/O/5IXnDg4xqGpbkw89FKES8FYEII= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.048] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0277.048] CloseHandle (hObject=0x404) returned 1 [0277.048] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0277.048] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0277.048] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0277.048] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0277.048] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0277.048] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0277.048] SetLastError (dwErrCode=0x0) [0277.048] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x79 [0277.049] GetLastError () returned 0x0 [0277.049] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0277.049] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0277.049] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0277.049] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0277.049] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\history")) returned 0x2016 [0277.049] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\history\\container.dat")) returned 0 [0277.049] GetLastError () returned 0x2 [0277.049] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\History\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\history\\container.dat")) returned 0xffffffff [0277.049] SetLastError (dwErrCode=0x2) [0277.049] GetLastError () returned 0x2 [0277.049] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0277.049] LocalFree (hMem=0x92fe20) returned 0x0 [0277.049] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0277.050] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0277.050] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatcache\\container.dat")) returned 0x2026 [0277.050] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37195618973) returned 1 [0277.050] GetCurrentThreadId () returned 0x1130 [0277.050] GetCurrentThreadId () returned 0x1130 [0277.050] GetCurrentThreadId () returned 0x1130 [0277.050] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&\"I`\"myM3\"96}Woe7-/QKRvh?W№Q<*!;GTxg45:", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0277.050] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&\"I`\"myM3\"96}Woe7-/QKRvh?W№Q<*!;GTxg45:", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0277.050] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&\"I`\"myM3\"96}Woe7-/QKRvh?W№Q<*!;GTxg45:", cchWideChar=39, lpMultiByteStr=0x2524fd0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="&\"I`\"myM3\"96}Woe7-/QKRvh?Wâ\x84\x96Q<*!;GTxg45:", lpUsedDefaultChar=0x0) returned 41 [0277.050] GetCurrentThreadId () returned 0x1130 [0277.050] GetCurrentThreadId () returned 0x1130 [0277.050] GetCurrentThreadId () returned 0x1130 [0277.050] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatcache\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.051] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.064] GetCurrentThreadId () returned 0x1130 [0277.065] malloc (_Size=0x64) returned 0x1d1338 [0277.065] GetCurrentThreadId () returned 0x1130 [0277.065] GetCurrentThreadId () returned 0x1130 [0277.065] GetCurrentThreadId () returned 0x1130 [0277.065] GetCurrentThreadId () returned 0x1130 [0277.065] GetCurrentThreadId () returned 0x1130 [0277.065] GetCurrentThreadId () returned 0x1130 [0277.065] free (_Block=0x1d1338) [0277.065] malloc (_Size=0x60) returned 0x1d1338 [0277.065] free (_Block=0x1d1338) [0277.065] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.065] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.065] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.065] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.065] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.065] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.065] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0277.066] malloc (_Size=0x8c) returned 0x1d1338 [0277.066] malloc (_Size=0xfc) returned 0x31d7f18 [0277.066] malloc (_Size=0x40) returned 0x1d14e8 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] malloc (_Size=0xa5c) returned 0x1d9aa8 [0277.066] malloc (_Size=0x40) returned 0x1d7470 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] GetCurrentThreadId () returned 0x1130 [0277.066] malloc (_Size=0xc) returned 0x31e1d18 [0277.067] malloc (_Size=0x40) returned 0x1d74b8 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] free (_Block=0x1d9aa8) [0277.067] free (_Block=0x1d14e8) [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.067] GetCurrentThreadId () returned 0x1130 [0277.068] GetCurrentThreadId () returned 0x1130 [0277.068] GetCurrentThreadId () returned 0x1130 [0277.068] GetCurrentThreadId () returned 0x1130 [0277.068] GetCurrentThreadId () returned 0x1130 [0277.068] GetCurrentThreadId () returned 0x1130 [0277.068] free (_Block=0x1d74b8) [0277.068] free (_Block=0x31e1d18) [0277.068] free (_Block=0x1d7470) [0277.068] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0277.069] free (_Block=0x31d7f18) [0277.069] free (_Block=0x1d1338) [0277.069] CloseHandle (hObject=0x2b4) returned 1 [0277.069] CloseHandle (hObject=0x404) returned 1 [0277.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=8) returned 1 [0277.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=4) returned 1 [0277.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=8) returned 1 [0277.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=4) returned 1 [0277.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=8) returned 1 [0277.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=4) returned 1 [0277.069] SetLastError (dwErrCode=0x0) [0277.069] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x7f [0277.069] GetLastError () returned 0x0 [0277.069] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=8) returned 1 [0277.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=4) returned 1 [0277.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=8) returned 1 [0277.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=4) returned 1 [0277.070] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatcache")) returned 0x2016 [0277.070] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatcache\\container.dat")) returned 1 [0277.070] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x35, wMilliseconds=0x1b)) [0277.070] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0277.070] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0277.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0277.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.071] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0277.071] CloseHandle (hObject=0x404) returned 1 [0277.071] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[&\"I`\"myM3\"96}Woe7-/QKRvh?W№Q<*!;GTxg45:]", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0277.071] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[&\"I`\"myM3\"96}Woe7-/QKRvh?W№Q<*!;GTxg45:]", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0277.071] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[&\"I`\"myM3\"96}Woe7-/QKRvh?W№Q<*!;GTxg45:]", cchWideChar=66, lpMultiByteStr=0x2541be8, cbMultiByte=66, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[&\"I`\"myM3\"96}Woe7-/QKRvh?W?Q<*!;GTxg45:]", lpUsedDefaultChar=0x0) returned 66 [0277.100] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0277.100] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU=") returned 172 [0277.100] GetCurrentThreadId () returned 0x1130 [0277.100] GetCurrentThreadId () returned 0x1130 [0277.100] GetCurrentThreadId () returned 0x1130 [0277.100] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.100] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.100] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.100] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.100] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.100] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.100] SetLastError (dwErrCode=0x0) [0277.100] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320") returned 0xbd [0277.100] GetLastError () returned 0x0 [0277.100] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.100] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.100] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.100] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.100] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatcache")) returned 0x2016 [0277.100] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].wannacash ncov v310320")) returned 0x2020 [0277.101] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [929].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0277.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0277.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.101] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0277.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.101] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.101] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.101] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3") returned 197 [0277.101] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.101] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3") returned 197 [0277.101] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0277.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.101] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BW/9/kwa76fOswDCPFk3/tnzDgm8SsgzDgwdrQFjN2wuoYTjNQFYnNwFa//OQOr9muxqIh+8Jfjbc0IAJNB4GpTHSYGM62LJPLiJOcXwr1yWEaCk2X2jEd4H7vRANLqtoM3JsatpezTfSlyuQPoUJT+YnXF1s/R8AD1+Za8xWjU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.102] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0277.102] CloseHandle (hObject=0x404) returned 1 [0277.102] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=8) returned 1 [0277.102] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=4) returned 1 [0277.102] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=8) returned 1 [0277.102] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=4) returned 1 [0277.102] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=8) returned 1 [0277.102] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=4) returned 1 [0277.102] SetLastError (dwErrCode=0x0) [0277.102] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x7f [0277.102] GetLastError () returned 0x0 [0277.102] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=8) returned 1 [0277.102] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=4) returned 1 [0277.102] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=8) returned 1 [0277.102] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat", cchCount2=4) returned 1 [0277.102] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatcache")) returned 0x2016 [0277.102] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatcache\\container.dat")) returned 0 [0277.102] GetLastError () returned 0x2 [0277.102] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatcache\\container.dat")) returned 0xffffffff [0277.103] SetLastError (dwErrCode=0x2) [0277.103] GetLastError () returned 0x2 [0277.103] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0277.103] LocalFree (hMem=0x92fe20) returned 0x0 [0277.103] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0277.103] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0277.103] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatuacache\\container.dat")) returned 0x2026 [0277.104] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37200979233) returned 1 [0277.104] GetCurrentThreadId () returned 0x1130 [0277.104] GetCurrentThreadId () returned 0x1130 [0277.104] GetCurrentThreadId () returned 0x1130 [0277.104] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="88RfclnoRa{HO}7W@}g;LP}8\\a7n;ab/", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0277.104] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="88RfclnoRa{HO}7W@}g;LP}8\\a7n;ab/", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0277.104] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="88RfclnoRa{HO}7W@}g;LP}8\\a7n;ab/", cchWideChar=32, lpMultiByteStr=0x250f7e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="88RfclnoRa{HO}7W@}g;LP}8\\a7n;ab/", lpUsedDefaultChar=0x0) returned 32 [0277.104] GetCurrentThreadId () returned 0x1130 [0277.104] GetCurrentThreadId () returned 0x1130 [0277.104] GetCurrentThreadId () returned 0x1130 [0277.104] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatuacache\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.104] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatuacache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] GetCurrentThreadId () returned 0x1130 [0277.107] malloc (_Size=0x64) returned 0x1d1338 [0277.108] GetCurrentThreadId () returned 0x1130 [0277.108] GetCurrentThreadId () returned 0x1130 [0277.108] GetCurrentThreadId () returned 0x1130 [0277.108] GetCurrentThreadId () returned 0x1130 [0277.108] GetCurrentThreadId () returned 0x1130 [0277.108] GetCurrentThreadId () returned 0x1130 [0277.108] free (_Block=0x1d1338) [0277.108] malloc (_Size=0x60) returned 0x1d1338 [0277.108] free (_Block=0x1d1338) [0277.108] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.108] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.108] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.108] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.108] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.108] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.108] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0277.108] malloc (_Size=0x8c) returned 0x1d1338 [0277.108] malloc (_Size=0xfc) returned 0x31d7af8 [0277.108] malloc (_Size=0x40) returned 0x1d14e8 [0277.108] GetCurrentThreadId () returned 0x1130 [0277.108] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] malloc (_Size=0xa5c) returned 0x1d9aa8 [0277.109] malloc (_Size=0x40) returned 0x1d7470 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] GetCurrentThreadId () returned 0x1130 [0277.109] malloc (_Size=0xc) returned 0x31e1ef8 [0277.109] malloc (_Size=0x40) returned 0x1d74b8 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] free (_Block=0x1d9aa8) [0277.110] free (_Block=0x1d14e8) [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.110] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] GetCurrentThreadId () returned 0x1130 [0277.111] free (_Block=0x1d74b8) [0277.111] free (_Block=0x31e1ef8) [0277.111] free (_Block=0x1d7470) [0277.111] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0277.112] free (_Block=0x31d7af8) [0277.112] free (_Block=0x1d1338) [0277.112] CloseHandle (hObject=0x2b4) returned 1 [0277.112] CloseHandle (hObject=0x404) returned 1 [0277.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0277.113] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0277.113] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0277.113] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0277.113] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0277.113] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0277.113] SetLastError (dwErrCode=0x0) [0277.113] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x81 [0277.113] GetLastError () returned 0x0 [0277.113] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0277.113] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0277.113] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0277.113] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0277.113] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatuacache")) returned 0x2016 [0277.113] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatuacache\\container.dat")) returned 1 [0277.114] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x35, wMilliseconds=0x4a)) [0277.114] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0277.114] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.114] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0277.114] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.114] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0277.114] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.114] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0277.114] CloseHandle (hObject=0x404) returned 1 [0277.114] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[88RfclnoRa{HO}7W@}g;LP}8\\a7n;ab/]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0277.114] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[88RfclnoRa{HO}7W@}g;LP}8\\a7n;ab/]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0277.114] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[88RfclnoRa{HO}7W@}g;LP}8\\a7n;ab/]", cchWideChar=59, lpMultiByteStr=0x2516b60, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[88RfclnoRa{HO}7W@}g;LP}8\\a7n;ab/]", lpUsedDefaultChar=0x0) returned 59 [0277.121] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0277.121] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8=") returned 172 [0277.121] GetCurrentThreadId () returned 0x1130 [0277.121] GetCurrentThreadId () returned 0x1130 [0277.121] GetCurrentThreadId () returned 0x1130 [0277.121] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.121] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.121] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.121] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.121] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.121] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.121] SetLastError (dwErrCode=0x0) [0277.121] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320") returned 0xbf [0277.122] GetLastError () returned 0x0 [0277.122] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.122] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.122] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.122] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.122] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatuacache")) returned 0x2016 [0277.122] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatuacache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].wannacash ncov v310320")) returned 0x2020 [0277.122] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatuacache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [930].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.122] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0277.122] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.122] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0277.122] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.123] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0277.123] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.123] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.123] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.123] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.123] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.123] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.123] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.123] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3") returned 197 [0277.123] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.123] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3") returned 197 [0277.123] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0277.123] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.123] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.123] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YSSQ6uGgaJSrM7LoLSfz3hUakQo4vAfA/BalT6UzO6sECASptqAxmTRlEsj/B2TrXHnUmjwhZjvIl+8/KadYZD9CmyHtwRRKVsGwCaZ9apj3xv27WyMfnijCItXvxXuSs+dCnH5dQ6WNl7/qz3/dKSCSdWkeZFzO33Gs7lRFsB8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.123] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0277.124] CloseHandle (hObject=0x404) returned 1 [0277.124] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0277.124] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0277.124] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0277.124] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0277.124] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0277.124] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0277.124] SetLastError (dwErrCode=0x0) [0277.124] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x81 [0277.124] GetLastError () returned 0x0 [0277.124] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0277.124] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0277.124] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0277.124] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0277.124] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatuacache")) returned 0x2016 [0277.124] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatuacache\\container.dat")) returned 0 [0277.125] GetLastError () returned 0x2 [0277.125] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IECompatUaCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\iecompatuacache\\container.dat")) returned 0xffffffff [0277.125] SetLastError (dwErrCode=0x2) [0277.125] GetLastError () returned 0x2 [0277.125] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0277.125] LocalFree (hMem=0x92fe20) returned 0x0 [0277.125] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0277.125] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0277.125] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\ieflipaheadcache\\container.dat")) returned 0x2026 [0277.126] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37203175493) returned 1 [0277.126] GetCurrentThreadId () returned 0x1130 [0277.126] GetCurrentThreadId () returned 0x1130 [0277.126] GetCurrentThreadId () returned 0x1130 [0277.126] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="^l:YROObJd9OoA+nG№BVRllK4,V7Y?nk", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0277.126] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="^l:YROObJd9OoA+nG№BVRllK4,V7Y?nk", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0277.126] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="^l:YROObJd9OoA+nG№BVRllK4,V7Y?nk", cchWideChar=32, lpMultiByteStr=0x250f7b8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="^l:YROObJd9OoA+nGâ\x84\x96BVRllK4,V7Y?nk", lpUsedDefaultChar=0x0) returned 34 [0277.126] GetCurrentThreadId () returned 0x1130 [0277.126] GetCurrentThreadId () returned 0x1130 [0277.126] GetCurrentThreadId () returned 0x1130 [0277.126] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\ieflipaheadcache\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.126] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\ieflipaheadcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] malloc (_Size=0x64) returned 0x1d1338 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.129] GetCurrentThreadId () returned 0x1130 [0277.130] GetCurrentThreadId () returned 0x1130 [0277.130] GetCurrentThreadId () returned 0x1130 [0277.130] GetCurrentThreadId () returned 0x1130 [0277.130] free (_Block=0x1d1338) [0277.130] malloc (_Size=0x60) returned 0x1d1338 [0277.130] free (_Block=0x1d1338) [0277.130] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.130] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.130] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.130] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.130] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.130] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.130] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0277.130] malloc (_Size=0x8c) returned 0x1d1338 [0277.131] malloc (_Size=0xfc) returned 0x31d7f18 [0277.131] malloc (_Size=0x40) returned 0x1d14e8 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] malloc (_Size=0xa5c) returned 0x1d9aa8 [0277.131] malloc (_Size=0x40) returned 0x1d7470 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.131] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] malloc (_Size=0xc) returned 0x31e1e50 [0277.132] malloc (_Size=0x40) returned 0x1d74b8 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] GetCurrentThreadId () returned 0x1130 [0277.132] free (_Block=0x1d9aa8) [0277.132] free (_Block=0x1d14e8) [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] GetCurrentThreadId () returned 0x1130 [0277.133] free (_Block=0x1d74b8) [0277.133] free (_Block=0x31e1e50) [0277.133] free (_Block=0x1d7470) [0277.133] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0277.179] free (_Block=0x31d7f18) [0277.179] free (_Block=0x1d1338) [0277.179] CloseHandle (hObject=0x2b4) returned 1 [0277.179] CloseHandle (hObject=0x404) returned 1 [0277.179] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0277.179] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0277.179] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0277.179] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0277.179] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0277.179] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0277.179] SetLastError (dwErrCode=0x0) [0277.179] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x82 [0277.179] GetLastError () returned 0x0 [0277.179] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0277.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0277.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0277.180] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0277.180] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\ieflipaheadcache")) returned 0x2016 [0277.180] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\ieflipaheadcache\\container.dat")) returned 1 [0277.181] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x35, wMilliseconds=0x88)) [0277.181] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0277.181] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.181] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0277.181] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.181] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0277.181] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.182] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0277.182] CloseHandle (hObject=0x404) returned 1 [0277.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[^l:YROObJd9OoA+nG№BVRllK4,V7Y?nk]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0277.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[^l:YROObJd9OoA+nG№BVRllK4,V7Y?nk]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0277.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[^l:YROObJd9OoA+nG№BVRllK4,V7Y?nk]", cchWideChar=59, lpMultiByteStr=0x2516b18, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[^l:YROObJd9OoA+nG?BVRllK4,V7Y?nk]", lpUsedDefaultChar=0x0) returned 59 [0277.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0277.190] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0=") returned 172 [0277.190] GetCurrentThreadId () returned 0x1130 [0277.190] GetCurrentThreadId () returned 0x1130 [0277.190] GetCurrentThreadId () returned 0x1130 [0277.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.190] SetLastError (dwErrCode=0x0) [0277.190] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320") returned 0xc0 [0277.190] GetLastError () returned 0x0 [0277.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.191] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.191] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.191] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.191] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\ieflipaheadcache")) returned 0x2016 [0277.191] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\ieflipaheadcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].wannacash ncov v310320")) returned 0x2020 [0277.191] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\ieflipaheadcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [931].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.191] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0277.191] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.191] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0277.192] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.192] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0277.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.192] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.192] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3") returned 197 [0277.192] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.192] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3") returned 197 [0277.192] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0277.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.192] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:gVCz5fkn1yEdvFjcobBRdpjkAc/HePhy07pLEUzEYR9X9k6WdUC550nXWvhl4xm4H6+SkDXpXwcxG5Q5co12S3mS37KEeCcQK7yqytpqmIglQ2+j3wE7eedM9soSsztCNIlY7fYsY4bNTlCYCOzz8cJu8I5cnblgPzKm4jOXni0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.192] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0277.193] CloseHandle (hObject=0x404) returned 1 [0277.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0277.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0277.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0277.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0277.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0277.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0277.193] SetLastError (dwErrCode=0x0) [0277.193] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x82 [0277.193] GetLastError () returned 0x0 [0277.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0277.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0277.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0277.193] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0277.193] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\ieflipaheadcache")) returned 0x2016 [0277.193] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\ieflipaheadcache\\container.dat")) returned 0 [0277.194] GetLastError () returned 0x2 [0277.194] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\IEFlipAheadCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\ieflipaheadcache\\container.dat")) returned 0xffffffff [0277.194] SetLastError (dwErrCode=0x2) [0277.194] GetLastError () returned 0x2 [0277.194] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0277.194] LocalFree (hMem=0x92fe20) returned 0x0 [0277.194] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0277.194] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0277.194] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\msimgsiz.dat")) returned 0x2020 [0277.197] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37210346989) returned 1 [0277.197] GetCurrentThreadId () returned 0x1130 [0277.197] GetCurrentThreadId () returned 0x1130 [0277.197] GetCurrentThreadId () returned 0x1130 [0277.198] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".5|V{m|`_,wfhjaHhuL(№WC|y+LD1/Ou>^K", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0277.198] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".5|V{m|`_,wfhjaHhuL(№WC|y+LD1/Ou>^K", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0277.198] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".5|V{m|`_,wfhjaHhuL(№WC|y+LD1/Ou>^K", cchWideChar=35, lpMultiByteStr=0x2524fd0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".5|V{m|`_,wfhjaHhuL(â\x84\x96WC|y+LD1/Ou>^K", lpUsedDefaultChar=0x0) returned 37 [0277.198] GetCurrentThreadId () returned 0x1130 [0277.198] GetCurrentThreadId () returned 0x1130 [0277.198] GetCurrentThreadId () returned 0x1130 [0277.198] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\msimgsiz.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.198] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] malloc (_Size=0x64) returned 0x1d1338 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.199] GetCurrentThreadId () returned 0x1130 [0277.200] GetCurrentThreadId () returned 0x1130 [0277.200] free (_Block=0x1d1338) [0277.200] malloc (_Size=0x60) returned 0x1d1338 [0277.200] free (_Block=0x1d1338) [0277.200] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.200] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xbfe0 [0277.200] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.200] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.200] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xbfe0 [0277.200] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.200] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0xbfe0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0xbfe0, lpOverlapped=0x0) returned 1 [0277.205] malloc (_Size=0x8c) returned 0x1d1338 [0277.205] malloc (_Size=0xfc) returned 0x31d77e0 [0277.205] malloc (_Size=0x40) returned 0x1d14e8 [0277.205] GetCurrentThreadId () returned 0x1130 [0277.205] GetCurrentThreadId () returned 0x1130 [0277.205] GetCurrentThreadId () returned 0x1130 [0277.205] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] malloc (_Size=0xa5c) returned 0x1d9aa8 [0277.206] malloc (_Size=0x40) returned 0x1d7470 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] GetCurrentThreadId () returned 0x1130 [0277.206] malloc (_Size=0xc) returned 0x31e1dc0 [0277.207] malloc (_Size=0x720) returned 0x31d2860 [0277.207] malloc (_Size=0xe3c) returned 0x1da510 [0277.207] free (_Block=0x31d2860) [0277.207] malloc (_Size=0x15ac) returned 0x1db358 [0277.207] free (_Block=0x1da510) [0277.207] malloc (_Size=0x23e4) returned 0x1dc910 [0277.207] free (_Block=0x1db358) [0277.207] malloc (_Size=0x3274) returned 0x31e40b0 [0277.208] free (_Block=0x1dc910) [0277.208] malloc (_Size=0x4820) returned 0x1da510 [0277.208] free (_Block=0x31e40b0) [0277.208] malloc (_Size=0x64e4) returned 0x31e40b0 [0277.208] free (_Block=0x1da510) [0277.209] malloc (_Size=0x8920) returned 0x31ea5a0 [0277.209] free (_Block=0x31e40b0) [0277.209] malloc (_Size=0xbb90) returned 0x31f2ec8 [0277.210] free (_Block=0x31ea5a0) [0277.211] malloc (_Size=0xfc90) returned 0x31fea60 [0277.212] free (_Block=0x31f2ec8) [0277.246] malloc (_Size=0x1533c) returned 0x31e40b0 [0277.246] free (_Block=0x31fea60) [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] GetCurrentThreadId () returned 0x1130 [0277.247] free (_Block=0x1d9aa8) [0277.248] free (_Block=0x1d14e8) [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] GetCurrentThreadId () returned 0x1130 [0277.248] free (_Block=0x31e40b0) [0277.249] free (_Block=0x31e1dc0) [0277.249] free (_Block=0x1d7470) [0277.249] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ce808*, nNumberOfBytesToWrite=0x10400, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ce808*, lpNumberOfBytesWritten=0x19fbbc*=0x10400, lpOverlapped=0x0) returned 1 [0277.251] free (_Block=0x31d77e0) [0277.251] free (_Block=0x1d1338) [0277.251] CloseHandle (hObject=0x2b4) returned 1 [0277.251] CloseHandle (hObject=0x404) returned 1 [0277.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=8) returned 1 [0277.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=4) returned 1 [0277.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=8) returned 1 [0277.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=4) returned 1 [0277.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=8) returned 1 [0277.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=4) returned 1 [0277.252] SetLastError (dwErrCode=0x0) [0277.252] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", lpFilePart=0x19f9f8*="MSIMGSIZ.DAT") returned 0x70 [0277.252] GetLastError () returned 0x0 [0277.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=8) returned 1 [0277.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=4) returned 1 [0277.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=8) returned 1 [0277.252] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=4) returned 1 [0277.252] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge")) returned 0x2010 [0277.252] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\msimgsiz.dat")) returned 1 [0277.254] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x35, wMilliseconds=0xd6)) [0277.254] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0277.254] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.254] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0277.254] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.254] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0277.255] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.255] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0277.255] CloseHandle (hObject=0x404) returned 1 [0277.255] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MSIMGSIZ.DAT]omgp:[.5|V{m|`_,wfhjaHhuL(№WC|y+LD1/Ou>^K]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0277.255] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MSIMGSIZ.DAT]omgp:[.5|V{m|`_,wfhjaHhuL(№WC|y+LD1/Ou>^K]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0277.255] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[MSIMGSIZ.DAT]omgp:[.5|V{m|`_,wfhjaHhuL(№WC|y+LD1/Ou>^K]", cchWideChar=61, lpMultiByteStr=0x2541be8, cbMultiByte=61, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[MSIMGSIZ.DAT]omgp:[.5|V{m|`_,wfhjaHhuL(?WC|y+LD1/Ou>^K]", lpUsedDefaultChar=0x0) returned 61 [0277.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0277.263] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k=") returned 172 [0277.263] GetCurrentThreadId () returned 0x1130 [0277.263] GetCurrentThreadId () returned 0x1130 [0277.263] GetCurrentThreadId () returned 0x1130 [0277.263] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.263] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.263] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.263] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.263] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.263] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.263] SetLastError (dwErrCode=0x0) [0277.263] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320") returned 0xaf [0277.263] GetLastError () returned 0x0 [0277.263] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.263] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.263] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.263] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.263] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge")) returned 0x2010 [0277.264] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].wannacash ncov v310320")) returned 0x2020 [0277.264] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\Файл зашифрован. Пиши. Почта clubnika@elude.in [932].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.264] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0277.264] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.264] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x10400 [0277.264] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.264] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0277.264] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.264] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.264] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.265] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.265] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.265] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3") returned 197 [0277.265] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.265] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3") returned 197 [0277.265] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x10400 [0277.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.265] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FACmOjIscDs6Ipx6ITKkGoNQwlQv0L+zHHw6n1D6GWCggud0pBWGChRi366jeDgZMZedryd2NarPnYSTVQtwdQsdyQawOjsBnKFQgz98mx+1ePtMYz/mMqJG7atUDdUx7Va0YxSFuVxOvQEKXjJjnZUWoY3MibMM+nm7iUi5z2k= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.265] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0277.265] CloseHandle (hObject=0x404) returned 1 [0277.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=8) returned 1 [0277.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=4) returned 1 [0277.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=8) returned 1 [0277.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=4) returned 1 [0277.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=8) returned 1 [0277.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=4) returned 1 [0277.266] SetLastError (dwErrCode=0x0) [0277.266] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", lpFilePart=0x19fa34*="MSIMGSIZ.DAT") returned 0x70 [0277.266] GetLastError () returned 0x0 [0277.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=8) returned 1 [0277.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=4) returned 1 [0277.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=8) returned 1 [0277.266] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT", cchCount2=4) returned 1 [0277.266] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge")) returned 0x2010 [0277.266] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\msimgsiz.dat")) returned 0 [0277.266] GetLastError () returned 0x2 [0277.266] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\MSIMGSIZ.DAT" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\msimgsiz.dat")) returned 0xffffffff [0277.267] SetLastError (dwErrCode=0x2) [0277.267] GetLastError () returned 0x2 [0277.267] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0277.267] LocalFree (hMem=0x92fe20) returned 0x0 [0277.267] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0277.268] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0277.269] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\container.dat")) returned 0x2026 [0277.269] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37217497532) returned 1 [0277.269] GetCurrentThreadId () returned 0x1130 [0277.269] GetCurrentThreadId () returned 0x1130 [0277.269] GetCurrentThreadId () returned 0x1130 [0277.269] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="=o,6&J6Pc*<\\b`W:NyO=@3&\\-V6m$f", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0277.269] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="=o,6&J6Pc*<\\b`W:NyO=@3&\\-V6m$f", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0277.269] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="=o,6&J6Pc*<\\b`W:NyO=@3&\\-V6m$f", cchWideChar=30, lpMultiByteStr=0x250f7b8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=o,6&J6Pc*<\\b`W:NyO=@3&\\-V6m$f", lpUsedDefaultChar=0x0) returned 30 [0277.269] GetCurrentThreadId () returned 0x1130 [0277.269] GetCurrentThreadId () returned 0x1130 [0277.269] GetCurrentThreadId () returned 0x1130 [0277.269] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.269] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] GetCurrentThreadId () returned 0x1130 [0277.271] malloc (_Size=0x64) returned 0x1d1338 [0277.272] GetCurrentThreadId () returned 0x1130 [0277.272] GetCurrentThreadId () returned 0x1130 [0277.272] GetCurrentThreadId () returned 0x1130 [0277.272] GetCurrentThreadId () returned 0x1130 [0277.272] GetCurrentThreadId () returned 0x1130 [0277.272] GetCurrentThreadId () returned 0x1130 [0277.272] free (_Block=0x1d1338) [0277.272] malloc (_Size=0x60) returned 0x1d1338 [0277.272] free (_Block=0x1d1338) [0277.272] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.272] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.272] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.272] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.272] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.272] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.273] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0277.273] malloc (_Size=0x8c) returned 0x1d1338 [0277.273] malloc (_Size=0xfc) returned 0x31d78e8 [0277.273] malloc (_Size=0x40) returned 0x1d14e8 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] malloc (_Size=0xa5c) returned 0x1d9aa8 [0277.273] malloc (_Size=0x40) returned 0x1d7470 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.273] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] malloc (_Size=0xc) returned 0x31e1dc0 [0277.274] malloc (_Size=0x40) returned 0x1d74b8 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.274] GetCurrentThreadId () returned 0x1130 [0277.275] GetCurrentThreadId () returned 0x1130 [0277.275] GetCurrentThreadId () returned 0x1130 [0277.275] GetCurrentThreadId () returned 0x1130 [0277.275] GetCurrentThreadId () returned 0x1130 [0277.275] free (_Block=0x1d9aa8) [0277.276] free (_Block=0x1d14e8) [0277.276] GetCurrentThreadId () returned 0x1130 [0277.276] GetCurrentThreadId () returned 0x1130 [0277.276] GetCurrentThreadId () returned 0x1130 [0277.276] GetCurrentThreadId () returned 0x1130 [0277.276] GetCurrentThreadId () returned 0x1130 [0277.276] GetCurrentThreadId () returned 0x1130 [0277.276] GetCurrentThreadId () returned 0x1130 [0277.276] GetCurrentThreadId () returned 0x1130 [0277.276] GetCurrentThreadId () returned 0x1130 [0277.276] GetCurrentThreadId () returned 0x1130 [0277.276] GetCurrentThreadId () returned 0x1130 [0277.277] GetCurrentThreadId () returned 0x1130 [0277.277] GetCurrentThreadId () returned 0x1130 [0277.277] GetCurrentThreadId () returned 0x1130 [0277.277] GetCurrentThreadId () returned 0x1130 [0277.277] GetCurrentThreadId () returned 0x1130 [0277.277] GetCurrentThreadId () returned 0x1130 [0277.277] GetCurrentThreadId () returned 0x1130 [0277.277] free (_Block=0x1d74b8) [0277.277] free (_Block=0x31e1dc0) [0277.277] free (_Block=0x1d7470) [0277.277] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0277.278] free (_Block=0x31d78e8) [0277.278] free (_Block=0x1d1338) [0277.278] CloseHandle (hObject=0x2b4) returned 1 [0277.278] CloseHandle (hObject=0x404) returned 1 [0277.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=8) returned 1 [0277.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=4) returned 1 [0277.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=8) returned 1 [0277.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=4) returned 1 [0277.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=8) returned 1 [0277.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=4) returned 1 [0277.279] SetLastError (dwErrCode=0x0) [0277.279] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x87 [0277.279] GetLastError () returned 0x0 [0277.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=8) returned 1 [0277.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=4) returned 1 [0277.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=8) returned 1 [0277.279] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=4) returned 1 [0277.279] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache")) returned 0x2016 [0277.279] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\container.dat")) returned 1 [0277.280] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x35, wMilliseconds=0xf6)) [0277.280] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0277.280] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.280] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0277.280] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.281] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0277.281] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.281] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0277.281] CloseHandle (hObject=0x404) returned 1 [0277.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[=o,6&J6Pc*<\\b`W:NyO=@3&\\-V6m$f]", cchWideChar=57, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 57 [0277.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[=o,6&J6Pc*<\\b`W:NyO=@3&\\-V6m$f]", cchWideChar=57, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 57 [0277.281] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[=o,6&J6Pc*<\\b`W:NyO=@3&\\-V6m$f]", cchWideChar=57, lpMultiByteStr=0x2516b60, cbMultiByte=57, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[=o,6&J6Pc*<\\b`W:NyO=@3&\\-V6m$f]/]", lpUsedDefaultChar=0x0) returned 57 [0277.289] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0277.289] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio=") returned 172 [0277.289] GetCurrentThreadId () returned 0x1130 [0277.289] GetCurrentThreadId () returned 0x1130 [0277.289] GetCurrentThreadId () returned 0x1130 [0277.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.290] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.290] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.290] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.290] SetLastError (dwErrCode=0x0) [0277.290] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320") returned 0xc5 [0277.290] GetLastError () returned 0x0 [0277.290] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.290] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.290] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.290] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.290] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache")) returned 0x2016 [0277.290] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].wannacash ncov v310320")) returned 0x2020 [0277.290] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [933].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.290] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0277.290] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.290] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0277.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.319] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0277.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.319] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.319] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.319] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3") returned 197 [0277.319] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.319] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3") returned 197 [0277.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0277.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.319] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:XCzkUWiQy9Vf6bi3v1t+bYWzr2r3kpISaV8jCtGSUOf6zgjYVPPbadaHmxjE4XrDk3TapQB03HezaB2Ma1gPyrnh0Ds1vO/yF3nwowNyLwI/e4vOQg9Kq9tOBRQMleMDJvChlCztXCM2rG5USda3Iv5dW3uQffW/2CEEHOBcyio= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.320] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0277.320] CloseHandle (hObject=0x404) returned 1 [0277.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=8) returned 1 [0277.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=4) returned 1 [0277.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=8) returned 1 [0277.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=4) returned 1 [0277.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=8) returned 1 [0277.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=4) returned 1 [0277.320] SetLastError (dwErrCode=0x0) [0277.320] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x87 [0277.320] GetLastError () returned 0x0 [0277.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=8) returned 1 [0277.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=4) returned 1 [0277.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=8) returned 1 [0277.320] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat", cchCount2=4) returned 1 [0277.321] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache")) returned 0x2016 [0277.321] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\container.dat")) returned 0 [0277.321] GetLastError () returned 0x2 [0277.321] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\container.dat")) returned 0xffffffff [0277.321] SetLastError (dwErrCode=0x2) [0277.321] GetLastError () returned 0x2 [0277.321] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0277.321] LocalFree (hMem=0x92fe20) returned 0x0 [0277.321] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0277.321] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0277.322] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\0c3677ec[1].css")) returned 0x2020 [0277.323] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37222908768) returned 1 [0277.323] GetCurrentThreadId () returned 0x1130 [0277.323] GetCurrentThreadId () returned 0x1130 [0277.323] GetCurrentThreadId () returned 0x1130 [0277.323] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="v/Uo\\G58?PQm*LwR.PQOrRHPK", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0277.323] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="v/Uo\\G58?PQm*LwR.PQOrRHPK", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0277.323] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="v/Uo\\G58?PQm*LwR.PQOrRHPK", cchWideChar=25, lpMultiByteStr=0x2508f38, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="v/Uo\\G58?PQm*LwR.PQOrRHPK", lpUsedDefaultChar=0x0) returned 25 [0277.323] GetCurrentThreadId () returned 0x1130 [0277.323] GetCurrentThreadId () returned 0x1130 [0277.323] GetCurrentThreadId () returned 0x1130 [0277.323] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\0c3677ec[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.324] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0277.324] GetCurrentThreadId () returned 0x1130 [0277.324] GetCurrentThreadId () returned 0x1130 [0277.324] GetCurrentThreadId () returned 0x1130 [0277.324] GetCurrentThreadId () returned 0x1130 [0277.324] GetCurrentThreadId () returned 0x1130 [0277.324] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] malloc (_Size=0x64) returned 0x1d1338 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] GetCurrentThreadId () returned 0x1130 [0277.325] free (_Block=0x1d1338) [0277.325] malloc (_Size=0x60) returned 0x1d1338 [0277.325] free (_Block=0x1d1338) [0277.325] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.326] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x598 [0277.326] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.326] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.326] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x598 [0277.326] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.326] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x598, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x598, lpOverlapped=0x0) returned 1 [0277.328] malloc (_Size=0x8c) returned 0x1d1338 [0277.328] malloc (_Size=0xfc) returned 0x31d72b8 [0277.328] malloc (_Size=0x40) returned 0x1d14e8 [0277.328] GetCurrentThreadId () returned 0x1130 [0277.328] GetCurrentThreadId () returned 0x1130 [0277.328] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] malloc (_Size=0xa5c) returned 0x1d9aa8 [0277.329] malloc (_Size=0x40) returned 0x1d7470 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.329] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] malloc (_Size=0xc) returned 0x31e1ca0 [0277.330] malloc (_Size=0x720) returned 0x31d2860 [0277.330] malloc (_Size=0xa2c) returned 0x1da510 [0277.330] free (_Block=0x31d2860) [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] GetCurrentThreadId () returned 0x1130 [0277.330] free (_Block=0x1d9aa8) [0277.330] free (_Block=0x1d14e8) [0277.330] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] GetCurrentThreadId () returned 0x1130 [0277.331] free (_Block=0x1da510) [0277.331] free (_Block=0x31e1ca0) [0277.331] free (_Block=0x1d7470) [0277.331] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c64f8*, nNumberOfBytesToWrite=0x7b7, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c64f8*, lpNumberOfBytesWritten=0x19fbbc*=0x7b7, lpOverlapped=0x0) returned 1 [0277.332] free (_Block=0x31d72b8) [0277.332] free (_Block=0x1d1338) [0277.332] CloseHandle (hObject=0x2b4) returned 1 [0277.332] CloseHandle (hObject=0x404) returned 1 [0277.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=8) returned 1 [0277.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=4) returned 1 [0277.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=8) returned 1 [0277.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=4) returned 1 [0277.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=8) returned 1 [0277.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=4) returned 1 [0277.333] SetLastError (dwErrCode=0x0) [0277.333] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", lpFilePart=0x19f9f8*="0c3677ec[1].css") returned 0x94 [0277.333] GetLastError () returned 0x0 [0277.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=8) returned 1 [0277.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=4) returned 1 [0277.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=8) returned 1 [0277.333] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=4) returned 1 [0277.333] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1")) returned 0x2016 [0277.333] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\0c3677ec[1].css")) returned 1 [0277.334] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x35, wMilliseconds=0x125)) [0277.335] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0277.335] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.335] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0277.335] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.335] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0277.335] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.335] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0277.335] CloseHandle (hObject=0x404) returned 1 [0277.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0c3677ec[1].css]omgp:[v/Uo\\G58?PQm*LwR.PQOrRHPK]", cchWideChar=54, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0277.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0c3677ec[1].css]omgp:[v/Uo\\G58?PQm*LwR.PQOrRHPK]", cchWideChar=54, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0277.335] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0c3677ec[1].css]omgp:[v/Uo\\G58?PQm*LwR.PQOrRHPK]", cchWideChar=54, lpMultiByteStr=0x2516b18, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[0c3677ec[1].css]omgp:[v/Uo\\G58?PQm*LwR.PQOrRHPK]", lpUsedDefaultChar=0x0) returned 54 [0277.342] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0277.342] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE=") returned 172 [0277.342] GetCurrentThreadId () returned 0x1130 [0277.342] GetCurrentThreadId () returned 0x1130 [0277.342] GetCurrentThreadId () returned 0x1130 [0277.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.342] SetLastError (dwErrCode=0x0) [0277.342] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320") returned 0xd0 [0277.342] GetLastError () returned 0x0 [0277.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.342] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.342] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1")) returned 0x2016 [0277.343] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].wannacash ncov v310320")) returned 0x2020 [0277.343] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [934].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.343] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0277.343] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.343] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x7b7 [0277.343] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.343] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0277.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.344] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.344] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3") returned 197 [0277.344] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.344] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3") returned 197 [0277.344] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x7b7 [0277.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.344] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rMWXWnt6wHBCVsA/EP0MXZONLUrWXzPqdeC3C+47FNk3YF0p07ZYwn8d46RygUIaEpfOSpxKFu+bwsiQx3LGmDd3IE1rN65H4uu08dsSiTMtxdNQhAvHOnVR6NNzOoqLZrwquwWAuXVh/48kaTcCQpofGGz8XJd/YhHRIWMpViE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.344] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0277.344] CloseHandle (hObject=0x404) returned 1 [0277.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=8) returned 1 [0277.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=4) returned 1 [0277.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=8) returned 1 [0277.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=4) returned 1 [0277.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=8) returned 1 [0277.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=4) returned 1 [0277.344] SetLastError (dwErrCode=0x0) [0277.344] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", lpFilePart=0x19fa34*="0c3677ec[1].css") returned 0x94 [0277.344] GetLastError () returned 0x0 [0277.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=8) returned 1 [0277.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=4) returned 1 [0277.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=8) returned 1 [0277.345] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css", cchCount2=4) returned 1 [0277.345] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1")) returned 0x2016 [0277.345] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\0c3677ec[1].css")) returned 0 [0277.345] GetLastError () returned 0x2 [0277.345] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\0c3677ec[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\0c3677ec[1].css")) returned 0xffffffff [0277.345] SetLastError (dwErrCode=0x2) [0277.345] GetLastError () returned 0x2 [0277.345] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0277.345] LocalFree (hMem=0x92fe20) returned 0x0 [0277.345] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0277.345] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0277.345] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\1e1979ca[1].js")) returned 0x2020 [0277.346] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37225261547) returned 1 [0277.347] GetCurrentThreadId () returned 0x1130 [0277.347] GetCurrentThreadId () returned 0x1130 [0277.347] GetCurrentThreadId () returned 0x1130 [0277.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dS6nl3l|:QyFyy{)39CycIVDlt-}M&e21yt5,/1Hlz|", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0277.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dS6nl3l|:QyFyy{)39CycIVDlt-}M&e21yt5,/1Hlz|", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0277.347] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="dS6nl3l|:QyFyy{)39CycIVDlt-}M&e21yt5,/1Hlz|", cchWideChar=43, lpMultiByteStr=0x2524fd0, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dS6nl3l|:QyFyy{)39CycIVDlt-}M&e21yt5,/1Hlz|", lpUsedDefaultChar=0x0) returned 43 [0277.347] GetCurrentThreadId () returned 0x1130 [0277.347] GetCurrentThreadId () returned 0x1130 [0277.347] GetCurrentThreadId () returned 0x1130 [0277.347] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\1e1979ca[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.347] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] malloc (_Size=0x64) returned 0x1d1338 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.348] GetCurrentThreadId () returned 0x1130 [0277.349] GetCurrentThreadId () returned 0x1130 [0277.349] GetCurrentThreadId () returned 0x1130 [0277.349] GetCurrentThreadId () returned 0x1130 [0277.349] free (_Block=0x1d1338) [0277.349] malloc (_Size=0x60) returned 0x1d1338 [0277.349] free (_Block=0x1d1338) [0277.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3e63 [0277.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3e63 [0277.349] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.349] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x3e63, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x3e63, lpOverlapped=0x0) returned 1 [0277.351] malloc (_Size=0x8c) returned 0x1d1338 [0277.351] malloc (_Size=0xfc) returned 0x31d7d08 [0277.351] malloc (_Size=0x40) returned 0x1d14e8 [0277.351] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] malloc (_Size=0xa5c) returned 0x1d9aa8 [0277.352] malloc (_Size=0x40) returned 0x1d7470 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] GetCurrentThreadId () returned 0x1130 [0277.352] malloc (_Size=0xc) returned 0x31e1ec8 [0277.352] malloc (_Size=0x720) returned 0x31d2860 [0277.352] malloc (_Size=0xe3c) returned 0x1da510 [0277.353] free (_Block=0x31d2860) [0277.353] malloc (_Size=0x15ac) returned 0x1db358 [0277.353] free (_Block=0x1da510) [0277.353] malloc (_Size=0x23e4) returned 0x1dc910 [0277.353] free (_Block=0x1db358) [0277.353] malloc (_Size=0x3274) returned 0x31e40b0 [0277.420] free (_Block=0x1dc910) [0277.420] malloc (_Size=0x4820) returned 0x1da510 [0277.421] free (_Block=0x31e40b0) [0277.421] malloc (_Size=0x64e4) returned 0x31e40b0 [0277.421] free (_Block=0x1da510) [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] GetCurrentThreadId () returned 0x1130 [0277.421] free (_Block=0x1d9aa8) [0277.422] free (_Block=0x1d14e8) [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] GetCurrentThreadId () returned 0x1130 [0277.422] free (_Block=0x31e40b0) [0277.423] free (_Block=0x31e1ec8) [0277.423] free (_Block=0x1d7470) [0277.423] WriteFile (in: hFile=0x2b4, lpBuffer=0x39be608*, nNumberOfBytesToWrite=0x54a6, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39be608*, lpNumberOfBytesWritten=0x19fbbc*=0x54a6, lpOverlapped=0x0) returned 1 [0277.424] free (_Block=0x31d7d08) [0277.425] free (_Block=0x1d1338) [0277.425] CloseHandle (hObject=0x2b4) returned 1 [0277.425] CloseHandle (hObject=0x404) returned 1 [0277.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=8) returned 1 [0277.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=4) returned 1 [0277.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=8) returned 1 [0277.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=4) returned 1 [0277.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=8) returned 1 [0277.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=4) returned 1 [0277.425] SetLastError (dwErrCode=0x0) [0277.425] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", lpFilePart=0x19f9f8*="1e1979ca[1].js") returned 0x93 [0277.425] GetLastError () returned 0x0 [0277.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=8) returned 1 [0277.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=4) returned 1 [0277.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=8) returned 1 [0277.425] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=4) returned 1 [0277.425] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1")) returned 0x2016 [0277.425] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\1e1979ca[1].js")) returned 1 [0277.427] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x35, wMilliseconds=0x182)) [0277.427] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0277.427] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.427] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0277.427] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.427] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0277.427] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.427] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0277.427] CloseHandle (hObject=0x404) returned 1 [0277.427] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1e1979ca[1].js]omgp:[dS6nl3l|:QyFyy{)39CycIVDlt-}M&e21yt5,/1Hlz|]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0277.428] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1e1979ca[1].js]omgp:[dS6nl3l|:QyFyy{)39CycIVDlt-}M&e21yt5,/1Hlz|]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0277.428] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[1e1979ca[1].js]omgp:[dS6nl3l|:QyFyy{)39CycIVDlt-}M&e21yt5,/1Hlz|]", cchWideChar=71, lpMultiByteStr=0x252c708, cbMultiByte=71, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[1e1979ca[1].js]omgp:[dS6nl3l|:QyFyy{)39CycIVDlt-}M&e21yt5,/1Hlz|]", lpUsedDefaultChar=0x0) returned 71 [0277.434] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0277.434] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA=") returned 172 [0277.434] GetCurrentThreadId () returned 0x1130 [0277.434] GetCurrentThreadId () returned 0x1130 [0277.434] GetCurrentThreadId () returned 0x1130 [0277.434] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.434] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.434] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.434] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.434] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.434] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.434] SetLastError (dwErrCode=0x0) [0277.435] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320") returned 0xd0 [0277.435] GetLastError () returned 0x0 [0277.435] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.435] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.435] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.435] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.435] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1")) returned 0x2016 [0277.435] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].wannacash ncov v310320")) returned 0x2020 [0277.435] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [935].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.435] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0277.435] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.436] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x54a6 [0277.436] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.436] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0277.436] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.436] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.436] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.436] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.436] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.436] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.436] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.436] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3") returned 197 [0277.436] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.436] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3") returned 197 [0277.436] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x54a6 [0277.436] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.436] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.436] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:rAl6f7kXRb0fG31FDzpjyZM0B/vtMCq2/k7BYbwIeXRRiCdKYa2yz9DPA/rf2M0m3lQdTie5ZSEs9bdK5xKBETVKKpC9D+p0jKqRPi+iNVnGBH2/Hyjap6p/nNVhxslVtwng2NJHLxnjzCH3QAOi0gT0Yen4V/xdYhROBlXZ8gA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.436] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0277.437] CloseHandle (hObject=0x404) returned 1 [0277.437] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=8) returned 1 [0277.437] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=4) returned 1 [0277.437] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=8) returned 1 [0277.437] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=4) returned 1 [0277.437] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=8) returned 1 [0277.437] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=4) returned 1 [0277.437] SetLastError (dwErrCode=0x0) [0277.437] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", lpFilePart=0x19fa34*="1e1979ca[1].js") returned 0x93 [0277.437] GetLastError () returned 0x0 [0277.437] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=8) returned 1 [0277.437] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=4) returned 1 [0277.437] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=8) returned 1 [0277.437] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js", cchCount2=4) returned 1 [0277.437] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1")) returned 0x2016 [0277.438] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\1e1979ca[1].js")) returned 0 [0277.438] GetLastError () returned 0x2 [0277.438] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\1e1979ca[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\1e1979ca[1].js")) returned 0xffffffff [0277.438] SetLastError (dwErrCode=0x2) [0277.438] GetLastError () returned 0x2 [0277.438] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0277.438] LocalFree (hMem=0x92fe20) returned 0x0 [0277.438] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0277.438] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0277.439] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\29903e7f[1].css")) returned 0x2020 [0277.474] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37237993561) returned 1 [0277.474] GetCurrentThreadId () returned 0x1130 [0277.474] GetCurrentThreadId () returned 0x1130 [0277.474] GetCurrentThreadId () returned 0x1130 [0277.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(CbA/K#V!nd№n,xZ^AN=C|w?pX,##kp54K^\\6GR", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0277.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(CbA/K#V!nd№n,xZ^AN=C|w?pX,##kp54K^\\6GR", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0277.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(CbA/K#V!nd№n,xZ^AN=C|w?pX,##kp54K^\\6GR", cchWideChar=39, lpMultiByteStr=0x2524fd0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="(CbA/K#V!ndâ\x84\x96n,xZ^AN=C|w?pX,##kp54K^\\6GR", lpUsedDefaultChar=0x0) returned 41 [0277.474] GetCurrentThreadId () returned 0x1130 [0277.474] GetCurrentThreadId () returned 0x1130 [0277.474] GetCurrentThreadId () returned 0x1130 [0277.474] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\29903e7f[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.474] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] malloc (_Size=0x64) returned 0x1d1338 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.477] GetCurrentThreadId () returned 0x1130 [0277.478] free (_Block=0x1d1338) [0277.478] malloc (_Size=0x60) returned 0x1d1338 [0277.478] free (_Block=0x1d1338) [0277.478] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.478] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1bc0 [0277.478] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.478] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.479] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1bc0 [0277.479] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0277.480] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x1bc0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x1bc0, lpOverlapped=0x0) returned 1 [0277.482] malloc (_Size=0x8c) returned 0x1d1338 [0277.482] malloc (_Size=0xfc) returned 0x31d71b0 [0277.482] malloc (_Size=0x40) returned 0x1d14e8 [0277.482] GetCurrentThreadId () returned 0x1130 [0277.482] GetCurrentThreadId () returned 0x1130 [0277.482] GetCurrentThreadId () returned 0x1130 [0277.482] GetCurrentThreadId () returned 0x1130 [0277.482] GetCurrentThreadId () returned 0x1130 [0277.482] GetCurrentThreadId () returned 0x1130 [0277.482] GetCurrentThreadId () returned 0x1130 [0277.482] GetCurrentThreadId () returned 0x1130 [0277.482] GetCurrentThreadId () returned 0x1130 [0277.483] GetCurrentThreadId () returned 0x1130 [0277.483] GetCurrentThreadId () returned 0x1130 [0277.483] GetCurrentThreadId () returned 0x1130 [0277.483] malloc (_Size=0xa5c) returned 0x1d9aa8 [0277.483] malloc (_Size=0x40) returned 0x1d7470 [0277.483] GetCurrentThreadId () returned 0x1130 [0277.483] GetCurrentThreadId () returned 0x1130 [0277.483] GetCurrentThreadId () returned 0x1130 [0277.483] GetCurrentThreadId () returned 0x1130 [0277.483] GetCurrentThreadId () returned 0x1130 [0277.483] GetCurrentThreadId () returned 0x1130 [0277.483] GetCurrentThreadId () returned 0x1130 [0277.484] GetCurrentThreadId () returned 0x1130 [0277.484] GetCurrentThreadId () returned 0x1130 [0277.484] GetCurrentThreadId () returned 0x1130 [0277.484] GetCurrentThreadId () returned 0x1130 [0277.484] GetCurrentThreadId () returned 0x1130 [0277.484] malloc (_Size=0xc) returned 0x31e1dc0 [0277.484] malloc (_Size=0x720) returned 0x31d2860 [0277.484] malloc (_Size=0xe3c) returned 0x1da510 [0277.484] free (_Block=0x31d2860) [0277.484] malloc (_Size=0x15ac) returned 0x1db358 [0277.485] free (_Block=0x1da510) [0277.485] malloc (_Size=0x23e4) returned 0x1dc910 [0277.485] free (_Block=0x1db358) [0277.485] malloc (_Size=0x321c) returned 0x31e40b0 [0277.486] free (_Block=0x1dc910) [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.486] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] free (_Block=0x1d9aa8) [0277.487] free (_Block=0x1d14e8) [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.487] GetCurrentThreadId () returned 0x1130 [0277.488] free (_Block=0x31e40b0) [0277.489] free (_Block=0x31e1dc0) [0277.489] free (_Block=0x1d7470) [0277.489] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba008*, nNumberOfBytesToWrite=0x25c1, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba008*, lpNumberOfBytesWritten=0x19fbbc*=0x25c1, lpOverlapped=0x0) returned 1 [0277.490] free (_Block=0x31d71b0) [0277.490] free (_Block=0x1d1338) [0277.490] CloseHandle (hObject=0x2b4) returned 1 [0277.490] CloseHandle (hObject=0x404) returned 1 [0277.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=8) returned 1 [0277.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=4) returned 1 [0277.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=8) returned 1 [0277.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=4) returned 1 [0277.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=8) returned 1 [0277.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=4) returned 1 [0277.491] SetLastError (dwErrCode=0x0) [0277.491] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", lpFilePart=0x19f9f8*="29903e7f[1].css") returned 0x94 [0277.491] GetLastError () returned 0x0 [0277.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=8) returned 1 [0277.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=4) returned 1 [0277.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=8) returned 1 [0277.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=4) returned 1 [0277.491] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1")) returned 0x2016 [0277.491] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\29903e7f[1].css")) returned 1 [0277.493] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x35, wMilliseconds=0x1c1)) [0277.493] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0277.493] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.493] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0277.493] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.493] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0277.494] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0277.494] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0277.494] CloseHandle (hObject=0x404) returned 1 [0277.494] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[29903e7f[1].css]omgp:[(CbA/K#V!nd№n,xZ^AN=C|w?pX,##kp54K^\\6GR]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0277.494] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[29903e7f[1].css]omgp:[(CbA/K#V!nd№n,xZ^AN=C|w?pX,##kp54K^\\6GR]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0277.494] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[29903e7f[1].css]omgp:[(CbA/K#V!nd№n,xZ^AN=C|w?pX,##kp54K^\\6GR]", cchWideChar=68, lpMultiByteStr=0x2541d78, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[29903e7f[1].css]omgp:[(CbA/K#V!nd?n,xZ^AN=C|w?pX,##kp54K^\\6GR]", lpUsedDefaultChar=0x0) returned 68 [0277.502] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0277.503] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk=") returned 172 [0277.503] GetCurrentThreadId () returned 0x1130 [0277.503] GetCurrentThreadId () returned 0x1130 [0277.503] GetCurrentThreadId () returned 0x1130 [0277.503] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.503] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.503] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.503] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.503] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.503] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.503] SetLastError (dwErrCode=0x0) [0277.503] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320") returned 0xd0 [0277.503] GetLastError () returned 0x0 [0277.503] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.503] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.503] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0277.503] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0277.503] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1")) returned 0x2016 [0277.504] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].wannacash ncov v310320")) returned 0x2020 [0277.504] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\Файл зашифрован. Пиши. Почта clubnika@elude.in [936].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0277.504] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0277.504] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.504] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x25c1 [0277.504] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0277.504] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0277.504] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.504] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.505] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.505] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.505] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.505] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.505] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.505] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3") returned 197 [0277.505] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0277.505] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3") returned 197 [0277.505] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x25c1 [0277.505] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.505] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0277.505] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:nVUWvJWMGzc8Y7g67YeN/o6E3eXCeQvkXcXL1ALV3KjoPZR6UI3ZFyk3o+YemI1P0aoDf/sTZ2IZs4W/3ZwHkhipstHrCxTBEfbHxfmxC71nG/J8rJzSCXp2h3XYrUnqmKO4f+5OtHO+DQiUZ/E1Vj9TzshTkuR11h10jvdWARk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0277.505] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0277.505] CloseHandle (hObject=0x404) returned 1 [0277.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=8) returned 1 [0277.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=4) returned 1 [0277.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=8) returned 1 [0277.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=4) returned 1 [0277.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=8) returned 1 [0277.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=4) returned 1 [0277.506] SetLastError (dwErrCode=0x0) [0277.506] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", lpFilePart=0x19fa34*="29903e7f[1].css") returned 0x94 [0277.506] GetLastError () returned 0x0 [0277.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=8) returned 1 [0277.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=4) returned 1 [0277.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=8) returned 1 [0277.506] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css", cchCount2=4) returned 1 [0277.506] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1")) returned 0x2016 [0277.506] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\29903e7f[1].css")) returned 0 [0277.506] GetLastError () returned 0x2 [0277.506] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\29903e7f[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\29903e7f[1].css")) returned 0xffffffff [0277.507] SetLastError (dwErrCode=0x2) [0277.507] GetLastError () returned 0x2 [0277.507] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0277.507] LocalFree (hMem=0x92fe20) returned 0x0 [0277.507] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0277.507] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0277.507] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\1\\532febaf[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\1\\532febaf[1].js")) returned 0x2020 [0277.512] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37241826234) returned 1 [0277.512] GetCurrentThreadId () returned 0x1130 [0277.512] GetCurrentThreadId () returned 0x1130 [0277.512] GetCurrentThreadId () returned 0x1130 [0277.512] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UE4<6V(}A7I\"Dh>EFsLCrdPG7K$jwu,L,$A}XmZlEFsLCrdPG7K$jwu,L,$A}XmZlEFsLCrdPG7K$jwu,L,$A}XmZlEFsLCrdPG7K$jwu,L,$A}XmZlEFsLCrdPG7K$jwu,L,$A}XmZlEFsLCrdPG7K$jwu,L,$A}XmZlEFsLCrdPG7K$jwu,L,$A}XmZlEFsLCrdPG7K$jwu,L,$A}XmZlvkILKiH=*IJ}h.", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0278.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="x+_q_S\"YA:uPH(Y>vkILKiH=*IJ}h.", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0278.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="x+_q_S\"YA:uPH(Y>vkILKiH=*IJ}h.", cchWideChar=30, lpMultiByteStr=0x250f7e8, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="x+_q_S\"YA:uPH(Y>vkILKiH=*IJ}h.", lpUsedDefaultChar=0x0) returned 30 [0278.468] GetCurrentThreadId () returned 0x1130 [0278.468] GetCurrentThreadId () returned 0x1130 [0278.468] GetCurrentThreadId () returned 0x1130 [0278.468] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\7023c300[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.468] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] malloc (_Size=0x64) returned 0x1d1338 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.471] GetCurrentThreadId () returned 0x1130 [0278.472] GetCurrentThreadId () returned 0x1130 [0278.472] GetCurrentThreadId () returned 0x1130 [0278.472] GetCurrentThreadId () returned 0x1130 [0278.472] free (_Block=0x1d1338) [0278.472] malloc (_Size=0x60) returned 0x1d1338 [0278.472] free (_Block=0x1d1338) [0278.472] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.472] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x111f9 [0278.472] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.472] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.472] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x111f9 [0278.472] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.472] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x111f9, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x111f9, lpOverlapped=0x0) returned 1 [0278.475] malloc (_Size=0x8c) returned 0x1d1338 [0278.475] malloc (_Size=0xfc) returned 0x31d7af8 [0278.475] malloc (_Size=0x40) returned 0x1d14e8 [0278.475] GetCurrentThreadId () returned 0x1130 [0278.475] GetCurrentThreadId () returned 0x1130 [0278.475] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] malloc (_Size=0xa5c) returned 0x1d9aa8 [0278.476] malloc (_Size=0x40) returned 0x1d7470 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] GetCurrentThreadId () returned 0x1130 [0278.476] malloc (_Size=0xc) returned 0x31e1dc0 [0278.477] malloc (_Size=0x720) returned 0x31d2860 [0278.477] malloc (_Size=0xe3c) returned 0x1da510 [0278.477] free (_Block=0x31d2860) [0278.477] malloc (_Size=0x15ac) returned 0x1db358 [0278.477] free (_Block=0x1da510) [0278.477] malloc (_Size=0x23e4) returned 0x1dc910 [0278.477] free (_Block=0x1db358) [0278.477] malloc (_Size=0x3274) returned 0x31e40b0 [0278.477] free (_Block=0x1dc910) [0278.480] malloc (_Size=0x4820) returned 0x1da510 [0278.481] free (_Block=0x31e40b0) [0278.481] malloc (_Size=0x64e4) returned 0x31e40b0 [0278.481] free (_Block=0x1da510) [0278.482] malloc (_Size=0x8920) returned 0x31ea5a0 [0278.482] free (_Block=0x31e40b0) [0278.482] malloc (_Size=0xbb90) returned 0x31f2ec8 [0278.483] free (_Block=0x31ea5a0) [0278.483] malloc (_Size=0xfc90) returned 0x31fea60 [0278.484] free (_Block=0x31f2ec8) [0278.484] malloc (_Size=0x1533c) returned 0x31e40b0 [0278.484] free (_Block=0x31fea60) [0278.484] malloc (_Size=0x1c704) returned 0x31f93f8 [0278.484] free (_Block=0x31e40b0) [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] GetCurrentThreadId () returned 0x1130 [0278.485] free (_Block=0x1d9aa8) [0278.485] free (_Block=0x1d14e8) [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.486] GetCurrentThreadId () returned 0x1130 [0278.487] free (_Block=0x31f93f8) [0278.487] free (_Block=0x31e1dc0) [0278.487] free (_Block=0x1d7470) [0278.487] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d8c08*, nNumberOfBytesToWrite=0x17322, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d8c08*, lpNumberOfBytesWritten=0x19fbbc*=0x17322, lpOverlapped=0x0) returned 1 [0278.490] free (_Block=0x31d7af8) [0278.490] free (_Block=0x1d1338) [0278.490] CloseHandle (hObject=0x2b4) returned 1 [0278.490] CloseHandle (hObject=0x404) returned 1 [0278.490] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=8) returned 1 [0278.490] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=4) returned 1 [0278.490] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=8) returned 1 [0278.490] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=4) returned 1 [0278.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=8) returned 1 [0278.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=4) returned 1 [0278.491] SetLastError (dwErrCode=0x0) [0278.491] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", lpFilePart=0x19f9f8*="7023c300[1].js") returned 0x93 [0278.491] GetLastError () returned 0x0 [0278.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=8) returned 1 [0278.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=4) returned 1 [0278.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=8) returned 1 [0278.491] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=4) returned 1 [0278.491] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.491] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\7023c300[1].js")) returned 1 [0278.494] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x36, wMilliseconds=0x1c1)) [0278.494] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0278.495] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.495] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0278.495] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.495] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0278.495] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.495] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0278.495] CloseHandle (hObject=0x404) returned 1 [0278.495] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[7023c300[1].js]omgp:[x+_q_S\"YA:uPH(Y>vkILKiH=*IJ}h.]", cchWideChar=58, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 58 [0278.495] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[7023c300[1].js]omgp:[x+_q_S\"YA:uPH(Y>vkILKiH=*IJ}h.]", cchWideChar=58, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 58 [0278.495] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[7023c300[1].js]omgp:[x+_q_S\"YA:uPH(Y>vkILKiH=*IJ}h.]", cchWideChar=58, lpMultiByteStr=0x2516968, cbMultiByte=58, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[7023c300[1].js]omgp:[x+_q_S\"YA:uPH(Y>vkILKiH=*IJ}h.]", lpUsedDefaultChar=0x0) returned 58 [0278.504] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0278.504] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U=") returned 172 [0278.504] GetCurrentThreadId () returned 0x1130 [0278.505] GetCurrentThreadId () returned 0x1130 [0278.505] GetCurrentThreadId () returned 0x1130 [0278.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.505] SetLastError (dwErrCode=0x0) [0278.505] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320") returned 0xd0 [0278.505] GetLastError () returned 0x0 [0278.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.505] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.505] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.506] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].wannacash ncov v310320")) returned 0x2020 [0278.506] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [950].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.506] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0278.506] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.506] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x17322 [0278.506] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.506] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0278.506] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.506] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.507] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.507] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.507] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3") returned 197 [0278.507] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.507] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3") returned 197 [0278.507] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x17322 [0278.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:o+wr/IlEgnDkJFhWZwJCbPJl/BUiOKytvGEdbWDLEysda/uUqB+78vMT3KfqIpGmUs7khBresCWkJZj/yBr7zvD6pIu/CTA/Zr7ez5absTbKZKKW3Qrn8LiAXrZ4TJ+ydZI90wk0dSN9q+5+c/ijW8tJTLiAzSJ0m9o0rpMOm1U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.507] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0278.507] CloseHandle (hObject=0x404) returned 1 [0278.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=8) returned 1 [0278.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=4) returned 1 [0278.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=8) returned 1 [0278.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=4) returned 1 [0278.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=8) returned 1 [0278.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=4) returned 1 [0278.508] SetLastError (dwErrCode=0x0) [0278.508] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", lpFilePart=0x19fa34*="7023c300[1].js") returned 0x93 [0278.508] GetLastError () returned 0x0 [0278.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=8) returned 1 [0278.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=4) returned 1 [0278.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=8) returned 1 [0278.508] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js", cchCount2=4) returned 1 [0278.508] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.508] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\7023c300[1].js")) returned 0 [0278.508] GetLastError () returned 0x2 [0278.509] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7023c300[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\7023c300[1].js")) returned 0xffffffff [0278.509] SetLastError (dwErrCode=0x2) [0278.509] GetLastError () returned 0x2 [0278.509] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0278.509] LocalFree (hMem=0x92fe20) returned 0x0 [0278.509] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0278.509] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0278.521] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\7590ff4a[1].js")) returned 0x2020 [0278.522] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37342777274) returned 1 [0278.522] GetCurrentThreadId () returned 0x1130 [0278.522] GetCurrentThreadId () returned 0x1130 [0278.522] GetCurrentThreadId () returned 0x1130 [0278.522] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hr%&Q||V##A^5S?^?NYf(kRJN4k?-J-(7/FRT", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0278.522] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hr%&Q||V##A^5S?^?NYf(kRJN4k?-J-(7/FRT", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0278.522] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hr%&Q||V##A^5S?^?NYf(kRJN4k?-J-(7/FRT", cchWideChar=37, lpMultiByteStr=0x2524fd0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hr%&Q||V##A^5S?^?NYf(kRJN4k?-J-(7/FRT", lpUsedDefaultChar=0x0) returned 37 [0278.522] GetCurrentThreadId () returned 0x1130 [0278.522] GetCurrentThreadId () returned 0x1130 [0278.522] GetCurrentThreadId () returned 0x1130 [0278.522] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\7590ff4a[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.522] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0278.523] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] malloc (_Size=0x64) returned 0x1d1338 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.524] GetCurrentThreadId () returned 0x1130 [0278.525] GetCurrentThreadId () returned 0x1130 [0278.525] GetCurrentThreadId () returned 0x1130 [0278.525] GetCurrentThreadId () returned 0x1130 [0278.525] free (_Block=0x1d1338) [0278.525] malloc (_Size=0x60) returned 0x1d1338 [0278.525] free (_Block=0x1d1338) [0278.525] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.525] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3e54 [0278.526] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.526] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.526] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3e54 [0278.526] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.526] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x3e54, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x3e54, lpOverlapped=0x0) returned 1 [0278.528] malloc (_Size=0x8c) returned 0x1d1338 [0278.528] malloc (_Size=0xfc) returned 0x31d7d08 [0278.528] malloc (_Size=0x40) returned 0x1d14e8 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.528] GetCurrentThreadId () returned 0x1130 [0278.529] malloc (_Size=0xa5c) returned 0x1d9aa8 [0278.529] malloc (_Size=0x40) returned 0x1d7470 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] GetCurrentThreadId () returned 0x1130 [0278.529] malloc (_Size=0xc) returned 0x31e1ca0 [0278.529] malloc (_Size=0x720) returned 0x31d2860 [0278.529] malloc (_Size=0xe3c) returned 0x1da510 [0278.529] free (_Block=0x31d2860) [0278.529] malloc (_Size=0x15ac) returned 0x1db358 [0278.529] free (_Block=0x1da510) [0278.530] malloc (_Size=0x23e4) returned 0x1dc910 [0278.530] free (_Block=0x1db358) [0278.530] malloc (_Size=0x3274) returned 0x31e40b0 [0278.530] free (_Block=0x1dc910) [0278.531] malloc (_Size=0x4820) returned 0x1da510 [0278.532] free (_Block=0x31e40b0) [0278.532] malloc (_Size=0x64e4) returned 0x31e40b0 [0278.533] free (_Block=0x1da510) [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] free (_Block=0x1d9aa8) [0278.533] free (_Block=0x1d14e8) [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.533] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] GetCurrentThreadId () returned 0x1130 [0278.534] free (_Block=0x31e40b0) [0278.535] free (_Block=0x31e1ca0) [0278.535] free (_Block=0x1d7470) [0278.535] WriteFile (in: hFile=0x2b4, lpBuffer=0x39be608*, nNumberOfBytesToWrite=0x548d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39be608*, lpNumberOfBytesWritten=0x19fbbc*=0x548d, lpOverlapped=0x0) returned 1 [0278.537] free (_Block=0x31d7d08) [0278.537] free (_Block=0x1d1338) [0278.537] CloseHandle (hObject=0x2b4) returned 1 [0278.537] CloseHandle (hObject=0x404) returned 1 [0278.537] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=8) returned 1 [0278.537] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=4) returned 1 [0278.537] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=8) returned 1 [0278.537] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=4) returned 1 [0278.537] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=8) returned 1 [0278.537] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=4) returned 1 [0278.537] SetLastError (dwErrCode=0x0) [0278.538] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", lpFilePart=0x19f9f8*="7590ff4a[1].js") returned 0x93 [0278.538] GetLastError () returned 0x0 [0278.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=8) returned 1 [0278.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=4) returned 1 [0278.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=8) returned 1 [0278.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=4) returned 1 [0278.538] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.538] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\7590ff4a[1].js")) returned 1 [0278.540] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x36, wMilliseconds=0x1f0)) [0278.540] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0278.540] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.540] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0278.540] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.540] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0278.540] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.540] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0278.540] CloseHandle (hObject=0x404) returned 1 [0278.541] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[7590ff4a[1].js]omgp:[hr%&Q||V##A^5S?^?NYf(kRJN4k?-J-(7/FRT]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0278.542] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[7590ff4a[1].js]omgp:[hr%&Q||V##A^5S?^?NYf(kRJN4k?-J-(7/FRT]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0278.542] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[7590ff4a[1].js]omgp:[hr%&Q||V##A^5S?^?NYf(kRJN4k?-J-(7/FRT]", cchWideChar=65, lpMultiByteStr=0x2541be8, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[7590ff4a[1].js]omgp:[hr%&Q||V##A^5S?^?NYf(kRJN4k?-J-(7/FRT]", lpUsedDefaultChar=0x0) returned 65 [0278.551] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0278.551] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA=") returned 172 [0278.551] GetCurrentThreadId () returned 0x1130 [0278.551] GetCurrentThreadId () returned 0x1130 [0278.551] GetCurrentThreadId () returned 0x1130 [0278.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.551] SetLastError (dwErrCode=0x0) [0278.551] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320") returned 0xd0 [0278.551] GetLastError () returned 0x0 [0278.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.551] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.552] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.552] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.552] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].wannacash ncov v310320")) returned 0x2020 [0278.552] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [951].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.552] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0278.552] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.552] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x548d [0278.553] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.553] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0278.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.553] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.553] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.553] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.553] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.553] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3") returned 197 [0278.553] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.553] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3") returned 197 [0278.553] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x548d [0278.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.553] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:/E0VSykwsS5jGfMU9bMCHXwPHS71UbqOSXkgPFWGEgp3rQHliaXcr2pM0xwd73kACcVbBZwFcLpHh2mwiDhVyRa7yP676TAE3Cx9BQp7ZmOY9SoPYU+y33aRgYHRXnylNWA1FHp8ICFVh3ZlUl4/b64FOa5DAMXtcL9wc7/PsVA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.553] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0278.554] CloseHandle (hObject=0x404) returned 1 [0278.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=8) returned 1 [0278.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=4) returned 1 [0278.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=8) returned 1 [0278.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=4) returned 1 [0278.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=8) returned 1 [0278.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=4) returned 1 [0278.554] SetLastError (dwErrCode=0x0) [0278.554] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", lpFilePart=0x19fa34*="7590ff4a[1].js") returned 0x93 [0278.554] GetLastError () returned 0x0 [0278.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=8) returned 1 [0278.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=4) returned 1 [0278.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=8) returned 1 [0278.554] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js", cchCount2=4) returned 1 [0278.554] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.555] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\7590ff4a[1].js")) returned 0 [0278.555] GetLastError () returned 0x2 [0278.555] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\7590ff4a[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\7590ff4a[1].js")) returned 0xffffffff [0278.555] SetLastError (dwErrCode=0x2) [0278.555] GetLastError () returned 0x2 [0278.555] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0278.555] LocalFree (hMem=0x92fe20) returned 0x0 [0278.555] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0278.555] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0278.556] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\9101d3f2[1].js")) returned 0x2020 [0278.562] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37346790058) returned 1 [0278.562] GetCurrentThreadId () returned 0x1130 [0278.562] GetCurrentThreadId () returned 0x1130 [0278.562] GetCurrentThreadId () returned 0x1130 [0278.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UcRz5^_oVg&7:Sr7@H|pQ\"N\"ag", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0278.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UcRz5^_oVg&7:Sr7@H|pQ\"N\"ag", cchWideChar=26, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0278.562] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UcRz5^_oVg&7:Sr7@H|pQ\"N\"ag", cchWideChar=26, lpMultiByteStr=0x2508ee8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UcRz5^_oVg&7:Sr7@H|pQ\"N\"ag", lpUsedDefaultChar=0x0) returned 26 [0278.562] GetCurrentThreadId () returned 0x1130 [0278.562] GetCurrentThreadId () returned 0x1130 [0278.562] GetCurrentThreadId () returned 0x1130 [0278.562] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\9101d3f2[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.562] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0278.563] GetCurrentThreadId () returned 0x1130 [0278.563] GetCurrentThreadId () returned 0x1130 [0278.563] GetCurrentThreadId () returned 0x1130 [0278.563] GetCurrentThreadId () returned 0x1130 [0278.563] GetCurrentThreadId () returned 0x1130 [0278.563] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] malloc (_Size=0x64) returned 0x1d1338 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] GetCurrentThreadId () returned 0x1130 [0278.564] free (_Block=0x1d1338) [0278.564] malloc (_Size=0x60) returned 0x1d1338 [0278.564] free (_Block=0x1d1338) [0278.564] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.565] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x48d2 [0278.565] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.565] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.565] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x48d2 [0278.565] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.565] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x48d2, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x48d2, lpOverlapped=0x0) returned 1 [0278.567] malloc (_Size=0x8c) returned 0x1d1338 [0278.568] malloc (_Size=0xfc) returned 0x31d77e0 [0278.568] malloc (_Size=0x40) returned 0x1d14e8 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] GetCurrentThreadId () returned 0x1130 [0278.568] malloc (_Size=0xa5c) returned 0x1d9aa8 [0278.569] malloc (_Size=0x40) returned 0x1d7470 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] GetCurrentThreadId () returned 0x1130 [0278.569] malloc (_Size=0xc) returned 0x31e1dc0 [0278.569] malloc (_Size=0x720) returned 0x31d2860 [0278.569] malloc (_Size=0xe3c) returned 0x1da510 [0278.569] free (_Block=0x31d2860) [0278.570] malloc (_Size=0x15ac) returned 0x1db358 [0278.570] free (_Block=0x1da510) [0278.570] malloc (_Size=0x23e4) returned 0x1dc910 [0278.570] free (_Block=0x1db358) [0278.570] malloc (_Size=0x3274) returned 0x31e40b0 [0278.571] free (_Block=0x1dc910) [0278.571] malloc (_Size=0x4820) returned 0x1da510 [0278.571] free (_Block=0x31e40b0) [0278.571] malloc (_Size=0x64e4) returned 0x31e40b0 [0278.571] free (_Block=0x1da510) [0278.571] GetCurrentThreadId () returned 0x1130 [0278.571] GetCurrentThreadId () returned 0x1130 [0278.571] GetCurrentThreadId () returned 0x1130 [0278.571] GetCurrentThreadId () returned 0x1130 [0278.571] GetCurrentThreadId () returned 0x1130 [0278.571] GetCurrentThreadId () returned 0x1130 [0278.571] GetCurrentThreadId () returned 0x1130 [0278.571] GetCurrentThreadId () returned 0x1130 [0278.572] GetCurrentThreadId () returned 0x1130 [0278.572] GetCurrentThreadId () returned 0x1130 [0278.572] GetCurrentThreadId () returned 0x1130 [0278.572] GetCurrentThreadId () returned 0x1130 [0278.572] GetCurrentThreadId () returned 0x1130 [0278.572] GetCurrentThreadId () returned 0x1130 [0278.572] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] free (_Block=0x1d9aa8) [0278.573] free (_Block=0x1d14e8) [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.573] GetCurrentThreadId () returned 0x1130 [0278.574] free (_Block=0x31e40b0) [0278.574] free (_Block=0x31e1dc0) [0278.574] free (_Block=0x1d7470) [0278.574] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bfa08*, nNumberOfBytesToWrite=0x62c5, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bfa08*, lpNumberOfBytesWritten=0x19fbbc*=0x62c5, lpOverlapped=0x0) returned 1 [0278.576] free (_Block=0x31d77e0) [0278.576] free (_Block=0x1d1338) [0278.576] CloseHandle (hObject=0x2b4) returned 1 [0278.577] CloseHandle (hObject=0x404) returned 1 [0278.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=8) returned 1 [0278.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=4) returned 1 [0278.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=8) returned 1 [0278.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=4) returned 1 [0278.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=8) returned 1 [0278.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=4) returned 1 [0278.577] SetLastError (dwErrCode=0x0) [0278.577] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", lpFilePart=0x19f9f8*="9101d3f2[1].js") returned 0x93 [0278.577] GetLastError () returned 0x0 [0278.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=8) returned 1 [0278.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=4) returned 1 [0278.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=8) returned 1 [0278.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=4) returned 1 [0278.577] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.578] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\9101d3f2[1].js")) returned 1 [0278.579] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x36, wMilliseconds=0x21f)) [0278.580] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0278.580] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.580] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0278.580] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.580] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0278.580] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.580] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0278.580] CloseHandle (hObject=0x404) returned 1 [0278.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9101d3f2[1].js]omgp:[UcRz5^_oVg&7:Sr7@H|pQ\"N\"ag]", cchWideChar=54, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0278.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9101d3f2[1].js]omgp:[UcRz5^_oVg&7:Sr7@H|pQ\"N\"ag]", cchWideChar=54, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0278.580] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[9101d3f2[1].js]omgp:[UcRz5^_oVg&7:Sr7@H|pQ\"N\"ag]", cchWideChar=54, lpMultiByteStr=0x25169f8, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[9101d3f2[1].js]omgp:[UcRz5^_oVg&7:Sr7@H|pQ\"N\"ag]", lpUsedDefaultChar=0x0) returned 54 [0278.590] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0278.590] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs=") returned 172 [0278.590] GetCurrentThreadId () returned 0x1130 [0278.590] GetCurrentThreadId () returned 0x1130 [0278.590] GetCurrentThreadId () returned 0x1130 [0278.590] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.590] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.590] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.591] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.591] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.591] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.591] SetLastError (dwErrCode=0x0) [0278.591] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320") returned 0xd0 [0278.591] GetLastError () returned 0x0 [0278.591] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.591] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.591] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.591] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.591] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.591] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].wannacash ncov v310320")) returned 0x2020 [0278.591] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [952].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.592] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0278.592] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.592] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x62c5 [0278.592] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.592] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0278.592] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.592] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.592] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.592] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.592] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.592] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.592] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.593] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3") returned 197 [0278.593] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.593] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3") returned 197 [0278.593] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x62c5 [0278.593] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.593] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.593] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:uKQ3j2kLPf56PMXGvW6K550rvAMnLXIBzUUc+kNfZc5JLkEfTc/LMgeanB0/edywqltUmeQaWSlH7EGGso8gRMwWevgKW/aJvfZAlk8sz/rWWrLHlZk9kvKjycCHUpqfP/AScEwP/QyASwE6iOP/QCOeJ6o8V/TnaZJOAGzspWs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.593] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0278.593] CloseHandle (hObject=0x404) returned 1 [0278.593] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=8) returned 1 [0278.593] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=4) returned 1 [0278.593] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=8) returned 1 [0278.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=4) returned 1 [0278.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=8) returned 1 [0278.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=4) returned 1 [0278.594] SetLastError (dwErrCode=0x0) [0278.594] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", lpFilePart=0x19fa34*="9101d3f2[1].js") returned 0x93 [0278.594] GetLastError () returned 0x0 [0278.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=8) returned 1 [0278.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=4) returned 1 [0278.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=8) returned 1 [0278.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js", cchCount2=4) returned 1 [0278.594] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.594] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\9101d3f2[1].js")) returned 0 [0278.594] GetLastError () returned 0x2 [0278.594] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\9101d3f2[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\9101d3f2[1].js")) returned 0xffffffff [0278.594] SetLastError (dwErrCode=0x2) [0278.594] GetLastError () returned 0x2 [0278.595] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0278.595] LocalFree (hMem=0x92fe20) returned 0x0 [0278.595] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0278.595] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0278.595] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\a110dd27[1].css")) returned 0x2020 [0278.596] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37350218217) returned 1 [0278.596] GetCurrentThreadId () returned 0x1130 [0278.596] GetCurrentThreadId () returned 0x1130 [0278.596] GetCurrentThreadId () returned 0x1130 [0278.596] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="p/~Z<(}&AcUMF№;S+Hk{j|9ohk>aIv?pQ1", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0278.596] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="p/~Z<(}&AcUMF№;S+Hk{j|9ohk>aIv?pQ1", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0278.596] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="p/~Z<(}&AcUMF№;S+Hk{j|9ohk>aIv?pQ1", cchWideChar=34, lpMultiByteStr=0x250f7b8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="p/~Z<(}&AcUMFâ\x84\x96;S+Hk{j|9ohk>aIv?pQ1@óP\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 36 [0278.596] GetCurrentThreadId () returned 0x1130 [0278.596] GetCurrentThreadId () returned 0x1130 [0278.596] GetCurrentThreadId () returned 0x1130 [0278.596] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\a110dd27[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.597] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] malloc (_Size=0x64) returned 0x1d1338 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.598] GetCurrentThreadId () returned 0x1130 [0278.599] GetCurrentThreadId () returned 0x1130 [0278.599] GetCurrentThreadId () returned 0x1130 [0278.599] GetCurrentThreadId () returned 0x1130 [0278.599] GetCurrentThreadId () returned 0x1130 [0278.599] free (_Block=0x1d1338) [0278.599] malloc (_Size=0x60) returned 0x1d1338 [0278.599] free (_Block=0x1d1338) [0278.599] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.599] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x4dba [0278.599] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.599] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.600] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x4dba [0278.600] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.600] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x4dba, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x4dba, lpOverlapped=0x0) returned 1 [0278.611] malloc (_Size=0x8c) returned 0x1d1338 [0278.611] malloc (_Size=0xfc) returned 0x31d78e8 [0278.611] malloc (_Size=0x40) returned 0x1d14e8 [0278.611] GetCurrentThreadId () returned 0x1130 [0278.612] GetCurrentThreadId () returned 0x1130 [0278.612] GetCurrentThreadId () returned 0x1130 [0278.612] GetCurrentThreadId () returned 0x1130 [0278.612] GetCurrentThreadId () returned 0x1130 [0278.612] GetCurrentThreadId () returned 0x1130 [0278.612] GetCurrentThreadId () returned 0x1130 [0278.612] GetCurrentThreadId () returned 0x1130 [0278.612] GetCurrentThreadId () returned 0x1130 [0278.612] GetCurrentThreadId () returned 0x1130 [0278.612] GetCurrentThreadId () returned 0x1130 [0278.612] GetCurrentThreadId () returned 0x1130 [0278.612] malloc (_Size=0xa5c) returned 0x1d9aa8 [0278.613] malloc (_Size=0x40) returned 0x1d7470 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] GetCurrentThreadId () returned 0x1130 [0278.613] malloc (_Size=0xc) returned 0x31e1dc0 [0278.614] malloc (_Size=0x720) returned 0x31d2860 [0278.614] malloc (_Size=0xe3c) returned 0x1da510 [0278.614] free (_Block=0x31d2860) [0278.614] malloc (_Size=0x15ac) returned 0x1db358 [0278.614] free (_Block=0x1da510) [0278.614] malloc (_Size=0x23e4) returned 0x1dc910 [0278.614] free (_Block=0x1db358) [0278.614] malloc (_Size=0x3274) returned 0x31e40b0 [0278.615] free (_Block=0x1dc910) [0278.615] malloc (_Size=0x4820) returned 0x1da510 [0278.615] free (_Block=0x31e40b0) [0278.615] malloc (_Size=0x64e4) returned 0x31e40b0 [0278.616] free (_Block=0x1da510) [0278.616] malloc (_Size=0x8920) returned 0x31ea5a0 [0278.616] free (_Block=0x31e40b0) [0278.616] GetCurrentThreadId () returned 0x1130 [0278.616] GetCurrentThreadId () returned 0x1130 [0278.616] GetCurrentThreadId () returned 0x1130 [0278.616] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] free (_Block=0x1d9aa8) [0278.617] free (_Block=0x1d14e8) [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.617] GetCurrentThreadId () returned 0x1130 [0278.618] GetCurrentThreadId () returned 0x1130 [0278.618] GetCurrentThreadId () returned 0x1130 [0278.618] GetCurrentThreadId () returned 0x1130 [0278.618] GetCurrentThreadId () returned 0x1130 [0278.618] GetCurrentThreadId () returned 0x1130 [0278.618] GetCurrentThreadId () returned 0x1130 [0278.618] GetCurrentThreadId () returned 0x1130 [0278.618] GetCurrentThreadId () returned 0x1130 [0278.618] GetCurrentThreadId () returned 0x1130 [0278.618] GetCurrentThreadId () returned 0x1130 [0278.618] GetCurrentThreadId () returned 0x1130 [0278.618] free (_Block=0x31ea5a0) [0278.619] free (_Block=0x31e1dc0) [0278.619] free (_Block=0x1d7470) [0278.619] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c0408*, nNumberOfBytesToWrite=0x695f, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c0408*, lpNumberOfBytesWritten=0x19fbbc*=0x695f, lpOverlapped=0x0) returned 1 [0278.622] free (_Block=0x31d78e8) [0278.622] free (_Block=0x1d1338) [0278.622] CloseHandle (hObject=0x2b4) returned 1 [0278.622] CloseHandle (hObject=0x404) returned 1 [0278.622] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=8) returned 1 [0278.622] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=4) returned 1 [0278.622] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=8) returned 1 [0278.622] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=4) returned 1 [0278.622] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=8) returned 1 [0278.622] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=4) returned 1 [0278.622] SetLastError (dwErrCode=0x0) [0278.623] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", lpFilePart=0x19f9f8*="a110dd27[1].css") returned 0x94 [0278.623] GetLastError () returned 0x0 [0278.623] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=8) returned 1 [0278.623] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=4) returned 1 [0278.623] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=8) returned 1 [0278.623] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=4) returned 1 [0278.623] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.623] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\a110dd27[1].css")) returned 1 [0278.625] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x36, wMilliseconds=0x24e)) [0278.625] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0278.625] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.625] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0278.625] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.625] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0278.625] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.625] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0278.625] CloseHandle (hObject=0x404) returned 1 [0278.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[a110dd27[1].css]omgp:[p/~Z<(}&AcUMF№;S+Hk{j|9ohk>aIv?pQ1]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0278.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[a110dd27[1].css]omgp:[p/~Z<(}&AcUMF№;S+Hk{j|9ohk>aIv?pQ1]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0278.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[a110dd27[1].css]omgp:[p/~Z<(}&AcUMF№;S+Hk{j|9ohk>aIv?pQ1]", cchWideChar=63, lpMultiByteStr=0x2541be8, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[a110dd27[1].css]omgp:[p/~Z<(}&AcUMF?;S+Hk{j|9ohk>aIv?pQ1]T]", lpUsedDefaultChar=0x0) returned 63 [0278.633] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0278.633] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc=") returned 172 [0278.633] GetCurrentThreadId () returned 0x1130 [0278.634] GetCurrentThreadId () returned 0x1130 [0278.634] GetCurrentThreadId () returned 0x1130 [0278.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.634] SetLastError (dwErrCode=0x0) [0278.634] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320") returned 0xd0 [0278.634] GetLastError () returned 0x0 [0278.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.634] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.635] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].wannacash ncov v310320")) returned 0x2020 [0278.635] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [953].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.635] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0278.635] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.635] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x695f [0278.635] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.635] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0278.635] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.635] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.635] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.636] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.636] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.636] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3") returned 197 [0278.636] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.636] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3") returned 197 [0278.636] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x695f [0278.636] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.636] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.636] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:qbdi2LMl9AQjBwh2f/n2avGoN/vRUHuX9fIgDHiV43WFU0BlsBMTxQPTwbtAkjB+94VpCSe7AIqw1t9mOw80DWYFeeC5QZf8pTVfZ1f1mZP9TduBKMWbk94ChP7sIx3WukNdxNibfEdrunQucxbYbVjYHabH/tEFZevlQQRN4Yc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.636] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0278.636] CloseHandle (hObject=0x404) returned 1 [0278.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=8) returned 1 [0278.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=4) returned 1 [0278.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=8) returned 1 [0278.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=4) returned 1 [0278.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=8) returned 1 [0278.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=4) returned 1 [0278.637] SetLastError (dwErrCode=0x0) [0278.637] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", lpFilePart=0x19fa34*="a110dd27[1].css") returned 0x94 [0278.637] GetLastError () returned 0x0 [0278.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=8) returned 1 [0278.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=4) returned 1 [0278.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=8) returned 1 [0278.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css", cchCount2=4) returned 1 [0278.637] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.637] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\a110dd27[1].css")) returned 0 [0278.637] GetLastError () returned 0x2 [0278.637] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\a110dd27[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\a110dd27[1].css")) returned 0xffffffff [0278.637] SetLastError (dwErrCode=0x2) [0278.637] GetLastError () returned 0x2 [0278.637] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0278.637] LocalFree (hMem=0x92fe20) returned 0x0 [0278.637] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0278.638] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0278.638] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\cf4a24b4[1].js")) returned 0x2020 [0278.638] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37354452891) returned 1 [0278.638] GetCurrentThreadId () returned 0x1130 [0278.638] GetCurrentThreadId () returned 0x1130 [0278.639] GetCurrentThreadId () returned 0x1130 [0278.639] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="//KE)7A-IC№wxp@i{_Ow;#9P>Py", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0278.639] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="//KE)7A-IC№wxp@i{_Ow;#9P>Py", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0278.639] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="//KE)7A-IC№wxp@i{_Ow;#9P>Py", cchWideChar=27, lpMultiByteStr=0x250f7e8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="//KE)7A-ICâ\x84\x96wxp@i{_Ow;#9P>Py", lpUsedDefaultChar=0x0) returned 29 [0278.639] GetCurrentThreadId () returned 0x1130 [0278.639] GetCurrentThreadId () returned 0x1130 [0278.639] GetCurrentThreadId () returned 0x1130 [0278.639] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\cf4a24b4[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.639] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] malloc (_Size=0x64) returned 0x1d1338 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.640] GetCurrentThreadId () returned 0x1130 [0278.641] GetCurrentThreadId () returned 0x1130 [0278.641] GetCurrentThreadId () returned 0x1130 [0278.641] GetCurrentThreadId () returned 0x1130 [0278.641] free (_Block=0x1d1338) [0278.641] malloc (_Size=0x60) returned 0x1d1338 [0278.641] free (_Block=0x1d1338) [0278.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x27e1f [0278.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x27e1f [0278.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.641] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x27e1f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x27e1f, lpOverlapped=0x0) returned 1 [0278.643] malloc (_Size=0x8c) returned 0x1d1338 [0278.643] malloc (_Size=0xfc) returned 0x31d7f18 [0278.644] malloc (_Size=0x40) returned 0x1d14e8 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] GetCurrentThreadId () returned 0x1130 [0278.644] malloc (_Size=0xa5c) returned 0x1d9aa8 [0278.645] malloc (_Size=0x40) returned 0x1d7470 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] GetCurrentThreadId () returned 0x1130 [0278.645] malloc (_Size=0xc) returned 0x31e1e80 [0278.645] malloc (_Size=0x720) returned 0x31d2860 [0278.645] malloc (_Size=0xe3c) returned 0x1da510 [0278.645] free (_Block=0x31d2860) [0278.646] malloc (_Size=0x15ac) returned 0x1db358 [0278.646] free (_Block=0x1da510) [0278.646] malloc (_Size=0x23e4) returned 0x1dc910 [0278.646] free (_Block=0x1db358) [0278.646] malloc (_Size=0x3274) returned 0x31e40b0 [0278.647] free (_Block=0x1dc910) [0278.647] malloc (_Size=0x4820) returned 0x1da510 [0278.647] free (_Block=0x31e40b0) [0278.647] malloc (_Size=0x64e4) returned 0x31e40b0 [0278.647] free (_Block=0x1da510) [0278.647] malloc (_Size=0x8920) returned 0x31ea5a0 [0278.648] free (_Block=0x31e40b0) [0278.649] malloc (_Size=0xbb90) returned 0x31f2ec8 [0278.650] free (_Block=0x31ea5a0) [0278.685] malloc (_Size=0xfc90) returned 0x31fea60 [0278.686] free (_Block=0x31f2ec8) [0278.687] malloc (_Size=0x1533c) returned 0x31e40b0 [0278.688] free (_Block=0x31fea60) [0278.688] malloc (_Size=0x1c704) returned 0x31f93f8 [0278.688] free (_Block=0x31e40b0) [0278.688] malloc (_Size=0x265c8) returned 0x3a60048 [0278.690] free (_Block=0x31f93f8) [0278.691] malloc (_Size=0x33758) returned 0x31e40b0 [0278.691] free (_Block=0x3a60048) [0278.691] malloc (_Size=0x45104) returned 0x3a60048 [0278.692] free (_Block=0x31e40b0) [0278.692] GetCurrentThreadId () returned 0x1130 [0278.692] GetCurrentThreadId () returned 0x1130 [0278.692] GetCurrentThreadId () returned 0x1130 [0278.692] GetCurrentThreadId () returned 0x1130 [0278.692] GetCurrentThreadId () returned 0x1130 [0278.692] GetCurrentThreadId () returned 0x1130 [0278.692] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] free (_Block=0x1d9aa8) [0278.693] free (_Block=0x1d14e8) [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.693] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.694] GetCurrentThreadId () returned 0x1130 [0278.695] free (_Block=0x3a60048) [0278.695] free (_Block=0x31e1e80) [0278.695] free (_Block=0x1d7470) [0278.695] WriteFile (in: hFile=0x2b4, lpBuffer=0x3a06508*, nNumberOfBytesToWrite=0x36038, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x3a06508*, lpNumberOfBytesWritten=0x19fbbc*=0x36038, lpOverlapped=0x0) returned 1 [0278.701] free (_Block=0x31d7f18) [0278.701] free (_Block=0x1d1338) [0278.701] CloseHandle (hObject=0x2b4) returned 1 [0278.701] CloseHandle (hObject=0x404) returned 1 [0278.701] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=8) returned 1 [0278.701] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=4) returned 1 [0278.701] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=8) returned 1 [0278.701] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=4) returned 1 [0278.701] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=8) returned 1 [0278.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=4) returned 1 [0278.702] SetLastError (dwErrCode=0x0) [0278.702] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", lpFilePart=0x19f9f8*="cf4a24b4[1].js") returned 0x93 [0278.702] GetLastError () returned 0x0 [0278.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=8) returned 1 [0278.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=4) returned 1 [0278.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=8) returned 1 [0278.702] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=4) returned 1 [0278.702] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.702] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\cf4a24b4[1].js")) returned 1 [0278.704] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x36, wMilliseconds=0x29c)) [0278.704] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0278.704] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.704] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0278.704] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.705] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0278.705] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.705] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0278.705] CloseHandle (hObject=0x404) returned 1 [0278.705] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cf4a24b4[1].js]omgp:[//KE)7A-IC№wxp@i{_Ow;#9P>Py]", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0278.705] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cf4a24b4[1].js]omgp:[//KE)7A-IC№wxp@i{_Ow;#9P>Py]", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0278.705] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[cf4a24b4[1].js]omgp:[//KE)7A-IC№wxp@i{_Ow;#9P>Py]", cchWideChar=55, lpMultiByteStr=0x2516b60, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[cf4a24b4[1].js]omgp:[//KE)7A-IC?wxp@i{_Ow;#9P>Py]", lpUsedDefaultChar=0x0) returned 55 [0278.713] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0278.713] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4=") returned 172 [0278.714] GetCurrentThreadId () returned 0x1130 [0278.714] GetCurrentThreadId () returned 0x1130 [0278.714] GetCurrentThreadId () returned 0x1130 [0278.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.714] SetLastError (dwErrCode=0x0) [0278.714] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320") returned 0xd0 [0278.714] GetLastError () returned 0x0 [0278.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.714] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.714] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.714] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].wannacash ncov v310320")) returned 0x2020 [0278.714] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [954].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.715] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0278.715] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.715] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x36038 [0278.715] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.715] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0278.715] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.715] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.715] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.715] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.715] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.715] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.715] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.715] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3") returned 197 [0278.715] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.715] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3") returned 197 [0278.715] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x36038 [0278.715] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.716] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.716] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VXRF6v95Os/GROuCxutFH05hD2gdPUIFRyCYOPyFA6CBv0kgivdhA053j57RZsVAk4xGVBwulCJ6S0Zd4a6K3LXJOZGv5mGmfaWpQ7IPaFL0bnWf7CYMHtE2qPMvWdKpkVoH9qFLBFhaWD0N+UUXPrSZDNWVkgDfX+xnBWHfZD4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.716] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0278.716] CloseHandle (hObject=0x404) returned 1 [0278.716] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=8) returned 1 [0278.716] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=4) returned 1 [0278.716] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=8) returned 1 [0278.716] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=4) returned 1 [0278.716] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=8) returned 1 [0278.716] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=4) returned 1 [0278.716] SetLastError (dwErrCode=0x0) [0278.716] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", lpFilePart=0x19fa34*="cf4a24b4[1].js") returned 0x93 [0278.716] GetLastError () returned 0x0 [0278.716] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=8) returned 1 [0278.716] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=4) returned 1 [0278.716] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=8) returned 1 [0278.717] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js", cchCount2=4) returned 1 [0278.717] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.717] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\cf4a24b4[1].js")) returned 0 [0278.717] GetLastError () returned 0x2 [0278.717] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\cf4a24b4[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\cf4a24b4[1].js")) returned 0xffffffff [0278.717] SetLastError (dwErrCode=0x2) [0278.717] GetLastError () returned 0x2 [0278.717] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0278.717] LocalFree (hMem=0x92fe20) returned 0x0 [0278.717] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0278.718] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0278.718] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\container.dat")) returned 0x2026 [0278.729] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37363501084) returned 1 [0278.729] GetCurrentThreadId () returned 0x1130 [0278.729] GetCurrentThreadId () returned 0x1130 [0278.729] GetCurrentThreadId () returned 0x1130 [0278.729] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="8#9t~+NP^m?FZ$№$iM`y6Ty?B~a+~!X", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0278.754] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№?p-F});\\1p\"5Ub6jlg.>?FZ$№$iM`y6Ty?B~a+~!X", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0278.754] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№?p-F});\\1p\"5Ub6jlg.>?FZ$№$iM`y6Ty?B~a+~!X", cchWideChar=42, lpMultiByteStr=0x25337d8, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="â\x84\x96?p-F});\\1p\"5Ub6jlg.>?FZ$â\x84\x96$iM`y6Ty?B~a+~!X", lpUsedDefaultChar=0x0) returned 46 [0278.754] GetCurrentThreadId () returned 0x1130 [0278.754] GetCurrentThreadId () returned 0x1130 [0278.754] GetCurrentThreadId () returned 0x1130 [0278.754] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\d1fe715e[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.754] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] malloc (_Size=0x64) returned 0x1d1338 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] GetCurrentThreadId () returned 0x1130 [0278.755] free (_Block=0x1d1338) [0278.755] malloc (_Size=0x60) returned 0x1d1338 [0278.756] free (_Block=0x1d1338) [0278.756] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.756] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x98fb [0278.756] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.756] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.756] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x98fb [0278.756] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.756] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x98fb, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x98fb, lpOverlapped=0x0) returned 1 [0278.758] malloc (_Size=0x8c) returned 0x1d1338 [0278.758] malloc (_Size=0xfc) returned 0x31d7c00 [0278.759] malloc (_Size=0x40) returned 0x1d14e8 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] GetCurrentThreadId () returned 0x1130 [0278.759] malloc (_Size=0xa5c) returned 0x1d9aa8 [0278.760] malloc (_Size=0x40) returned 0x1d7470 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] GetCurrentThreadId () returned 0x1130 [0278.760] malloc (_Size=0xc) returned 0x31e1e98 [0278.761] malloc (_Size=0x720) returned 0x31d2860 [0278.761] malloc (_Size=0xe3c) returned 0x1da510 [0278.761] free (_Block=0x31d2860) [0278.761] malloc (_Size=0x15ac) returned 0x1db358 [0278.761] free (_Block=0x1da510) [0278.761] malloc (_Size=0x23e4) returned 0x1dc910 [0278.761] free (_Block=0x1db358) [0278.761] malloc (_Size=0x3274) returned 0x31e40b0 [0278.762] free (_Block=0x1dc910) [0278.762] malloc (_Size=0x4820) returned 0x1da510 [0278.762] free (_Block=0x31e40b0) [0278.762] malloc (_Size=0x64e4) returned 0x31e40b0 [0278.763] free (_Block=0x1da510) [0278.763] malloc (_Size=0x8920) returned 0x31ea5a0 [0278.764] free (_Block=0x31e40b0) [0278.764] malloc (_Size=0xbb90) returned 0x31f2ec8 [0278.765] free (_Block=0x31ea5a0) [0278.765] malloc (_Size=0xfc90) returned 0x31fea60 [0278.766] free (_Block=0x31f2ec8) [0278.766] GetCurrentThreadId () returned 0x1130 [0278.766] GetCurrentThreadId () returned 0x1130 [0278.766] GetCurrentThreadId () returned 0x1130 [0278.766] GetCurrentThreadId () returned 0x1130 [0278.766] GetCurrentThreadId () returned 0x1130 [0278.766] GetCurrentThreadId () returned 0x1130 [0278.766] GetCurrentThreadId () returned 0x1130 [0278.766] GetCurrentThreadId () returned 0x1130 [0278.766] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] free (_Block=0x1d9aa8) [0278.767] free (_Block=0x1d14e8) [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.767] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.768] GetCurrentThreadId () returned 0x1130 [0278.769] free (_Block=0x31fea60) [0278.769] free (_Block=0x31e1e98) [0278.769] free (_Block=0x1d7470) [0278.769] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c9a08*, nNumberOfBytesToWrite=0xcf49, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c9a08*, lpNumberOfBytesWritten=0x19fbbc*=0xcf49, lpOverlapped=0x0) returned 1 [0278.771] free (_Block=0x31d7c00) [0278.771] free (_Block=0x1d1338) [0278.771] CloseHandle (hObject=0x2b4) returned 1 [0278.771] CloseHandle (hObject=0x404) returned 1 [0278.772] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=8) returned 1 [0278.772] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=4) returned 1 [0278.772] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=8) returned 1 [0278.772] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=4) returned 1 [0278.772] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=8) returned 1 [0278.772] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=4) returned 1 [0278.772] SetLastError (dwErrCode=0x0) [0278.772] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", lpFilePart=0x19f9f8*="d1fe715e[1].js") returned 0x93 [0278.772] GetLastError () returned 0x0 [0278.772] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=8) returned 1 [0278.772] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=4) returned 1 [0278.772] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=8) returned 1 [0278.772] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=4) returned 1 [0278.772] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.772] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\d1fe715e[1].js")) returned 1 [0278.774] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x36, wMilliseconds=0x2da)) [0278.774] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0278.775] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.775] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0278.775] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.775] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0278.808] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.808] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0278.808] CloseHandle (hObject=0x404) returned 1 [0278.808] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d1fe715e[1].js]omgp:[№?p-F});\\1p\"5Ub6jlg.>?FZ$№$iM`y6Ty?B~a+~!X]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0278.808] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d1fe715e[1].js]omgp:[№?p-F});\\1p\"5Ub6jlg.>?FZ$№$iM`y6Ty?B~a+~!X]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0278.808] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d1fe715e[1].js]omgp:[№?p-F});\\1p\"5Ub6jlg.>?FZ$№$iM`y6Ty?B~a+~!X]", cchWideChar=70, lpMultiByteStr=0x252c708, cbMultiByte=70, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[d1fe715e[1].js]omgp:[??p-F});\\1p\"5Ub6jlg.>?FZ$?$iM`y6Ty?B~a+~!X]", lpUsedDefaultChar=0x0) returned 70 [0278.814] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0278.814] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc=") returned 172 [0278.814] GetCurrentThreadId () returned 0x1130 [0278.814] GetCurrentThreadId () returned 0x1130 [0278.814] GetCurrentThreadId () returned 0x1130 [0278.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.815] SetLastError (dwErrCode=0x0) [0278.815] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320") returned 0xd0 [0278.815] GetLastError () returned 0x0 [0278.815] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.815] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.815] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.815] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.815] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.815] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].wannacash ncov v310320")) returned 0x2020 [0278.815] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [956].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.815] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0278.815] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.815] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xcf49 [0278.815] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.816] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0278.816] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.816] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.816] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.816] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.816] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.816] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3") returned 197 [0278.816] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.816] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3") returned 197 [0278.816] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xcf49 [0278.816] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.816] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.816] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:oYHLLZT2s2DxO+ZR9fLo0VQz6FzuJ34KBVoZ+0VBlmbDVCFUxNeC9n44NEx2fQQKXeG4glan0stzJSscYDEqB/CUvPL0dsLJGFIf5jCYIY92brpP7ygH1u5STwe23Fikhx7AzxSjrEbuwWP/GzBgrRjQuho3b9Xw+o3DcE4wcBc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.816] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0278.817] CloseHandle (hObject=0x404) returned 1 [0278.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=8) returned 1 [0278.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=4) returned 1 [0278.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=8) returned 1 [0278.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=4) returned 1 [0278.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=8) returned 1 [0278.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=4) returned 1 [0278.817] SetLastError (dwErrCode=0x0) [0278.817] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", lpFilePart=0x19fa34*="d1fe715e[1].js") returned 0x93 [0278.817] GetLastError () returned 0x0 [0278.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=8) returned 1 [0278.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=4) returned 1 [0278.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=8) returned 1 [0278.817] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js", cchCount2=4) returned 1 [0278.817] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.817] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\d1fe715e[1].js")) returned 0 [0278.817] GetLastError () returned 0x2 [0278.817] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d1fe715e[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\d1fe715e[1].js")) returned 0xffffffff [0278.817] SetLastError (dwErrCode=0x2) [0278.817] GetLastError () returned 0x2 [0278.817] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0278.818] LocalFree (hMem=0x92fe20) returned 0x0 [0278.818] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0278.818] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0278.818] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\d6ca66fc[1].css")) returned 0x2020 [0278.819] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37372487824) returned 1 [0278.819] GetCurrentThreadId () returned 0x1130 [0278.819] GetCurrentThreadId () returned 0x1130 [0278.819] GetCurrentThreadId () returned 0x1130 [0278.819] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".tcC@2smZz5BcGj;WypF=6tWt6Ov$|nPp8}&<94`EBo", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0278.819] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".tcC@2smZz5BcGj;WypF=6tWt6Ov$|nPp8}&<94`EBo", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0278.819] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".tcC@2smZz5BcGj;WypF=6tWt6Ov$|nPp8}&<94`EBo", cchWideChar=43, lpMultiByteStr=0x2524fd0, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".tcC@2smZz5BcGj;WypF=6tWt6Ov$|nPp8}&<94`EBo", lpUsedDefaultChar=0x0) returned 43 [0278.819] GetCurrentThreadId () returned 0x1130 [0278.819] GetCurrentThreadId () returned 0x1130 [0278.819] GetCurrentThreadId () returned 0x1130 [0278.819] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\d6ca66fc[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.819] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.820] malloc (_Size=0x64) returned 0x1d1338 [0278.820] GetCurrentThreadId () returned 0x1130 [0278.821] GetCurrentThreadId () returned 0x1130 [0278.821] GetCurrentThreadId () returned 0x1130 [0278.821] GetCurrentThreadId () returned 0x1130 [0278.821] GetCurrentThreadId () returned 0x1130 [0278.821] GetCurrentThreadId () returned 0x1130 [0278.821] free (_Block=0x1d1338) [0278.821] malloc (_Size=0x60) returned 0x1d1338 [0278.821] free (_Block=0x1d1338) [0278.821] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.821] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x14ed [0278.821] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.821] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.821] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x14ed [0278.821] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0278.821] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x14ed, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x14ed, lpOverlapped=0x0) returned 1 [0278.824] malloc (_Size=0x8c) returned 0x1d1338 [0278.824] malloc (_Size=0xfc) returned 0x31d71b0 [0278.824] malloc (_Size=0x40) returned 0x1d14e8 [0278.824] GetCurrentThreadId () returned 0x1130 [0278.824] GetCurrentThreadId () returned 0x1130 [0278.824] GetCurrentThreadId () returned 0x1130 [0278.824] GetCurrentThreadId () returned 0x1130 [0278.824] GetCurrentThreadId () returned 0x1130 [0278.824] GetCurrentThreadId () returned 0x1130 [0278.824] GetCurrentThreadId () returned 0x1130 [0278.824] GetCurrentThreadId () returned 0x1130 [0278.824] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] malloc (_Size=0xa5c) returned 0x1d9aa8 [0278.825] malloc (_Size=0x40) returned 0x1d7470 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] GetCurrentThreadId () returned 0x1130 [0278.825] malloc (_Size=0xc) returned 0x31e1d18 [0278.825] malloc (_Size=0x720) returned 0x31d2860 [0278.825] malloc (_Size=0xe3c) returned 0x1da510 [0278.826] free (_Block=0x31d2860) [0278.826] malloc (_Size=0x15ac) returned 0x1db358 [0278.826] free (_Block=0x1da510) [0278.826] malloc (_Size=0x23e4) returned 0x1dc910 [0278.826] free (_Block=0x1db358) [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.826] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] free (_Block=0x1d9aa8) [0278.827] free (_Block=0x1d14e8) [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.827] GetCurrentThreadId () returned 0x1130 [0278.828] free (_Block=0x1dc910) [0278.829] free (_Block=0x31e1d18) [0278.829] free (_Block=0x1d7470) [0278.829] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b9208*, nNumberOfBytesToWrite=0x1c70, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b9208*, lpNumberOfBytesWritten=0x19fbbc*=0x1c70, lpOverlapped=0x0) returned 1 [0278.830] free (_Block=0x31d71b0) [0278.830] free (_Block=0x1d1338) [0278.830] CloseHandle (hObject=0x2b4) returned 1 [0278.831] CloseHandle (hObject=0x404) returned 1 [0278.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=8) returned 1 [0278.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=4) returned 1 [0278.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=8) returned 1 [0278.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=4) returned 1 [0278.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=8) returned 1 [0278.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=4) returned 1 [0278.831] SetLastError (dwErrCode=0x0) [0278.831] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", lpFilePart=0x19f9f8*="d6ca66fc[1].css") returned 0x94 [0278.831] GetLastError () returned 0x0 [0278.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=8) returned 1 [0278.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=4) returned 1 [0278.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=8) returned 1 [0278.831] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=4) returned 1 [0278.831] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.832] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\d6ca66fc[1].css")) returned 1 [0278.833] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x36, wMilliseconds=0x319)) [0278.833] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0278.834] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0278.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0278.835] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0278.835] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0278.836] CloseHandle (hObject=0x404) returned 1 [0278.836] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d6ca66fc[1].css]omgp:[.tcC@2smZz5BcGj;WypF=6tWt6Ov$|nPp8}&<94`EBo]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0278.836] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d6ca66fc[1].css]omgp:[.tcC@2smZz5BcGj;WypF=6tWt6Ov$|nPp8}&<94`EBo]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0278.836] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[d6ca66fc[1].css]omgp:[.tcC@2smZz5BcGj;WypF=6tWt6Ov$|nPp8}&<94`EBo]", cchWideChar=72, lpMultiByteStr=0x252c708, cbMultiByte=72, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[d6ca66fc[1].css]omgp:[.tcC@2smZz5BcGj;WypF=6tWt6Ov$|nPp8}&<94`EBo]", lpUsedDefaultChar=0x0) returned 72 [0278.845] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0278.845] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA=") returned 172 [0278.845] GetCurrentThreadId () returned 0x1130 [0278.845] GetCurrentThreadId () returned 0x1130 [0278.845] GetCurrentThreadId () returned 0x1130 [0278.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.845] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.846] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.846] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.846] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.846] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.846] SetLastError (dwErrCode=0x0) [0278.846] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320") returned 0xd0 [0278.846] GetLastError () returned 0x0 [0278.846] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.846] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.846] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0278.846] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0278.846] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.846] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].wannacash ncov v310320")) returned 0x2020 [0278.846] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\Файл зашифрован. Пиши. Почта clubnika@elude.in [957].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0278.847] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0278.847] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.847] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1c70 [0278.847] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0278.847] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0278.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.847] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.847] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.847] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.847] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.847] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.847] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3") returned 197 [0278.847] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0278.848] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3") returned 197 [0278.848] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1c70 [0278.848] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.848] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0278.848] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:O0aUOoGuIZzY1WqExMA8czIcufxG7WtFiVyshCkTZom+TaphjmQNLEsFjczpO1bjfz5eByLcFYFQ6EWxPyZaSXOT1r2NiNFZFDuqE7Y7W6asAtCIYpOalitn2Rgyicu2h3W3ZIs2ekv51WQ4Aqz7TPlmHllg/MjUSqCvy80cFVA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0278.848] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0278.848] CloseHandle (hObject=0x404) returned 1 [0278.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=8) returned 1 [0278.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=4) returned 1 [0278.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=8) returned 1 [0278.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=4) returned 1 [0278.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=8) returned 1 [0278.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=4) returned 1 [0278.848] SetLastError (dwErrCode=0x0) [0278.849] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", lpFilePart=0x19fa34*="d6ca66fc[1].css") returned 0x94 [0278.849] GetLastError () returned 0x0 [0278.849] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=8) returned 1 [0278.849] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=4) returned 1 [0278.849] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=8) returned 1 [0278.849] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css", cchCount2=4) returned 1 [0278.849] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3")) returned 0x2016 [0278.849] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\d6ca66fc[1].css")) returned 0 [0278.849] GetLastError () returned 0x2 [0278.849] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\d6ca66fc[1].css" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\d6ca66fc[1].css")) returned 0xffffffff [0278.849] SetLastError (dwErrCode=0x2) [0278.849] GetLastError () returned 0x2 [0278.849] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0278.849] LocalFree (hMem=0x92fe20) returned 0x0 [0278.849] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0278.850] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0278.850] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\AppCache\\VCC8D03D\\3\\e7f9dc5e[1].js" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\appcache\\vcc8d03d\\3\\e7f9dc5e[1].js")) returned 0x2020 [0278.850] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37375648958) returned 1 [0278.850] GetCurrentThreadId () returned 0x1130 [0278.850] GetCurrentThreadId () returned 0x1130 [0278.850] GetCurrentThreadId () returned 0x1130 [0278.851] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="k&i_WW+-ybE@JrhIV_11B", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0279.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xv\"beaFdBVB", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0279.183] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xv\"beaFdBVB", cchWideChar=48, lpMultiByteStr=0x25337d8, cbMultiByte=48, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="xv\"beaFdBVB", lpUsedDefaultChar=0x0) returned 48 [0279.183] GetCurrentThreadId () returned 0x1130 [0279.183] GetCurrentThreadId () returned 0x1130 [0279.183] GetCurrentThreadId () returned 0x1130 [0279.183] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.183] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] malloc (_Size=0x64) returned 0x1d1338 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.195] GetCurrentThreadId () returned 0x1130 [0279.196] GetCurrentThreadId () returned 0x1130 [0279.196] GetCurrentThreadId () returned 0x1130 [0279.196] GetCurrentThreadId () returned 0x1130 [0279.196] GetCurrentThreadId () returned 0x1130 [0279.196] free (_Block=0x1d1338) [0279.196] malloc (_Size=0x60) returned 0x1d1338 [0279.196] free (_Block=0x1d1338) [0279.196] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.196] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.196] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.196] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.196] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.196] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.196] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0279.197] malloc (_Size=0x8c) returned 0x1d1338 [0279.197] malloc (_Size=0xfc) returned 0x31d77e0 [0279.197] malloc (_Size=0x40) returned 0x1d14e8 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] malloc (_Size=0xa5c) returned 0x1d9aa8 [0279.197] malloc (_Size=0x40) returned 0x1d7470 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.197] GetCurrentThreadId () returned 0x1130 [0279.269] GetCurrentThreadId () returned 0x1130 [0279.269] GetCurrentThreadId () returned 0x1130 [0279.269] GetCurrentThreadId () returned 0x1130 [0279.269] GetCurrentThreadId () returned 0x1130 [0279.269] GetCurrentThreadId () returned 0x1130 [0279.269] GetCurrentThreadId () returned 0x1130 [0279.269] GetCurrentThreadId () returned 0x1130 [0279.269] malloc (_Size=0xc) returned 0x31e1d18 [0279.270] malloc (_Size=0x40) returned 0x1d74b8 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] free (_Block=0x1d9aa8) [0279.270] free (_Block=0x1d14e8) [0279.270] GetCurrentThreadId () returned 0x1130 [0279.270] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] GetCurrentThreadId () returned 0x1130 [0279.271] free (_Block=0x1d74b8) [0279.271] free (_Block=0x31e1d18) [0279.271] free (_Block=0x1d7470) [0279.271] WriteFile (in: hFile=0x2b4, lpBuffer=0x2533798*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2533798*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0279.273] free (_Block=0x31d77e0) [0279.273] free (_Block=0x1d1338) [0279.273] CloseHandle (hObject=0x2b4) returned 1 [0279.273] CloseHandle (hObject=0x404) returned 1 [0279.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=8) returned 1 [0279.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=4) returned 1 [0279.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=8) returned 1 [0279.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=4) returned 1 [0279.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=8) returned 1 [0279.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=4) returned 1 [0279.273] SetLastError (dwErrCode=0x0) [0279.273] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x87 [0279.273] GetLastError () returned 0x0 [0279.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=8) returned 1 [0279.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=4) returned 1 [0279.273] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=8) returned 1 [0279.274] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=4) returned 1 [0279.274] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore")) returned 0x2016 [0279.274] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\container.dat")) returned 1 [0279.275] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x37, wMilliseconds=0xe6)) [0279.275] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0279.275] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.275] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0279.275] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.275] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0279.275] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.276] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0279.276] CloseHandle (hObject=0x404) returned 1 [0279.276] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[xv\"beaFdBVB]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0279.276] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[xv\"beaFdBVB]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0279.276] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[xv\"beaFdBVB]", cchWideChar=75, lpMultiByteStr=0x252c708, cbMultiByte=75, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[xv\"beaFdBVB]", lpUsedDefaultChar=0x0) returned 75 [0279.284] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0279.284] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA=") returned 172 [0279.284] GetCurrentThreadId () returned 0x1130 [0279.284] GetCurrentThreadId () returned 0x1130 [0279.284] GetCurrentThreadId () returned 0x1130 [0279.284] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.284] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.284] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.284] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.284] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.284] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.284] SetLastError (dwErrCode=0x0) [0279.284] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320") returned 0xc5 [0279.285] GetLastError () returned 0x0 [0279.285] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.285] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.285] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.285] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.285] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore")) returned 0x2016 [0279.285] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].wannacash ncov v310320")) returned 0x2020 [0279.285] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\Файл зашифрован. Пиши. Почта clubnika@elude.in [961].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.285] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0279.285] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.286] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0279.286] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.286] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0279.286] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.286] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.286] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.286] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.286] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.286] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3") returned 197 [0279.286] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.286] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3") returned 197 [0279.286] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0279.286] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.286] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.286] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ReSuqXVjN9NCoDGNLDLMmNeE2bnuBGhytSnx1PoTetN7/+2yfK9sFde1qud7U+bxMSN2wnPbJJQGUaJfWKZfxQ5DedPIDOd+jxA/95nnyi66o54tkgJ3PiWL54ebOlKGJm9NIwILtcTQc8NwGFYH2KLGEz853o7Wbw7N4y2kABA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.286] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0279.287] CloseHandle (hObject=0x404) returned 1 [0279.287] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=8) returned 1 [0279.287] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=4) returned 1 [0279.287] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=8) returned 1 [0279.287] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=4) returned 1 [0279.287] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=8) returned 1 [0279.287] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=4) returned 1 [0279.287] SetLastError (dwErrCode=0x0) [0279.287] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x87 [0279.287] GetLastError () returned 0x0 [0279.287] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=8) returned 1 [0279.287] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=4) returned 1 [0279.287] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=8) returned 1 [0279.287] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat", cchCount2=4) returned 1 [0279.287] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore")) returned 0x2016 [0279.288] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\container.dat")) returned 0 [0279.288] GetLastError () returned 0x2 [0279.288] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\container.dat")) returned 0xffffffff [0279.288] SetLastError (dwErrCode=0x2) [0279.288] GetLastError () returned 0x2 [0279.288] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0279.288] LocalFree (hMem=0x92fe20) returned 0x0 [0279.288] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0279.288] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0279.288] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\nsv9prju\\www.bing[1].xml")) returned 0x2020 [0279.289] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37419499415) returned 1 [0279.289] GetCurrentThreadId () returned 0x1130 [0279.289] GetCurrentThreadId () returned 0x1130 [0279.289] GetCurrentThreadId () returned 0x1130 [0279.289] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/PHXe?i&}5il=&Hq4Az33E.j\\y2)ybD", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0279.289] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/PHXe?i&}5il=&Hq4Az33E.j\\y2)ybD", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0279.289] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/PHXe?i&}5il=&Hq4Az33E.j\\y2)ybD", cchWideChar=31, lpMultiByteStr=0x250f7e8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="/PHXe?i&}5il=&Hq4Az33E.j\\y2)ybD", lpUsedDefaultChar=0x0) returned 31 [0279.289] GetCurrentThreadId () returned 0x1130 [0279.289] GetCurrentThreadId () returned 0x1130 [0279.289] GetCurrentThreadId () returned 0x1130 [0279.289] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\nsv9prju\\www.bing[1].xml"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.289] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\nsv9prju\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0279.291] GetCurrentThreadId () returned 0x1130 [0279.291] GetCurrentThreadId () returned 0x1130 [0279.291] GetCurrentThreadId () returned 0x1130 [0279.291] GetCurrentThreadId () returned 0x1130 [0279.291] GetCurrentThreadId () returned 0x1130 [0279.291] GetCurrentThreadId () returned 0x1130 [0279.291] GetCurrentThreadId () returned 0x1130 [0279.291] GetCurrentThreadId () returned 0x1130 [0279.291] GetCurrentThreadId () returned 0x1130 [0279.292] GetCurrentThreadId () returned 0x1130 [0279.292] GetCurrentThreadId () returned 0x1130 [0279.292] GetCurrentThreadId () returned 0x1130 [0279.292] GetCurrentThreadId () returned 0x1130 [0279.292] malloc (_Size=0x64) returned 0x1d1338 [0279.292] GetCurrentThreadId () returned 0x1130 [0279.292] GetCurrentThreadId () returned 0x1130 [0279.292] GetCurrentThreadId () returned 0x1130 [0279.292] GetCurrentThreadId () returned 0x1130 [0279.292] GetCurrentThreadId () returned 0x1130 [0279.292] GetCurrentThreadId () returned 0x1130 [0279.292] free (_Block=0x1d1338) [0279.292] malloc (_Size=0x60) returned 0x1d1338 [0279.292] free (_Block=0x1d1338) [0279.292] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.292] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x147 [0279.293] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.293] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.293] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x147 [0279.293] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.293] ReadFile (in: hFile=0x404, lpBuffer=0x248c568, nNumberOfBytesToRead=0x147, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x248c568*, lpNumberOfBytesRead=0x19fbc8*=0x147, lpOverlapped=0x0) returned 1 [0279.294] malloc (_Size=0x8c) returned 0x1d1338 [0279.295] malloc (_Size=0xfc) returned 0x31d71b0 [0279.295] malloc (_Size=0x40) returned 0x1d14e8 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] malloc (_Size=0xa5c) returned 0x1d9aa8 [0279.295] malloc (_Size=0x40) returned 0x1d7470 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.295] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] malloc (_Size=0xc) returned 0x31e1df0 [0279.296] malloc (_Size=0x260) returned 0x31d2860 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.296] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] free (_Block=0x1d9aa8) [0279.297] free (_Block=0x1d14e8) [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.297] GetCurrentThreadId () returned 0x1130 [0279.298] free (_Block=0x31d2860) [0279.298] free (_Block=0x31e1df0) [0279.298] free (_Block=0x1d7470) [0279.298] WriteFile (in: hFile=0x2b4, lpBuffer=0x39b67c8*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesWritten=0x19fbbc*=0x1e0, lpOverlapped=0x0) returned 1 [0279.299] free (_Block=0x31d71b0) [0279.299] free (_Block=0x1d1338) [0279.299] CloseHandle (hObject=0x2b4) returned 1 [0279.299] CloseHandle (hObject=0x404) returned 1 [0279.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=8) returned 1 [0279.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=4) returned 1 [0279.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=8) returned 1 [0279.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=4) returned 1 [0279.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=8) returned 1 [0279.299] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=4) returned 1 [0279.300] SetLastError (dwErrCode=0x0) [0279.300] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", lpFilePart=0x19f9f8*="www.bing[1].xml") returned 0x92 [0279.300] GetLastError () returned 0x0 [0279.300] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=8) returned 1 [0279.300] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=4) returned 1 [0279.300] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=8) returned 1 [0279.300] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=4) returned 1 [0279.300] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\nsv9prju")) returned 0x2016 [0279.300] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\nsv9prju\\www.bing[1].xml")) returned 1 [0279.302] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x37, wMilliseconds=0x106)) [0279.302] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0279.302] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.302] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0279.302] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.302] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0279.302] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.302] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0279.302] CloseHandle (hObject=0x404) returned 1 [0279.302] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[www.bing[1].xml]omgp:[/PHXe?i&}5il=&Hq4Az33E.j\\y2)ybD]", cchWideChar=60, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 60 [0279.303] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[www.bing[1].xml]omgp:[/PHXe?i&}5il=&Hq4Az33E.j\\y2)ybD]", cchWideChar=60, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 60 [0279.303] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[www.bing[1].xml]omgp:[/PHXe?i&}5il=&Hq4Az33E.j\\y2)ybD]", cchWideChar=60, lpMultiByteStr=0x2516b60, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[www.bing[1].xml]omgp:[/PHXe?i&}5il=&Hq4Az33E.j\\y2)ybD]", lpUsedDefaultChar=0x0) returned 60 [0279.314] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0279.314] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g=") returned 172 [0279.314] GetCurrentThreadId () returned 0x1130 [0279.314] GetCurrentThreadId () returned 0x1130 [0279.314] GetCurrentThreadId () returned 0x1130 [0279.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.314] SetLastError (dwErrCode=0x0) [0279.314] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320") returned 0xce [0279.314] GetLastError () returned 0x0 [0279.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.315] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.315] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.315] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\nsv9prju")) returned 0x2016 [0279.315] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\nsv9prju\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].wannacash ncov v310320")) returned 0x2020 [0279.315] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\nsv9prju\\Файл зашифрован. Пиши. Почта clubnika@elude.in [962].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0279.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1e0 [0279.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.316] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0279.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.316] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.316] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.316] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.316] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.316] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3") returned 197 [0279.316] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.316] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3") returned 197 [0279.316] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1e0 [0279.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:M/LNeftRXamImcjdvxrmGkISNuzoKejTxglYnQvCviVYLj7eYu0DC+Yea0wT9yNdxtZlvsQvBcgDdsF0gKlBUGJ00oIe+PCmXYQoCO9DiJ0GOIVMwsO7dM/jeyo9IFhhdqP1xo7tvQdEoMbDaTcdTTntV6EL/JmX5YrKKTxac1g= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.316] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0279.317] CloseHandle (hObject=0x404) returned 1 [0279.317] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=8) returned 1 [0279.317] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=4) returned 1 [0279.317] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=8) returned 1 [0279.317] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=4) returned 1 [0279.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=8) returned 1 [0279.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=4) returned 1 [0279.318] SetLastError (dwErrCode=0x0) [0279.318] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", lpFilePart=0x19fa34*="www.bing[1].xml") returned 0x92 [0279.318] GetLastError () returned 0x0 [0279.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=8) returned 1 [0279.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=4) returned 1 [0279.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=8) returned 1 [0279.318] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml", cchCount2=4) returned 1 [0279.318] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\nsv9prju")) returned 0x2016 [0279.318] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\nsv9prju\\www.bing[1].xml")) returned 0 [0279.318] GetLastError () returned 0x2 [0279.318] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\DOMStore\\NSV9PRJU\\www.bing[1].xml" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\domstore\\nsv9prju\\www.bing[1].xml")) returned 0xffffffff [0279.318] SetLastError (dwErrCode=0x2) [0279.318] GetLastError () returned 0x2 [0279.318] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0279.318] LocalFree (hMem=0x92fe20) returned 0x0 [0279.318] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0279.319] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0279.319] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emiesitelist\\container.dat")) returned 0x2026 [0279.321] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37422708871) returned 1 [0279.321] GetCurrentThreadId () returned 0x1130 [0279.321] GetCurrentThreadId () returned 0x1130 [0279.321] GetCurrentThreadId () returned 0x1130 [0279.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nUVMzIi/Zk_X\\UD8KSP~q=~3q=mql,&mbL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0279.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nUVMzIi/Zk_X\\UD8KSP~q=~3q=mql,&mbL", cchWideChar=34, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0279.321] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="nUVMzIi/Zk_X\\UD8KSP~q=~3q=mql,&mbL", cchWideChar=34, lpMultiByteStr=0x250f7b8, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nUVMzIi/Zk_X\\UD8KSP~q=~3q=mql,&mbL", lpUsedDefaultChar=0x0) returned 34 [0279.321] GetCurrentThreadId () returned 0x1130 [0279.321] GetCurrentThreadId () returned 0x1130 [0279.321] GetCurrentThreadId () returned 0x1130 [0279.321] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emiesitelist\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.322] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emiesitelist\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0279.323] GetCurrentThreadId () returned 0x1130 [0279.323] GetCurrentThreadId () returned 0x1130 [0279.323] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] malloc (_Size=0x64) returned 0x1d1338 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] GetCurrentThreadId () returned 0x1130 [0279.324] free (_Block=0x1d1338) [0279.324] malloc (_Size=0x60) returned 0x1d1338 [0279.324] free (_Block=0x1d1338) [0279.325] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.325] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.325] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.325] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.325] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.325] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.325] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0279.325] malloc (_Size=0x8c) returned 0x1d1338 [0279.325] malloc (_Size=0xfc) returned 0x31d71b0 [0279.325] malloc (_Size=0x40) returned 0x1d14e8 [0279.325] GetCurrentThreadId () returned 0x1130 [0279.325] GetCurrentThreadId () returned 0x1130 [0279.325] GetCurrentThreadId () returned 0x1130 [0279.325] GetCurrentThreadId () returned 0x1130 [0279.325] GetCurrentThreadId () returned 0x1130 [0279.325] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] malloc (_Size=0xa5c) returned 0x1d9aa8 [0279.326] malloc (_Size=0x40) returned 0x1d7470 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] malloc (_Size=0xc) returned 0x31e1ca0 [0279.326] malloc (_Size=0x40) returned 0x1d74b8 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.326] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] free (_Block=0x1d9aa8) [0279.327] free (_Block=0x1d14e8) [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.327] GetCurrentThreadId () returned 0x1130 [0279.328] GetCurrentThreadId () returned 0x1130 [0279.328] GetCurrentThreadId () returned 0x1130 [0279.328] GetCurrentThreadId () returned 0x1130 [0279.328] GetCurrentThreadId () returned 0x1130 [0279.328] GetCurrentThreadId () returned 0x1130 [0279.328] GetCurrentThreadId () returned 0x1130 [0279.328] GetCurrentThreadId () returned 0x1130 [0279.328] GetCurrentThreadId () returned 0x1130 [0279.328] GetCurrentThreadId () returned 0x1130 [0279.328] GetCurrentThreadId () returned 0x1130 [0279.328] free (_Block=0x1d74b8) [0279.328] free (_Block=0x31e1ca0) [0279.328] free (_Block=0x1d7470) [0279.328] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0279.329] free (_Block=0x31d71b0) [0279.329] free (_Block=0x1d1338) [0279.329] CloseHandle (hObject=0x2b4) returned 1 [0279.330] CloseHandle (hObject=0x404) returned 1 [0279.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=8) returned 1 [0279.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=4) returned 1 [0279.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=8) returned 1 [0279.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=4) returned 1 [0279.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=8) returned 1 [0279.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=4) returned 1 [0279.330] SetLastError (dwErrCode=0x0) [0279.330] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x8b [0279.330] GetLastError () returned 0x0 [0279.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=8) returned 1 [0279.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=4) returned 1 [0279.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=8) returned 1 [0279.330] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=4) returned 1 [0279.330] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emiesitelist")) returned 0x2016 [0279.331] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emiesitelist\\container.dat")) returned 1 [0279.331] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x37, wMilliseconds=0x125)) [0279.331] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0279.332] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.332] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0279.332] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.332] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0279.332] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.332] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0279.332] CloseHandle (hObject=0x404) returned 1 [0279.332] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[nUVMzIi/Zk_X\\UD8KSP~q=~3q=mql,&mbL]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0279.332] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[nUVMzIi/Zk_X\\UD8KSP~q=~3q=mql,&mbL]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0279.332] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[nUVMzIi/Zk_X\\UD8KSP~q=~3q=mql,&mbL]", cchWideChar=61, lpMultiByteStr=0x2541be8, cbMultiByte=61, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[nUVMzIi/Zk_X\\UD8KSP~q=~3q=mql,&mbL]", lpUsedDefaultChar=0x0) returned 61 [0279.340] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0279.340] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM=") returned 172 [0279.340] GetCurrentThreadId () returned 0x1130 [0279.341] GetCurrentThreadId () returned 0x1130 [0279.341] GetCurrentThreadId () returned 0x1130 [0279.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.341] SetLastError (dwErrCode=0x0) [0279.341] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320") returned 0xc9 [0279.341] GetLastError () returned 0x0 [0279.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.341] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.341] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emiesitelist")) returned 0x2016 [0279.342] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emiesitelist\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].wannacash ncov v310320")) returned 0x2020 [0279.342] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emiesitelist\\Файл зашифрован. Пиши. Почта clubnika@elude.in [963].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.342] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0279.342] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.342] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0279.342] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.342] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0279.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.342] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.343] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3") returned 197 [0279.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.343] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3") returned 197 [0279.343] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0279.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.343] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tfps1/qAkt1uY4M7gTG0Dg4zR+Z/2UMDRB2IdTTm5/92SGHgPia9upnPYoWTyBeL4KMo/dnmjj0JbkRwHPSehmBeEz540fX9zpEIDNRDnGNZ8wHpg0VNhqKA74x4/Eb+VBU4mU58rF7bUOk++AH6dY+yGKQybetsHwwOVQiemoM= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.343] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0279.343] CloseHandle (hObject=0x404) returned 1 [0279.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=8) returned 1 [0279.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=4) returned 1 [0279.343] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=8) returned 1 [0279.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=4) returned 1 [0279.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=8) returned 1 [0279.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=4) returned 1 [0279.344] SetLastError (dwErrCode=0x0) [0279.344] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x8b [0279.344] GetLastError () returned 0x0 [0279.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=8) returned 1 [0279.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=4) returned 1 [0279.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=8) returned 1 [0279.344] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat", cchCount2=4) returned 1 [0279.344] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emiesitelist")) returned 0x2016 [0279.344] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emiesitelist\\container.dat")) returned 0 [0279.344] GetLastError () returned 0x2 [0279.344] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieSiteList\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emiesitelist\\container.dat")) returned 0xffffffff [0279.344] SetLastError (dwErrCode=0x2) [0279.344] GetLastError () returned 0x2 [0279.344] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0279.344] LocalFree (hMem=0x92fe20) returned 0x0 [0279.345] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0279.345] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0279.345] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emieuserlist\\container.dat")) returned 0x2026 [0279.345] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37425145062) returned 1 [0279.345] GetCurrentThreadId () returned 0x1130 [0279.345] GetCurrentThreadId () returned 0x1130 [0279.345] GetCurrentThreadId () returned 0x1130 [0279.345] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@tuKOVJ.q.~+lw?ckxIX(9№Zf6ugy7QN:(I", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0279.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@tuKOVJ.q.~+lw?ckxIX(9№Zf6ugy7QN:(I", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0279.346] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@tuKOVJ.q.~+lw?ckxIX(9№Zf6ugy7QN:(I", cchWideChar=35, lpMultiByteStr=0x2524fd0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="@tuKOVJ.q.~+lw?ckxIX(9â\x84\x96Zf6ugy7QN:(I", lpUsedDefaultChar=0x0) returned 37 [0279.346] GetCurrentThreadId () returned 0x1130 [0279.346] GetCurrentThreadId () returned 0x1130 [0279.346] GetCurrentThreadId () returned 0x1130 [0279.346] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emieuserlist\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.346] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emieuserlist\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] malloc (_Size=0x64) returned 0x1d1338 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.351] GetCurrentThreadId () returned 0x1130 [0279.352] GetCurrentThreadId () returned 0x1130 [0279.352] GetCurrentThreadId () returned 0x1130 [0279.352] GetCurrentThreadId () returned 0x1130 [0279.352] free (_Block=0x1d1338) [0279.352] malloc (_Size=0x60) returned 0x1d1338 [0279.352] free (_Block=0x1d1338) [0279.352] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.352] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.352] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.352] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.352] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.352] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.352] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0279.352] malloc (_Size=0x8c) returned 0x1d1338 [0279.353] malloc (_Size=0xfc) returned 0x31d79f0 [0279.353] malloc (_Size=0x40) returned 0x1d14e8 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] malloc (_Size=0xa5c) returned 0x1d9aa8 [0279.353] malloc (_Size=0x40) returned 0x1d7470 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.353] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] malloc (_Size=0xc) returned 0x31e1df0 [0279.354] malloc (_Size=0x40) returned 0x1d74b8 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.354] GetCurrentThreadId () returned 0x1130 [0279.355] free (_Block=0x1d9aa8) [0279.355] free (_Block=0x1d14e8) [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] GetCurrentThreadId () returned 0x1130 [0279.355] free (_Block=0x1d74b8) [0279.355] free (_Block=0x31e1df0) [0279.355] free (_Block=0x1d7470) [0279.355] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0279.357] free (_Block=0x31d79f0) [0279.357] free (_Block=0x1d1338) [0279.357] CloseHandle (hObject=0x2b4) returned 1 [0279.357] CloseHandle (hObject=0x404) returned 1 [0279.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=8) returned 1 [0279.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=4) returned 1 [0279.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=8) returned 1 [0279.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=4) returned 1 [0279.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=8) returned 1 [0279.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=4) returned 1 [0279.357] SetLastError (dwErrCode=0x0) [0279.357] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x8b [0279.357] GetLastError () returned 0x0 [0279.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=8) returned 1 [0279.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=4) returned 1 [0279.357] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=8) returned 1 [0279.358] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=4) returned 1 [0279.358] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emieuserlist")) returned 0x2016 [0279.358] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emieuserlist\\container.dat")) returned 1 [0279.359] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x37, wMilliseconds=0x144)) [0279.359] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0279.359] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.359] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0279.359] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.359] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0279.359] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.359] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0279.359] CloseHandle (hObject=0x404) returned 1 [0279.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[@tuKOVJ.q.~+lw?ckxIX(9№Zf6ugy7QN:(I]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0279.359] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[@tuKOVJ.q.~+lw?ckxIX(9№Zf6ugy7QN:(I]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0279.360] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[@tuKOVJ.q.~+lw?ckxIX(9№Zf6ugy7QN:(I]", cchWideChar=62, lpMultiByteStr=0x2541be8, cbMultiByte=62, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[@tuKOVJ.q.~+lw?ckxIX(9?Zf6ugy7QN:(I]7", lpUsedDefaultChar=0x0) returned 62 [0279.367] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0279.367] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k=") returned 172 [0279.368] GetCurrentThreadId () returned 0x1130 [0279.368] GetCurrentThreadId () returned 0x1130 [0279.368] GetCurrentThreadId () returned 0x1130 [0279.368] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.368] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.368] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.368] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.368] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.368] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.368] SetLastError (dwErrCode=0x0) [0279.368] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320") returned 0xc9 [0279.368] GetLastError () returned 0x0 [0279.368] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.368] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.368] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.368] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.368] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emieuserlist")) returned 0x2016 [0279.368] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emieuserlist\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].wannacash ncov v310320")) returned 0x2020 [0279.369] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emieuserlist\\Файл зашифрован. Пиши. Почта clubnika@elude.in [964].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0279.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0279.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.445] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0279.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3") returned 197 [0279.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3") returned 197 [0279.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0279.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:v+jF9DaJnvSGN6hBMV3qPAfB+8pGzapbgLQChStgC1NOjw6w/f+KnDWGW8oBZXR+GVdwg9mFMg6eZi7IrN86ltAhG1YzyIqsl9rDU/3Jkjj4OQWgt0ukpwtI7BmYv/9/wjRuOyf80zRIjIPZKvDBQU6wkV4s7k45guhTp1AAg2k= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.445] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0279.446] CloseHandle (hObject=0x404) returned 1 [0279.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=8) returned 1 [0279.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=4) returned 1 [0279.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=8) returned 1 [0279.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=4) returned 1 [0279.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=8) returned 1 [0279.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=4) returned 1 [0279.446] SetLastError (dwErrCode=0x0) [0279.446] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x8b [0279.446] GetLastError () returned 0x0 [0279.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=8) returned 1 [0279.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=4) returned 1 [0279.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=8) returned 1 [0279.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat", cchCount2=4) returned 1 [0279.446] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emieuserlist")) returned 0x2016 [0279.446] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emieuserlist\\container.dat")) returned 0 [0279.447] GetLastError () returned 0x2 [0279.447] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\User\\Default\\EmieUserList\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\user\\default\\emieuserlist\\container.dat")) returned 0xffffffff [0279.447] SetLastError (dwErrCode=0x2) [0279.447] GetLastError () returned 0x2 [0279.447] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0279.447] LocalFree (hMem=0x92fe20) returned 0x0 [0279.447] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0279.447] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0279.448] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!121\\microsoftedge\\history\\container.dat")) returned 0x2026 [0279.449] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37435525654) returned 1 [0279.449] GetCurrentThreadId () returned 0x1130 [0279.449] GetCurrentThreadId () returned 0x1130 [0279.449] GetCurrentThreadId () returned 0x1130 [0279.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i^zw\\9q$23^=v8c4yOZGF(EUc", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0279.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i^zw\\9q$23^=v8c4yOZGF(EUc", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0279.449] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i^zw\\9q$23^=v8c4yOZGF(EUc", cchWideChar=25, lpMultiByteStr=0x2508f38, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="i^zw\\9q$23^=v8c4yOZGF(EUc", lpUsedDefaultChar=0x0) returned 25 [0279.449] GetCurrentThreadId () returned 0x1130 [0279.449] GetCurrentThreadId () returned 0x1130 [0279.449] GetCurrentThreadId () returned 0x1130 [0279.450] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!121\\microsoftedge\\history\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.450] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!121\\microsoftedge\\history\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] malloc (_Size=0x64) returned 0x1d1338 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.451] GetCurrentThreadId () returned 0x1130 [0279.452] GetCurrentThreadId () returned 0x1130 [0279.452] GetCurrentThreadId () returned 0x1130 [0279.452] free (_Block=0x1d1338) [0279.452] malloc (_Size=0x60) returned 0x1d1338 [0279.452] free (_Block=0x1d1338) [0279.452] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.452] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.452] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.452] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.452] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.452] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.452] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0279.452] malloc (_Size=0x8c) returned 0x1d1338 [0279.452] malloc (_Size=0xfc) returned 0x31d73c0 [0279.453] malloc (_Size=0x40) returned 0x1d14e8 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] malloc (_Size=0xa5c) returned 0x1d9aa8 [0279.453] malloc (_Size=0x40) returned 0x1d7470 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.453] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] malloc (_Size=0xc) returned 0x31e1eb0 [0279.454] malloc (_Size=0x40) returned 0x1d74b8 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] GetCurrentThreadId () returned 0x1130 [0279.454] free (_Block=0x1d9aa8) [0279.454] free (_Block=0x1d14e8) [0279.454] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] GetCurrentThreadId () returned 0x1130 [0279.455] free (_Block=0x1d74b8) [0279.455] free (_Block=0x31e1eb0) [0279.455] free (_Block=0x1d7470) [0279.455] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0279.456] free (_Block=0x31d73c0) [0279.456] free (_Block=0x1d1338) [0279.456] CloseHandle (hObject=0x2b4) returned 1 [0279.456] CloseHandle (hObject=0x404) returned 1 [0279.456] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0279.456] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0279.456] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0279.456] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0279.456] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0279.456] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0279.456] SetLastError (dwErrCode=0x0) [0279.456] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x79 [0279.456] GetLastError () returned 0x0 [0279.457] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0279.457] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0279.457] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0279.457] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0279.457] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!121\\microsoftedge\\history")) returned 0x2016 [0279.457] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!121\\microsoftedge\\history\\container.dat")) returned 1 [0279.458] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x37, wMilliseconds=0x1a2)) [0279.458] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0279.458] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.458] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0279.458] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.458] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0279.458] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.458] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0279.458] CloseHandle (hObject=0x404) returned 1 [0279.459] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[i^zw\\9q$23^=v8c4yOZGF(EUc]", cchWideChar=52, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 52 [0279.459] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[i^zw\\9q$23^=v8c4yOZGF(EUc]", cchWideChar=52, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 52 [0279.459] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[i^zw\\9q$23^=v8c4yOZGF(EUc]", cchWideChar=52, lpMultiByteStr=0x25337d8, cbMultiByte=52, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[i^zw\\9q$23^=v8c4yOZGF(EUc]", lpUsedDefaultChar=0x0) returned 52 [0279.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0279.512] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg=") returned 172 [0279.512] GetCurrentThreadId () returned 0x1130 [0279.512] GetCurrentThreadId () returned 0x1130 [0279.512] GetCurrentThreadId () returned 0x1130 [0279.512] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.512] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.512] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.512] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.512] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.512] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.512] SetLastError (dwErrCode=0x0) [0279.512] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320") returned 0xb7 [0279.512] GetLastError () returned 0x0 [0279.512] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.512] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.512] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.512] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.512] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!121\\microsoftedge\\history")) returned 0x2016 [0279.513] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!121\\microsoftedge\\history\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].wannacash ncov v310320")) returned 0x2020 [0279.513] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!121\\microsoftedge\\history\\Файл зашифрован. Пиши. Почта clubnika@elude.in [965].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.513] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0279.513] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.513] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0279.513] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.513] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0279.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.513] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.514] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.514] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.514] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3") returned 197 [0279.514] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.514] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3") returned 197 [0279.514] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0279.514] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.514] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.514] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:76Ndl/E1lYgay1DuSnhXtByDgO88rT4t8YAstOWZRDfcIwTUqqDLS4AnRH0/kHTf3I6KUHZgTzSGi+HB5jrW7N0i8Ap7Tnrfw40Dc0Z3V6//Yk8QPHAYvbD2iaVBpFd6P5fE32he6J/2CWp4xMD6XeOg40u7QxRgRUCcCy/0ZYg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.514] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0279.514] CloseHandle (hObject=0x404) returned 1 [0279.514] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0279.514] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0279.515] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0279.515] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0279.515] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0279.515] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0279.515] SetLastError (dwErrCode=0x0) [0279.515] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x79 [0279.515] GetLastError () returned 0x0 [0279.515] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0279.515] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0279.515] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=8) returned 1 [0279.515] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat", cchCount2=4) returned 1 [0279.515] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!121\\microsoftedge\\history")) returned 0x2016 [0279.515] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!121\\microsoftedge\\history\\container.dat")) returned 0 [0279.515] GetLastError () returned 0x2 [0279.515] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!121\\MicrosoftEdge\\History\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!121\\microsoftedge\\history\\container.dat")) returned 0xffffffff [0279.515] SetLastError (dwErrCode=0x2) [0279.515] GetLastError () returned 0x2 [0279.515] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0279.515] LocalFree (hMem=0x92fe20) returned 0x0 [0279.516] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0279.516] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0279.516] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\bingpagedatacache\\container.dat")) returned 0x2026 [0279.516] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37442259662) returned 1 [0279.517] GetCurrentThreadId () returned 0x1130 [0279.517] GetCurrentThreadId () returned 0x1130 [0279.517] GetCurrentThreadId () returned 0x1130 [0279.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xA)Hj>i9n6j№^SZNRrzVVx\\№n<№TJ", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0279.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xA)Hj>i9n6j№^SZNRrzVVx\\№n<№TJ", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0279.517] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="xA)Hj>i9n6j№^SZNRrzVVx\\№n<№TJ", cchWideChar=29, lpMultiByteStr=0x250f7e8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="xA)Hj>i9n6jâ\x84\x96^SZNRrzVVx\\â\x84\x96n<â\x84\x96TJ", lpUsedDefaultChar=0x0) returned 35 [0279.517] GetCurrentThreadId () returned 0x1130 [0279.517] GetCurrentThreadId () returned 0x1130 [0279.517] GetCurrentThreadId () returned 0x1130 [0279.517] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\bingpagedatacache\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.517] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [966].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\bingpagedatacache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [966].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] GetCurrentThreadId () returned 0x1130 [0279.520] malloc (_Size=0x64) returned 0x1d1338 [0279.521] GetCurrentThreadId () returned 0x1130 [0279.521] GetCurrentThreadId () returned 0x1130 [0279.521] GetCurrentThreadId () returned 0x1130 [0279.521] GetCurrentThreadId () returned 0x1130 [0279.521] GetCurrentThreadId () returned 0x1130 [0279.521] GetCurrentThreadId () returned 0x1130 [0279.521] free (_Block=0x1d1338) [0279.521] malloc (_Size=0x60) returned 0x1d1338 [0279.521] free (_Block=0x1d1338) [0279.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.522] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.522] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0279.522] malloc (_Size=0x8c) returned 0x1d1338 [0279.522] malloc (_Size=0xfc) returned 0x31d77e0 [0279.522] malloc (_Size=0x40) returned 0x1d14e8 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] malloc (_Size=0xa5c) returned 0x1d9aa8 [0279.522] malloc (_Size=0x40) returned 0x1d7470 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.522] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] malloc (_Size=0xc) returned 0x31e1ca0 [0279.523] malloc (_Size=0x40) returned 0x1d74b8 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.523] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] free (_Block=0x1d9aa8) [0279.524] free (_Block=0x1d14e8) [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.524] GetCurrentThreadId () returned 0x1130 [0279.525] free (_Block=0x1d74b8) [0279.525] free (_Block=0x31e1ca0) [0279.525] free (_Block=0x1d7470) [0279.525] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0279.526] free (_Block=0x31d77e0) [0279.526] free (_Block=0x1d1338) [0279.526] CloseHandle (hObject=0x2b4) returned 1 [0279.526] CloseHandle (hObject=0x404) returned 1 [0279.526] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", cchCount2=8) returned 1 [0279.526] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", cchCount2=4) returned 1 [0279.526] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", cchCount2=8) returned 1 [0279.526] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", cchCount2=4) returned 1 [0279.526] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", cchCount2=8) returned 1 [0279.527] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", cchCount2=4) returned 1 [0279.527] SetLastError (dwErrCode=0x0) [0279.527] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x7d [0279.527] GetLastError () returned 0x0 [0279.527] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", cchCount2=8) returned 1 [0279.527] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", cchCount2=4) returned 1 [0279.527] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", cchCount2=8) returned 1 [0279.527] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat", cchCount2=4) returned 1 [0279.527] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\bingpagedatacache")) returned 0x2016 [0279.527] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\BingPageDataCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\bingpagedatacache\\container.dat")) returned 1 [0279.528] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x37, wMilliseconds=0x1f0)) [0279.528] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0279.528] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.528] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0279.528] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.528] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0279.528] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.528] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0279.528] CloseHandle (hObject=0x404) returned 1 [0279.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[xA)Hj>i9n6j№^SZNRrzVVx\\№n<№TJ]", cchWideChar=56, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0279.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[xA)Hj>i9n6j№^SZNRrzVVx\\№n<№TJ]", cchWideChar=56, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0279.529] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[xA)Hj>i9n6j№^SZNRrzVVx\\№n<№TJ]", cchWideChar=56, lpMultiByteStr=0x2516968, cbMultiByte=56, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[xA)Hj>i9n6j?^SZNRrzVVx\\?n3qV7`^O\"{Z", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0279.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ySP6mHGDwaezWI!\\e2!+.kXi,ncO\"K=l4>3qV7`^O\"{Z", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0279.658] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ySP6mHGDwaezWI!\\e2!+.kXi,ncO\"K=l4>3qV7`^O\"{Z", cchWideChar=44, lpMultiByteStr=0x2524fd0, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ySP6mHGDwaezWI!\\e2!+.kXi,ncO\"K=l4>3qV7`^O\"{ZqPR\x02\x01", lpUsedDefaultChar=0x0) returned 44 [0279.658] GetCurrentThreadId () returned 0x1130 [0279.658] GetCurrentThreadId () returned 0x1130 [0279.658] GetCurrentThreadId () returned 0x1130 [0279.658] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.658] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0279.659] GetCurrentThreadId () returned 0x1130 [0279.659] GetCurrentThreadId () returned 0x1130 [0279.659] GetCurrentThreadId () returned 0x1130 [0279.659] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] malloc (_Size=0x64) returned 0x1d1338 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] GetCurrentThreadId () returned 0x1130 [0279.660] free (_Block=0x1d1338) [0279.660] malloc (_Size=0x60) returned 0x1d1338 [0279.660] free (_Block=0x1d1338) [0279.661] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.661] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.661] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.661] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.661] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.661] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.661] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0279.661] malloc (_Size=0x8c) returned 0x1d1338 [0279.661] malloc (_Size=0xfc) returned 0x31d70a8 [0279.661] malloc (_Size=0x40) returned 0x1d14e8 [0279.661] GetCurrentThreadId () returned 0x1130 [0279.661] GetCurrentThreadId () returned 0x1130 [0279.661] GetCurrentThreadId () returned 0x1130 [0279.661] GetCurrentThreadId () returned 0x1130 [0279.661] GetCurrentThreadId () returned 0x1130 [0279.661] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] malloc (_Size=0xa5c) returned 0x1d9aa8 [0279.662] malloc (_Size=0x40) returned 0x1d7470 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] malloc (_Size=0xc) returned 0x31e1ca0 [0279.662] malloc (_Size=0x40) returned 0x1d74b8 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.662] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] free (_Block=0x1d9aa8) [0279.663] free (_Block=0x1d14e8) [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.663] GetCurrentThreadId () returned 0x1130 [0279.664] GetCurrentThreadId () returned 0x1130 [0279.664] GetCurrentThreadId () returned 0x1130 [0279.664] GetCurrentThreadId () returned 0x1130 [0279.664] GetCurrentThreadId () returned 0x1130 [0279.664] GetCurrentThreadId () returned 0x1130 [0279.664] GetCurrentThreadId () returned 0x1130 [0279.664] GetCurrentThreadId () returned 0x1130 [0279.664] GetCurrentThreadId () returned 0x1130 [0279.664] GetCurrentThreadId () returned 0x1130 [0279.664] GetCurrentThreadId () returned 0x1130 [0279.664] free (_Block=0x1d74b8) [0279.664] free (_Block=0x31e1ca0) [0279.664] free (_Block=0x1d7470) [0279.664] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0279.665] free (_Block=0x31d70a8) [0279.665] free (_Block=0x1d1338) [0279.665] CloseHandle (hObject=0x2b4) returned 1 [0279.665] CloseHandle (hObject=0x404) returned 1 [0279.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=8) returned 1 [0279.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=4) returned 1 [0279.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=8) returned 1 [0279.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=4) returned 1 [0279.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=8) returned 1 [0279.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=4) returned 1 [0279.678] SetLastError (dwErrCode=0x0) [0279.678] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x73 [0279.678] GetLastError () returned 0x0 [0279.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=8) returned 1 [0279.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=4) returned 1 [0279.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=8) returned 1 [0279.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=4) returned 1 [0279.678] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies")) returned 0x2016 [0279.679] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\container.dat")) returned 1 [0279.680] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x37, wMilliseconds=0x27c)) [0279.680] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0279.680] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.680] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0279.680] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.680] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0279.680] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.680] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0279.680] CloseHandle (hObject=0x404) returned 1 [0279.680] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[ySP6mHGDwaezWI!\\e2!+.kXi,ncO\"K=l4>3qV7`^O\"{Z]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0279.680] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[ySP6mHGDwaezWI!\\e2!+.kXi,ncO\"K=l4>3qV7`^O\"{Z]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0279.680] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[ySP6mHGDwaezWI!\\e2!+.kXi,ncO\"K=l4>3qV7`^O\"{Z]", cchWideChar=71, lpMultiByteStr=0x252c708, cbMultiByte=71, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[ySP6mHGDwaezWI!\\e2!+.kXi,ncO\"K=l4>3qV7`^O\"{Z]", lpUsedDefaultChar=0x0) returned 71 [0279.691] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0279.691] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8=") returned 172 [0279.691] GetCurrentThreadId () returned 0x1130 [0279.691] GetCurrentThreadId () returned 0x1130 [0279.691] GetCurrentThreadId () returned 0x1130 [0279.691] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.691] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.691] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.691] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.691] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.691] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.691] SetLastError (dwErrCode=0x0) [0279.691] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320") returned 0xb1 [0279.691] GetLastError () returned 0x0 [0279.691] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.691] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.691] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.691] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.691] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies")) returned 0x2016 [0279.692] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].wannacash ncov v310320")) returned 0x2020 [0279.692] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [968].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.692] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0279.692] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.692] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0279.692] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.692] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0279.692] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.692] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.693] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.693] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3") returned 197 [0279.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3") returned 197 [0279.693] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0279.693] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.693] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.693] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hfhUNWbQqF/ELksujldEJ2nd1w1UGaL93K1S9XzWv2wkAP3JmU6bTiWom38/DEX3gP6A4etgCG3rIfNA53J/o+CpxuRki6B9IiN5VaVjcfolgFH2aw2ez1vJji8eEh8+Zow7oVcqwGNwgj6l5nwTSSkoxAbmEfxcPV1zUCgFVn8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.693] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0279.693] CloseHandle (hObject=0x404) returned 1 [0279.693] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=8) returned 1 [0279.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=4) returned 1 [0279.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=8) returned 1 [0279.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=4) returned 1 [0279.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=8) returned 1 [0279.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=4) returned 1 [0279.694] SetLastError (dwErrCode=0x0) [0279.694] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x73 [0279.694] GetLastError () returned 0x0 [0279.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=8) returned 1 [0279.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=4) returned 1 [0279.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=8) returned 1 [0279.694] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat", cchCount2=4) returned 1 [0279.694] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies")) returned 0x2016 [0279.694] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\container.dat")) returned 0 [0279.694] GetLastError () returned 0x2 [0279.694] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\container.dat")) returned 0xffffffff [0279.694] SetLastError (dwErrCode=0x2) [0279.694] GetLastError () returned 0x2 [0279.694] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0279.695] LocalFree (hMem=0x92fe20) returned 0x0 [0279.695] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0279.695] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0279.695] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\CortanaAssist\\AllowList.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cortanaassist\\allowlist.dat")) returned 0x2022 [0279.695] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37460161448) returned 1 [0279.696] GetCurrentThreadId () returned 0x1130 [0279.696] GetCurrentThreadId () returned 0x1130 [0279.696] GetCurrentThreadId () returned 0x1130 [0279.696] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="e9GMs)l+8c&~GT9eX1Ax:,|)(}i=.tK!176A", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0279.840] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bx,cA?+VI2Ux/~`L\"WGL>T9eX1Ax:,|)(}i=.tK!176A", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0279.840] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Bx,cA?+VI2Ux/~`L\"WGL>T9eX1Ax:,|)(}i=.tK!176A", cchWideChar=48, lpMultiByteStr=0x25337d8, cbMultiByte=48, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bx,cA?+VI2Ux/~`L\"WGL>T9eX1Ax:,|)(}i=.tK!176A", lpUsedDefaultChar=0x0) returned 48 [0279.840] GetCurrentThreadId () returned 0x1130 [0279.840] GetCurrentThreadId () returned 0x1130 [0279.840] GetCurrentThreadId () returned 0x1130 [0279.840] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\iecompatuacache\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.840] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\iecompatuacache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] GetCurrentThreadId () returned 0x1130 [0279.843] malloc (_Size=0x64) returned 0x1d1338 [0279.844] GetCurrentThreadId () returned 0x1130 [0279.844] GetCurrentThreadId () returned 0x1130 [0279.844] GetCurrentThreadId () returned 0x1130 [0279.844] GetCurrentThreadId () returned 0x1130 [0279.844] GetCurrentThreadId () returned 0x1130 [0279.844] GetCurrentThreadId () returned 0x1130 [0279.844] free (_Block=0x1d1338) [0279.844] malloc (_Size=0x60) returned 0x1d1338 [0279.844] free (_Block=0x1d1338) [0279.844] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.844] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.844] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.844] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.844] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.844] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.844] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0279.844] malloc (_Size=0x8c) returned 0x1d1338 [0279.844] malloc (_Size=0xfc) returned 0x31d7e10 [0279.844] malloc (_Size=0x40) returned 0x1d14e8 [0279.844] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] malloc (_Size=0xa5c) returned 0x31e40b0 [0279.845] malloc (_Size=0x40) returned 0x1d7470 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] malloc (_Size=0xc) returned 0x31e1dc0 [0279.845] malloc (_Size=0x40) returned 0x1d74b8 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.845] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] free (_Block=0x31e40b0) [0279.846] free (_Block=0x1d14e8) [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.846] GetCurrentThreadId () returned 0x1130 [0279.847] GetCurrentThreadId () returned 0x1130 [0279.847] free (_Block=0x1d74b8) [0279.847] free (_Block=0x31e1dc0) [0279.847] free (_Block=0x1d7470) [0279.847] WriteFile (in: hFile=0x2b4, lpBuffer=0x2533798*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2533798*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0279.848] free (_Block=0x31d7e10) [0279.848] free (_Block=0x1d1338) [0279.848] CloseHandle (hObject=0x2b4) returned 1 [0279.848] CloseHandle (hObject=0x404) returned 1 [0279.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0279.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0279.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0279.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0279.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0279.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0279.848] SetLastError (dwErrCode=0x0) [0279.848] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x7b [0279.848] GetLastError () returned 0x0 [0279.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0279.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0279.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0279.848] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0279.848] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\iecompatuacache")) returned 0x2016 [0279.849] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\iecompatuacache\\container.dat")) returned 1 [0279.849] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x37, wMilliseconds=0x328)) [0279.849] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0279.849] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.849] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0279.849] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.850] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0279.850] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.850] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0279.850] CloseHandle (hObject=0x404) returned 1 [0279.850] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[Bx,cA?+VI2Ux/~`L\"WGL>T9eX1Ax:,|)(}i=.tK!176A]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0279.850] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[Bx,cA?+VI2Ux/~`L\"WGL>T9eX1Ax:,|)(}i=.tK!176A]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0279.850] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[Bx,cA?+VI2Ux/~`L\"WGL>T9eX1Ax:,|)(}i=.tK!176A]", cchWideChar=75, lpMultiByteStr=0x252c708, cbMultiByte=75, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[Bx,cA?+VI2Ux/~`L\"WGL>T9eX1Ax:,|)(}i=.tK!176A]]±ÇR\x02\x01", lpUsedDefaultChar=0x0) returned 75 [0279.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0279.857] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw=") returned 172 [0279.857] GetCurrentThreadId () returned 0x1130 [0279.857] GetCurrentThreadId () returned 0x1130 [0279.857] GetCurrentThreadId () returned 0x1130 [0279.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.857] SetLastError (dwErrCode=0x0) [0279.857] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320") returned 0xb9 [0279.857] GetLastError () returned 0x0 [0279.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.857] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.857] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\iecompatuacache")) returned 0x2016 [0279.858] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\iecompatuacache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].wannacash ncov v310320")) returned 0x2020 [0279.858] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\iecompatuacache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [972].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.858] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0279.858] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.858] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0279.858] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.858] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0279.858] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.858] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.858] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.858] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.859] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.859] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.859] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3") returned 197 [0279.859] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.859] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3") returned 197 [0279.859] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0279.859] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.859] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.859] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:wecG5b3nDFqgETgcU2AQ3Vl0DvXNWLg2yDFf5GulWlwlriLlBCxxs0ahtcJKVkcx0tD2PzhA2psyHak3fh0jVLSwvmpC+j9DXAtpr8LPZcyi9+0uwy3rEIZUOXV1hE7SQADzn9+SRVFMBPBIvpbq6Edu3T5H+fNvIWmSc/TVYTw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.859] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0279.859] CloseHandle (hObject=0x404) returned 1 [0279.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0279.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0279.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0279.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0279.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0279.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0279.860] SetLastError (dwErrCode=0x0) [0279.860] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x7b [0279.860] GetLastError () returned 0x0 [0279.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0279.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0279.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=8) returned 1 [0279.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat", cchCount2=4) returned 1 [0279.860] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\iecompatuacache")) returned 0x2016 [0279.860] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\iecompatuacache\\container.dat")) returned 0 [0279.860] GetLastError () returned 0x2 [0279.860] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IECompatUaCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\iecompatuacache\\container.dat")) returned 0xffffffff [0279.860] SetLastError (dwErrCode=0x2) [0279.860] GetLastError () returned 0x2 [0279.860] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0279.860] LocalFree (hMem=0x92fe20) returned 0x0 [0279.860] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0279.861] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0279.861] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\ieflipaheadcache\\container.dat")) returned 0x2026 [0279.870] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37477613184) returned 1 [0279.870] GetCurrentThreadId () returned 0x1130 [0279.870] GetCurrentThreadId () returned 0x1130 [0279.870] GetCurrentThreadId () returned 0x1130 [0279.870] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DkKC№ki+NE/KS>;№;Bc/R%c=x?^7:xP7BPvO4~j7Zz", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0279.870] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DkKC№ki+NE/KS>;№;Bc/R%c=x?^7:xP7BPvO4~j7Zz", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0279.870] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="DkKC№ki+NE/KS>;№;Bc/R%c=x?^7:xP7BPvO4~j7Zz", cchWideChar=42, lpMultiByteStr=0x25337d8, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DkKCâ\x84\x96ki+NE/KS>;â\x84\x96;Bc/R%c=x?^7:xP7BPvO4~j7Zz", lpUsedDefaultChar=0x0) returned 46 [0279.870] GetCurrentThreadId () returned 0x1130 [0279.870] GetCurrentThreadId () returned 0x1130 [0279.870] GetCurrentThreadId () returned 0x1130 [0279.870] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\ieflipaheadcache\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.871] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\ieflipaheadcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0279.873] GetCurrentThreadId () returned 0x1130 [0279.873] GetCurrentThreadId () returned 0x1130 [0279.873] GetCurrentThreadId () returned 0x1130 [0279.873] GetCurrentThreadId () returned 0x1130 [0279.873] GetCurrentThreadId () returned 0x1130 [0279.873] GetCurrentThreadId () returned 0x1130 [0279.873] GetCurrentThreadId () returned 0x1130 [0279.873] GetCurrentThreadId () returned 0x1130 [0279.873] GetCurrentThreadId () returned 0x1130 [0279.873] GetCurrentThreadId () returned 0x1130 [0279.874] GetCurrentThreadId () returned 0x1130 [0279.874] GetCurrentThreadId () returned 0x1130 [0279.874] GetCurrentThreadId () returned 0x1130 [0279.874] malloc (_Size=0x64) returned 0x1d1338 [0279.874] GetCurrentThreadId () returned 0x1130 [0279.874] GetCurrentThreadId () returned 0x1130 [0279.874] GetCurrentThreadId () returned 0x1130 [0279.874] GetCurrentThreadId () returned 0x1130 [0279.874] GetCurrentThreadId () returned 0x1130 [0279.874] GetCurrentThreadId () returned 0x1130 [0279.874] free (_Block=0x1d1338) [0279.874] malloc (_Size=0x60) returned 0x1d1338 [0279.874] free (_Block=0x1d1338) [0279.874] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.874] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.874] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.875] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.875] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.875] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0279.875] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0279.875] malloc (_Size=0x8c) returned 0x1d1338 [0279.875] malloc (_Size=0xfc) returned 0x31d7af8 [0279.875] malloc (_Size=0x40) returned 0x1d14e8 [0279.875] GetCurrentThreadId () returned 0x1130 [0279.875] GetCurrentThreadId () returned 0x1130 [0279.875] GetCurrentThreadId () returned 0x1130 [0279.875] GetCurrentThreadId () returned 0x1130 [0279.875] GetCurrentThreadId () returned 0x1130 [0279.875] GetCurrentThreadId () returned 0x1130 [0279.875] GetCurrentThreadId () returned 0x1130 [0279.875] GetCurrentThreadId () returned 0x1130 [0279.875] GetCurrentThreadId () returned 0x1130 [0279.875] GetCurrentThreadId () returned 0x1130 [0279.875] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] malloc (_Size=0xa5c) returned 0x31e40b0 [0279.876] malloc (_Size=0x40) returned 0x1d7470 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] malloc (_Size=0xc) returned 0x31e1ef8 [0279.876] malloc (_Size=0x40) returned 0x1d74b8 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.876] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] free (_Block=0x31e40b0) [0279.877] free (_Block=0x1d14e8) [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.877] GetCurrentThreadId () returned 0x1130 [0279.878] GetCurrentThreadId () returned 0x1130 [0279.878] GetCurrentThreadId () returned 0x1130 [0279.878] GetCurrentThreadId () returned 0x1130 [0279.878] free (_Block=0x1d74b8) [0279.878] free (_Block=0x31e1ef8) [0279.878] free (_Block=0x1d7470) [0279.878] WriteFile (in: hFile=0x2b4, lpBuffer=0x2533798*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2533798*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0279.879] free (_Block=0x31d7af8) [0279.879] free (_Block=0x1d1338) [0279.879] CloseHandle (hObject=0x2b4) returned 1 [0279.879] CloseHandle (hObject=0x404) returned 1 [0279.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0279.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0279.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0279.879] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0279.880] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0279.880] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0279.880] SetLastError (dwErrCode=0x0) [0279.880] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x7c [0279.880] GetLastError () returned 0x0 [0279.880] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0279.880] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0279.880] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0279.880] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0279.880] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\ieflipaheadcache")) returned 0x2016 [0279.880] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\ieflipaheadcache\\container.dat")) returned 1 [0279.881] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x37, wMilliseconds=0x347)) [0279.881] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0279.881] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.881] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0279.881] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.881] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0279.881] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0279.881] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0279.882] CloseHandle (hObject=0x404) returned 1 [0279.882] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[DkKC№ki+NE/KS>;№;Bc/R%c=x?^7:xP7BPvO4~j7Zz]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0279.882] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[DkKC№ki+NE/KS>;№;Bc/R%c=x?^7:xP7BPvO4~j7Zz]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0279.882] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[DkKC№ki+NE/KS>;№;Bc/R%c=x?^7:xP7BPvO4~j7Zz]", cchWideChar=69, lpMultiByteStr=0x252c708, cbMultiByte=69, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[DkKC?ki+NE/KS>;?;Bc/R%c=x?^7:xP7BPvO4~j7Zz]!176A]]±ÇR\x02\x01", lpUsedDefaultChar=0x0) returned 69 [0279.890] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0279.890] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw=") returned 172 [0279.890] GetCurrentThreadId () returned 0x1130 [0279.890] GetCurrentThreadId () returned 0x1130 [0279.890] GetCurrentThreadId () returned 0x1130 [0279.890] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.890] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.890] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.891] SetLastError (dwErrCode=0x0) [0279.891] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320") returned 0xba [0279.891] GetLastError () returned 0x0 [0279.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0279.891] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0279.891] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\ieflipaheadcache")) returned 0x2016 [0279.891] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\ieflipaheadcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].wannacash ncov v310320")) returned 0x2020 [0279.891] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\ieflipaheadcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [973].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0279.892] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0279.892] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.892] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0279.892] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0279.892] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0279.892] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.892] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.892] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.892] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.892] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.892] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.892] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.892] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3") returned 197 [0279.892] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0279.892] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3") returned 197 [0279.892] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0279.892] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.893] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0279.893] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:PPVg3A0jLIc9OU/OkKFGweOYjzjcCdSRQfzI3BTMmmle/7vQVkr6KEWVpeLq8JEG21ipZdmY/y/HaDZxN83kRG4816WgO4hX7D+PnLKyyTmV6+rTwtywppGYVWgasrJvmiEplly1Jxb4YvRDOKawFvTtxGbSMFtW1Z/Yexntjlw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0279.893] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0279.893] CloseHandle (hObject=0x404) returned 1 [0279.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0279.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0279.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0279.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0279.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0279.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0279.893] SetLastError (dwErrCode=0x0) [0279.893] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x7c [0279.893] GetLastError () returned 0x0 [0279.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0279.894] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0279.894] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=8) returned 1 [0279.894] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat", cchCount2=4) returned 1 [0279.894] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\ieflipaheadcache")) returned 0x2016 [0279.894] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\ieflipaheadcache\\container.dat")) returned 0 [0279.894] GetLastError () returned 0x2 [0279.894] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\IEFlipAheadCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\ieflipaheadcache\\container.dat")) returned 0xffffffff [0279.894] SetLastError (dwErrCode=0x2) [0279.894] GetLastError () returned 0x2 [0279.894] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0279.894] LocalFree (hMem=0x92fe20) returned 0x0 [0279.894] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0279.895] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0279.895] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default\\DNTException\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\user\\default\\dntexception\\container.dat")) returned 0x2026 [0279.896] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37480213637) returned 1 [0279.896] GetCurrentThreadId () returned 0x1130 [0279.896] GetCurrentThreadId () returned 0x1130 [0279.896] GetCurrentThreadId () returned 0x1130 [0279.896] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="b>Y9uERgZ)|`8^w7,X№2fkf|\"Yr:xNpTe.{FhaiLPZ", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0281.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hseL)K1\"~Kj>f|\"Yr:xNpTe.{FhaiLPZ", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0281.545] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hseL)K1\"~Kj>f|\"Yr:xNpTe.{FhaiLPZ", cchWideChar=32, lpMultiByteStr=0x250f7e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hseL)K1\"~Kj>f|\"Yr:xNpTe.{FhaiLPZ", lpUsedDefaultChar=0x0) returned 32 [0281.545] GetCurrentThreadId () returned 0x1130 [0281.545] GetCurrentThreadId () returned 0x1130 [0281.545] GetCurrentThreadId () returned 0x1130 [0281.545] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.services.store.engagement_8wekyb3d8bbwe\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0281.545] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.services.store.engagement_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] malloc (_Size=0x64) returned 0x1d1338 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.546] GetCurrentThreadId () returned 0x1130 [0281.547] GetCurrentThreadId () returned 0x1130 [0281.547] GetCurrentThreadId () returned 0x1130 [0281.547] GetCurrentThreadId () returned 0x1130 [0281.547] free (_Block=0x1d1338) [0281.547] malloc (_Size=0x60) returned 0x1d1338 [0281.547] free (_Block=0x1d1338) [0281.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0281.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0281.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0281.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0281.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0281.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0281.547] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0281.558] malloc (_Size=0x8c) returned 0x1d1338 [0281.558] malloc (_Size=0xfc) returned 0x31d79f0 [0281.558] malloc (_Size=0x40) returned 0x1d14e8 [0281.558] GetCurrentThreadId () returned 0x1130 [0281.558] GetCurrentThreadId () returned 0x1130 [0281.558] GetCurrentThreadId () returned 0x1130 [0281.558] GetCurrentThreadId () returned 0x1130 [0281.558] GetCurrentThreadId () returned 0x1130 [0281.558] GetCurrentThreadId () returned 0x1130 [0281.558] GetCurrentThreadId () returned 0x1130 [0281.558] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] malloc (_Size=0xa5c) returned 0x31e40b0 [0281.559] malloc (_Size=0x40) returned 0x1d7470 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] GetCurrentThreadId () returned 0x1130 [0281.559] malloc (_Size=0xc) returned 0x31e1d18 [0281.559] malloc (_Size=0x720) returned 0x31d2860 [0281.559] malloc (_Size=0xe3c) returned 0x1d9aa8 [0281.560] free (_Block=0x31d2860) [0281.560] malloc (_Size=0x15ac) returned 0x1da8f0 [0281.560] free (_Block=0x1d9aa8) [0281.560] malloc (_Size=0x23e4) returned 0x1dbea8 [0281.560] free (_Block=0x1da8f0) [0281.560] malloc (_Size=0x3274) returned 0x3a60048 [0281.561] free (_Block=0x1dbea8) [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] GetCurrentThreadId () returned 0x1130 [0281.561] free (_Block=0x31e40b0) [0281.561] free (_Block=0x1d14e8) [0281.561] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] GetCurrentThreadId () returned 0x1130 [0281.562] free (_Block=0x3a60048) [0281.562] free (_Block=0x31e1d18) [0281.562] free (_Block=0x1d7470) [0281.562] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0281.564] free (_Block=0x31d79f0) [0281.564] free (_Block=0x1d1338) [0281.564] CloseHandle (hObject=0x2b4) returned 1 [0281.564] CloseHandle (hObject=0x404) returned 1 [0281.564] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0281.564] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0281.564] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0281.564] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0281.564] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0281.564] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0281.564] SetLastError (dwErrCode=0x0) [0281.564] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x6e [0281.565] GetLastError () returned 0x0 [0281.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0281.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0281.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0281.565] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0281.565] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.services.store.engagement_8wekyb3d8bbwe\\settings")) returned 0x10 [0281.565] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.services.store.engagement_8wekyb3d8bbwe\\settings\\settings.dat")) returned 1 [0281.567] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x39, wMilliseconds=0x20b)) [0281.567] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0281.567] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0281.567] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0281.567] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0281.567] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0281.567] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0281.567] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0281.567] CloseHandle (hObject=0x404) returned 1 [0281.567] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[hseL)K1\"~Kj>f|\"Yr:xNpTe.{FhaiLPZ]", cchWideChar=58, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 58 [0281.567] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[hseL)K1\"~Kj>f|\"Yr:xNpTe.{FhaiLPZ]", cchWideChar=58, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 58 [0281.567] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[hseL)K1\"~Kj>f|\"Yr:xNpTe.{FhaiLPZ]", cchWideChar=58, lpMultiByteStr=0x2516968, cbMultiByte=58, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[hseL)K1\"~Kj>f|\"Yr:xNpTe.{FhaiLPZ]", lpUsedDefaultChar=0x0) returned 58 [0281.623] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0281.623] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA=") returned 172 [0281.623] GetCurrentThreadId () returned 0x1130 [0281.623] GetCurrentThreadId () returned 0x1130 [0281.623] GetCurrentThreadId () returned 0x1130 [0281.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0281.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0281.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0281.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0281.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0281.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0281.624] SetLastError (dwErrCode=0x0) [0281.624] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320") returned 0xad [0281.624] GetLastError () returned 0x0 [0281.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0281.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0281.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0281.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0281.624] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.services.store.engagement_8wekyb3d8bbwe\\settings")) returned 0x10 [0281.624] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.services.store.engagement_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].wannacash ncov v310320")) returned 0x20 [0281.624] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.services.store.engagement_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [997].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0281.625] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0281.625] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0281.625] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0281.625] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0281.625] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0281.625] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.625] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.625] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0281.625] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.625] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.625] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0281.625] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0281.625] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3") returned 197 [0281.625] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0281.625] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3") returned 197 [0281.625] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0281.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:T3hsLLluB8dKUYODz8bgMuBPLUlbwrW17XfpvbBPLY+x79aYDnjhExjTVfISuj6YhWIlqpWVqwe/smWJccI/PDfmfETlARZo33X83gHS4KUQKuSRcmHik53aksMKv+SpWv2D0oH5HT5q5uFKyPsb1+NKFl0DpIPXdJTSV85sykA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0281.626] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0281.626] CloseHandle (hObject=0x404) returned 1 [0281.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0281.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0281.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0281.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0281.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0281.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0281.626] SetLastError (dwErrCode=0x0) [0281.626] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x6e [0281.626] GetLastError () returned 0x0 [0281.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0281.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0281.626] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0281.627] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0281.627] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.services.store.engagement_8wekyb3d8bbwe\\settings")) returned 0x10 [0281.627] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.services.store.engagement_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0 [0281.627] GetLastError () returned 0x2 [0281.627] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Services.Store.Engagement_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.services.store.engagement_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0xffffffff [0281.627] SetLastError (dwErrCode=0x2) [0281.627] GetLastError () returned 0x2 [0281.627] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0281.627] LocalFree (hMem=0x92fe20) returned 0x0 [0281.627] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0281.627] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0281.628] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\localstate\\logsettings.txt")) returned 0x20 [0281.630] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37653588026) returned 1 [0281.630] GetCurrentThreadId () returned 0x1130 [0281.630] GetCurrentThreadId () returned 0x1130 [0281.630] GetCurrentThreadId () returned 0x1130 [0281.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7\"P,O.j+{%G_vhSE$unR&%U.9wp(>", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0281.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7\"P,O.j+{%G_vhSE$unR&%U.9wp(>", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0281.630] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="7\"P,O.j+{%G_vhSE$unR&%U.9wp(>", cchWideChar=38, lpMultiByteStr=0x2524fd0, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="7\"P,O.j+{%G_vhSE$unR&%U.9wp(>", lpUsedDefaultChar=0x0) returned 38 [0281.630] GetCurrentThreadId () returned 0x1130 [0281.630] GetCurrentThreadId () returned 0x1130 [0281.630] GetCurrentThreadId () returned 0x1130 [0281.630] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\localstate\\logsettings.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0281.630] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\localstate\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.717] malloc (_Size=0x64) returned 0x1d1338 [0281.717] GetCurrentThreadId () returned 0x1130 [0281.718] GetCurrentThreadId () returned 0x1130 [0281.718] GetCurrentThreadId () returned 0x1130 [0281.718] GetCurrentThreadId () returned 0x1130 [0281.718] GetCurrentThreadId () returned 0x1130 [0281.718] GetCurrentThreadId () returned 0x1130 [0281.718] free (_Block=0x1d1338) [0281.718] malloc (_Size=0x60) returned 0x1d1338 [0281.718] free (_Block=0x1d1338) [0281.718] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0281.718] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x6 [0281.718] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0281.718] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0281.718] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x6 [0281.718] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0281.718] ReadFile (in: hFile=0x404, lpBuffer=0x24f3b78, nNumberOfBytesToRead=0x6, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24f3b78*, lpNumberOfBytesRead=0x19fbc8*=0x6, lpOverlapped=0x0) returned 1 [0281.720] malloc (_Size=0x8c) returned 0x1d1338 [0281.720] malloc (_Size=0xfc) returned 0x31d7c00 [0281.720] malloc (_Size=0x40) returned 0x1d14e8 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] malloc (_Size=0xa5c) returned 0x31e40b0 [0281.720] malloc (_Size=0x40) returned 0x1d7470 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.720] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] malloc (_Size=0xc) returned 0x31e1ca0 [0281.721] malloc (_Size=0x40) returned 0x1d74b8 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] GetCurrentThreadId () returned 0x1130 [0281.721] free (_Block=0x31e40b0) [0281.721] free (_Block=0x1d14e8) [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] GetCurrentThreadId () returned 0x1130 [0281.722] free (_Block=0x1d74b8) [0281.722] free (_Block=0x31e1ca0) [0281.722] free (_Block=0x1d7470) [0281.722] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0281.723] free (_Block=0x31d7c00) [0281.724] free (_Block=0x1d1338) [0281.724] CloseHandle (hObject=0x2b4) returned 1 [0281.724] CloseHandle (hObject=0x404) returned 1 [0281.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=8) returned 1 [0281.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=4) returned 1 [0281.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=8) returned 1 [0281.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=4) returned 1 [0281.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=8) returned 1 [0281.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=4) returned 1 [0281.724] SetLastError (dwErrCode=0x0) [0281.724] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", lpFilePart=0x19f9f8*="LogSettings.txt") returned 0x62 [0281.724] GetLastError () returned 0x0 [0281.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=8) returned 1 [0281.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=4) returned 1 [0281.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=8) returned 1 [0281.724] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=4) returned 1 [0281.730] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\localstate")) returned 0x10 [0281.730] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\localstate\\logsettings.txt")) returned 1 [0281.732] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x39, wMilliseconds=0x2b7)) [0281.732] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0281.732] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0281.732] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0281.732] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0281.732] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0281.732] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0281.732] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0281.732] CloseHandle (hObject=0x404) returned 1 [0281.732] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[LogSettings.txt]omgp:[7\"P,O.j+{%G_vhSE$unR&%U.9wp(>]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0281.732] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[LogSettings.txt]omgp:[7\"P,O.j+{%G_vhSE$unR&%U.9wp(>]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0281.732] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[LogSettings.txt]omgp:[7\"P,O.j+{%G_vhSE$unR&%U.9wp(>]", cchWideChar=67, lpMultiByteStr=0x2541d78, cbMultiByte=67, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[LogSettings.txt]omgp:[7\"P,O.j+{%G_vhSE$unR&%U.9wp(>]", lpUsedDefaultChar=0x0) returned 67 [0281.741] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0281.741] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc=") returned 172 [0281.741] GetCurrentThreadId () returned 0x1130 [0281.741] GetCurrentThreadId () returned 0x1130 [0281.741] GetCurrentThreadId () returned 0x1130 [0281.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0281.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0281.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0281.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0281.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0281.741] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0281.741] SetLastError (dwErrCode=0x0) [0281.742] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320") returned 0x9e [0281.742] GetLastError () returned 0x0 [0281.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0281.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0281.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0281.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0281.742] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\localstate")) returned 0x10 [0281.743] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\localstate\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].wannacash ncov v310320")) returned 0x20 [0281.743] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\localstate\\Файл зашифрован. Пиши. Почта clubnika@elude.in [998].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0281.743] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0281.743] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0281.743] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0281.743] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0281.743] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0281.743] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.743] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.743] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0281.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.744] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0281.744] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0281.744] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3") returned 197 [0281.744] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0281.744] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3") returned 197 [0281.744] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0281.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0281.744] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:tdytnlaBHJF2PFTCkjkoVoz2bsLkcEbTf4NSAGYuqtPfTOZWMfBEnTWpmFgCTly1IG/Yrz5/CWa1itqgYgzen/Ri7W9UvBC+vt4N7lbzH3Ob5lOi7Z2s9A8X+Dse3WclFy4Ydw0vUTTSsgQf0UI3HDvMrXnpISWxPtM7kRQOyAc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0281.745] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0281.745] CloseHandle (hObject=0x404) returned 1 [0281.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=8) returned 1 [0281.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=4) returned 1 [0281.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=8) returned 1 [0281.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=4) returned 1 [0281.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=8) returned 1 [0281.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=4) returned 1 [0281.745] SetLastError (dwErrCode=0x0) [0281.745] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", lpFilePart=0x19fa34*="LogSettings.txt") returned 0x62 [0281.745] GetLastError () returned 0x0 [0281.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=8) returned 1 [0281.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=4) returned 1 [0281.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=8) returned 1 [0281.745] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt", cchCount2=4) returned 1 [0281.745] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\localstate")) returned 0x10 [0281.746] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\localstate\\logsettings.txt")) returned 0 [0281.746] GetLastError () returned 0x2 [0281.746] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\LocalState\\LogSettings.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\localstate\\logsettings.txt")) returned 0xffffffff [0281.746] SetLastError (dwErrCode=0x2) [0281.746] GetLastError () returned 0x2 [0281.746] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0281.746] LocalFree (hMem=0x92fe20) returned 0x0 [0281.746] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0281.746] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0281.746] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\settings\\settings.dat")) returned 0x20 [0281.748] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37665382260) returned 1 [0281.748] GetCurrentThreadId () returned 0x1130 [0281.748] GetCurrentThreadId () returned 0x1130 [0281.748] GetCurrentThreadId () returned 0x1130 [0281.748] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Xh/+c?zf$y;s}p", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0281.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="W#!-7Tx№KL)EAPgPM\"Z\"tk!>p", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0281.970] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="W#!-7Tx№KL)EAPgPM\"Z\"tk!>p", cchWideChar=25, lpMultiByteStr=0x2508f10, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="W#!-7Txâ\x84\x96KL)EAPgPM\"Z\"tk!>p", lpUsedDefaultChar=0x0) returned 27 [0281.970] GetCurrentThreadId () returned 0x1130 [0281.970] GetCurrentThreadId () returned 0x1130 [0281.970] GetCurrentThreadId () returned 0x1130 [0281.970] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0281.970] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] malloc (_Size=0x64) returned 0x1d1338 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.013] GetCurrentThreadId () returned 0x1130 [0282.014] GetCurrentThreadId () returned 0x1130 [0282.014] GetCurrentThreadId () returned 0x1130 [0282.014] GetCurrentThreadId () returned 0x1130 [0282.014] GetCurrentThreadId () returned 0x1130 [0282.014] free (_Block=0x1d1338) [0282.014] malloc (_Size=0x60) returned 0x1d1338 [0282.014] free (_Block=0x1d1338) [0282.014] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.014] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0282.014] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.014] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.014] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0282.014] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.014] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0282.016] malloc (_Size=0x8c) returned 0x1d1338 [0282.016] malloc (_Size=0xfc) returned 0x31d71b0 [0282.017] malloc (_Size=0x40) returned 0x1d14e8 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.017] malloc (_Size=0x40) returned 0x1d7470 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.017] GetCurrentThreadId () returned 0x1130 [0282.018] malloc (_Size=0xc) returned 0x31e1ca0 [0282.018] malloc (_Size=0x720) returned 0x31d2860 [0282.018] malloc (_Size=0xe3c) returned 0x1d9aa8 [0282.018] free (_Block=0x31d2860) [0282.018] malloc (_Size=0x15ac) returned 0x1da8f0 [0282.018] free (_Block=0x1d9aa8) [0282.018] malloc (_Size=0x23e4) returned 0x1dbea8 [0282.018] free (_Block=0x1da8f0) [0282.019] malloc (_Size=0x3274) returned 0x3a60048 [0282.019] free (_Block=0x1dbea8) [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.019] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] free (_Block=0x31e40b0) [0282.020] free (_Block=0x1d14e8) [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] GetCurrentThreadId () returned 0x1130 [0282.020] free (_Block=0x3a60048) [0282.021] free (_Block=0x31e1ca0) [0282.021] free (_Block=0x1d7470) [0282.021] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0282.023] free (_Block=0x31d71b0) [0282.023] free (_Block=0x1d1338) [0282.023] CloseHandle (hObject=0x2b4) returned 1 [0282.024] CloseHandle (hObject=0x404) returned 1 [0282.024] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.024] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.024] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.024] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.024] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.024] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.024] SetLastError (dwErrCode=0x0) [0282.024] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x72 [0282.024] GetLastError () returned 0x0 [0282.024] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.024] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.024] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.024] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.024] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings")) returned 0x10 [0282.024] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings\\settings.dat")) returned 1 [0282.026] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x39, wMilliseconds=0x3e1)) [0282.026] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.026] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.026] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.026] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.027] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.027] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.027] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.028] CloseHandle (hObject=0x404) returned 1 [0282.028] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[W#!-7Tx№KL)EAPgPM\"Z\"tk!>p]", cchWideChar=51, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0282.028] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[W#!-7Tx№KL)EAPgPM\"Z\"tk!>p]", cchWideChar=51, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0282.028] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[W#!-7Tx№KL)EAPgPM\"Z\"tk!>p]", cchWideChar=51, lpMultiByteStr=0x25337d8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[W#!-7Tx?KL)EAPgPM\"Z\"tk!>p]", lpUsedDefaultChar=0x0) returned 51 [0282.037] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.037] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY=") returned 172 [0282.037] GetCurrentThreadId () returned 0x1130 [0282.037] GetCurrentThreadId () returned 0x1130 [0282.037] GetCurrentThreadId () returned 0x1130 [0282.037] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.037] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.037] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.037] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.037] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.037] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.037] SetLastError (dwErrCode=0x0) [0282.038] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320") returned 0xb2 [0282.038] GetLastError () returned 0x0 [0282.038] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.038] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.038] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.038] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.038] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings")) returned 0x10 [0282.038] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].wannacash ncov v310320")) returned 0x20 [0282.038] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1004].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.038] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.038] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.038] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0282.039] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.039] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.039] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.039] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.039] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.039] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.039] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.039] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3") returned 197 [0282.039] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.039] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3") returned 197 [0282.039] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0282.039] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.039] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.039] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ab15X/uFmbxtAkT2Wm0cgVzYnsm0MKrpORxgY5wU+ALYsDKADvQApKdTm5N01ljV+y1F6i2RgFyJIj9Sap5nWuOwGHDiXioMEakH3kPGRmlj3N7dJ9KK7ETyBV6ZBORSvDxTt4pe/376Y4Iuuq4rQhEyKpeL+wT6GpDjZD3DeRY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.039] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.040] CloseHandle (hObject=0x404) returned 1 [0282.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.040] SetLastError (dwErrCode=0x0) [0282.040] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x72 [0282.040] GetLastError () returned 0x0 [0282.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.040] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings")) returned 0x10 [0282.040] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings\\settings.dat")) returned 0 [0282.040] GetLastError () returned 0x2 [0282.041] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings\\settings.dat")) returned 0xffffffff [0282.041] SetLastError (dwErrCode=0x2) [0282.041] GetLastError () returned 0x2 [0282.041] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.041] LocalFree (hMem=0x92fe20) returned 0x0 [0282.041] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.041] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.041] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings\\settings.dat")) returned 0x20 [0282.042] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37694864506) returned 1 [0282.043] GetCurrentThreadId () returned 0x1130 [0282.043] GetCurrentThreadId () returned 0x1130 [0282.043] GetCurrentThreadId () returned 0x1130 [0282.043] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="d=d,_fw7cKG@)x)C№>Ov)$|.aa&>M%uf^hR/", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0282.043] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="d=d,_fw7cKG@)x)C№>Ov)$|.aa&>M%uf^hR/", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0282.043] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="d=d,_fw7cKG@)x)C№>Ov)$|.aa&>M%uf^hR/", cchWideChar=36, lpMultiByteStr=0x2524fd0, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="d=d,_fw7cKG@)x)Câ\x84\x96>Ov)$|.aa&>M%uf^hR/", lpUsedDefaultChar=0x0) returned 38 [0282.043] GetCurrentThreadId () returned 0x1130 [0282.043] GetCurrentThreadId () returned 0x1130 [0282.043] GetCurrentThreadId () returned 0x1130 [0282.043] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.043] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] GetCurrentThreadId () returned 0x1130 [0282.044] malloc (_Size=0x64) returned 0x1d1338 [0282.045] GetCurrentThreadId () returned 0x1130 [0282.045] GetCurrentThreadId () returned 0x1130 [0282.045] GetCurrentThreadId () returned 0x1130 [0282.045] GetCurrentThreadId () returned 0x1130 [0282.045] GetCurrentThreadId () returned 0x1130 [0282.045] GetCurrentThreadId () returned 0x1130 [0282.045] free (_Block=0x1d1338) [0282.045] malloc (_Size=0x60) returned 0x1d1338 [0282.045] free (_Block=0x1d1338) [0282.045] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.045] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0282.045] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.045] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.045] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0282.045] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.045] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0282.049] malloc (_Size=0x8c) returned 0x1d1338 [0282.049] malloc (_Size=0xfc) returned 0x31d78e8 [0282.049] malloc (_Size=0x40) returned 0x1d14e8 [0282.049] GetCurrentThreadId () returned 0x1130 [0282.049] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.050] malloc (_Size=0x40) returned 0x1d7470 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] GetCurrentThreadId () returned 0x1130 [0282.050] malloc (_Size=0xc) returned 0x31e1ca0 [0282.050] malloc (_Size=0x720) returned 0x31d2860 [0282.051] malloc (_Size=0xe3c) returned 0x1d9aa8 [0282.051] free (_Block=0x31d2860) [0282.051] malloc (_Size=0x15ac) returned 0x1da8f0 [0282.051] free (_Block=0x1d9aa8) [0282.051] malloc (_Size=0x23e4) returned 0x1dbea8 [0282.051] free (_Block=0x1da8f0) [0282.051] malloc (_Size=0x3274) returned 0x3a60048 [0282.052] free (_Block=0x1dbea8) [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] GetCurrentThreadId () returned 0x1130 [0282.052] free (_Block=0x31e40b0) [0282.052] free (_Block=0x1d14e8) [0282.052] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.053] GetCurrentThreadId () returned 0x1130 [0282.054] free (_Block=0x3a60048) [0282.054] free (_Block=0x31e1ca0) [0282.054] free (_Block=0x1d7470) [0282.054] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0282.055] free (_Block=0x31d78e8) [0282.055] free (_Block=0x1d1338) [0282.055] CloseHandle (hObject=0x2b4) returned 1 [0282.055] CloseHandle (hObject=0x404) returned 1 [0282.055] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.055] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.055] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.056] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.056] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.056] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.056] SetLastError (dwErrCode=0x0) [0282.056] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x70 [0282.056] GetLastError () returned 0x0 [0282.056] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.056] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.056] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.056] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.056] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings")) returned 0x10 [0282.056] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings\\settings.dat")) returned 1 [0282.058] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x17)) [0282.058] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.058] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.058] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.058] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.058] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.058] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.058] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.059] CloseHandle (hObject=0x404) returned 1 [0282.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[d=d,_fw7cKG@)x)C№>Ov)$|.aa&>M%uf^hR/]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0282.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[d=d,_fw7cKG@)x)C№>Ov)$|.aa&>M%uf^hR/]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0282.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[d=d,_fw7cKG@)x)C№>Ov)$|.aa&>M%uf^hR/]", cchWideChar=62, lpMultiByteStr=0x2541d78, cbMultiByte=62, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[d=d,_fw7cKG@)x)C?>Ov)$|.aa&>M%uf^hR/]e]9", lpUsedDefaultChar=0x0) returned 62 [0282.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.069] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ=") returned 172 [0282.070] GetCurrentThreadId () returned 0x1130 [0282.070] GetCurrentThreadId () returned 0x1130 [0282.070] GetCurrentThreadId () returned 0x1130 [0282.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.070] SetLastError (dwErrCode=0x0) [0282.070] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320") returned 0xb0 [0282.070] GetLastError () returned 0x0 [0282.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.070] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.070] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings")) returned 0x10 [0282.070] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].wannacash ncov v310320")) returned 0x20 [0282.071] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1005].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0282.071] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.071] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.071] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.071] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.071] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.071] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.071] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.071] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.071] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.071] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3") returned 197 [0282.071] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.072] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3") returned 197 [0282.072] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0282.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.072] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ybYWGL0qAgZpdzv5iKmh+c3CB0mKUXeMYwvVGYxraaCkWHE0j7HZ156KjDkmgi7dKOMQJ91Wo/5BtZPN0iNkBu4awEXlngPA1ARgAum+MPanHa6Pe2/8uthryQHUkmYH1CrqMY3Ve/ETsQ3oMrmQSQ62AA+bGaH1B6KC0XQYvHQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.072] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.072] CloseHandle (hObject=0x404) returned 1 [0282.072] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.072] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.072] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.072] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.072] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.072] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.072] SetLastError (dwErrCode=0x0) [0282.072] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x70 [0282.072] GetLastError () returned 0x0 [0282.073] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.073] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.073] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0282.073] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0282.073] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings")) returned 0x10 [0282.073] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings\\settings.dat")) returned 0 [0282.073] GetLastError () returned 0x2 [0282.073] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings\\settings.dat")) returned 0xffffffff [0282.073] SetLastError (dwErrCode=0x2) [0282.073] GetLastError () returned 0x2 [0282.073] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.073] LocalFree (hMem=0x92fe20) returned 0x0 [0282.073] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.073] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.074] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcache\\container.dat")) returned 0x2026 [0282.075] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37698113462) returned 1 [0282.075] GetCurrentThreadId () returned 0x1130 [0282.075] GetCurrentThreadId () returned 0x1130 [0282.075] GetCurrentThreadId () returned 0x1130 [0282.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PHw;,J=V!9syG_fIl|6№Xu{jYULs}s", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0282.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PHw;,J=V!9syG_fIl|6№Xu{jYULs}s", cchWideChar=30, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0282.075] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="PHw;,J=V!9syG_fIl|6№Xu{jYULs}s", cchWideChar=30, lpMultiByteStr=0x250f7b8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PHw;,J=V!9syG_fIl|6â\x84\x96Xu{jYULs}s", lpUsedDefaultChar=0x0) returned 32 [0282.075] GetCurrentThreadId () returned 0x1130 [0282.075] GetCurrentThreadId () returned 0x1130 [0282.075] GetCurrentThreadId () returned 0x1130 [0282.075] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcache\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.076] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] GetCurrentThreadId () returned 0x1130 [0282.077] malloc (_Size=0x64) returned 0x1d1338 [0282.078] GetCurrentThreadId () returned 0x1130 [0282.078] GetCurrentThreadId () returned 0x1130 [0282.078] GetCurrentThreadId () returned 0x1130 [0282.078] GetCurrentThreadId () returned 0x1130 [0282.078] GetCurrentThreadId () returned 0x1130 [0282.078] GetCurrentThreadId () returned 0x1130 [0282.078] free (_Block=0x1d1338) [0282.078] malloc (_Size=0x60) returned 0x1d1338 [0282.078] free (_Block=0x1d1338) [0282.078] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.078] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.078] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.078] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.078] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.078] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.079] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.079] malloc (_Size=0x8c) returned 0x1d1338 [0282.079] malloc (_Size=0xfc) returned 0x31d7f18 [0282.079] malloc (_Size=0x40) returned 0x1d14e8 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.079] malloc (_Size=0x40) returned 0x1d7470 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.079] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] malloc (_Size=0xc) returned 0x31e1df0 [0282.080] malloc (_Size=0x40) returned 0x1d74b8 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.080] GetCurrentThreadId () returned 0x1130 [0282.081] free (_Block=0x31e40b0) [0282.081] free (_Block=0x1d14e8) [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] GetCurrentThreadId () returned 0x1130 [0282.081] free (_Block=0x1d74b8) [0282.081] free (_Block=0x31e1df0) [0282.081] free (_Block=0x1d7470) [0282.081] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.083] free (_Block=0x31d7f18) [0282.083] free (_Block=0x1d1338) [0282.083] CloseHandle (hObject=0x2b4) returned 1 [0282.083] CloseHandle (hObject=0x404) returned 1 [0282.083] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0282.083] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0282.083] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0282.083] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0282.083] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0282.083] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0282.083] SetLastError (dwErrCode=0x0) [0282.083] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x78 [0282.083] GetLastError () returned 0x0 [0282.083] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0282.083] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0282.083] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0282.083] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0282.083] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcache")) returned 0x2016 [0282.090] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcache\\container.dat")) returned 1 [0282.091] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x37)) [0282.091] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.092] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.092] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.092] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.092] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.092] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.092] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.092] CloseHandle (hObject=0x404) returned 1 [0282.092] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[PHw;,J=V!9syG_fIl|6№Xu{jYULs}s]", cchWideChar=57, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 57 [0282.092] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[PHw;,J=V!9syG_fIl|6№Xu{jYULs}s]", cchWideChar=57, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 57 [0282.092] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[PHw;,J=V!9syG_fIl|6№Xu{jYULs}s]", cchWideChar=57, lpMultiByteStr=0x2516968, cbMultiByte=57, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[PHw;,J=V!9syG_fIl|6?Xu{jYULs}s]", lpUsedDefaultChar=0x0) returned 57 [0282.102] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.102] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ=") returned 172 [0282.102] GetCurrentThreadId () returned 0x1130 [0282.103] GetCurrentThreadId () returned 0x1130 [0282.103] GetCurrentThreadId () returned 0x1130 [0282.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.103] SetLastError (dwErrCode=0x0) [0282.103] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320") returned 0xb7 [0282.103] GetLastError () returned 0x0 [0282.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.103] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.103] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcache")) returned 0x2016 [0282.104] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].wannacash ncov v310320")) returned 0x2020 [0282.104] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1006].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.104] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.104] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.104] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.104] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.104] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.104] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.104] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.104] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.104] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.104] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.105] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.105] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3") returned 197 [0282.105] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.105] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3") returned 197 [0282.105] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.105] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.105] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.105] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:aMdbEllSZFfdw1UMF8j78IGGW6U05Crsykxpb+p2C3Qsq+cB0mytH1WysXYULuyaMK0qn0GO1A2qrd9DlJNlYWCdKpQv5E/taA+4snymeknoUZ8pt8BAXcvZphZv3g0cOrj/FaPQGPwwdIrPKgsRoo2gIt1FRAUW+u6RKEZ/ISQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.105] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.105] CloseHandle (hObject=0x404) returned 1 [0282.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0282.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0282.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0282.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0282.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0282.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0282.106] SetLastError (dwErrCode=0x0) [0282.106] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x78 [0282.106] GetLastError () returned 0x0 [0282.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0282.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0282.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0282.106] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0282.106] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcache")) returned 0x2016 [0282.106] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcache\\container.dat")) returned 0 [0282.106] GetLastError () returned 0x2 [0282.106] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcache\\container.dat")) returned 0xffffffff [0282.106] SetLastError (dwErrCode=0x2) [0282.106] GetLastError () returned 0x2 [0282.106] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.106] LocalFree (hMem=0x92fe20) returned 0x0 [0282.106] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.107] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.107] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcookies\\container.dat")) returned 0x2026 [0282.107] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37701364542) returned 1 [0282.108] GetCurrentThreadId () returned 0x1130 [0282.108] GetCurrentThreadId () returned 0x1130 [0282.108] GetCurrentThreadId () returned 0x1130 [0282.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5№^kyZCl&{3SNM4&8yP*7c$\"8pYXaCrq:cj№", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0282.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5№^kyZCl&{3SNM4&8yP*7c$\"8pYXaCrq:cj№", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0282.108] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="5№^kyZCl&{3SNM4&8yP*7c$\"8pYXaCrq:cj№", cchWideChar=36, lpMultiByteStr=0x2524fd0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5â\x84\x96^kyZCl&{3SNM4&8yP*7c$\"8pYXaCrq:cjâ\x84\x96", lpUsedDefaultChar=0x0) returned 40 [0282.108] GetCurrentThreadId () returned 0x1130 [0282.108] GetCurrentThreadId () returned 0x1130 [0282.108] GetCurrentThreadId () returned 0x1130 [0282.108] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcookies\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.108] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] malloc (_Size=0x64) returned 0x1d1338 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.110] GetCurrentThreadId () returned 0x1130 [0282.111] GetCurrentThreadId () returned 0x1130 [0282.111] free (_Block=0x1d1338) [0282.111] malloc (_Size=0x60) returned 0x1d1338 [0282.111] free (_Block=0x1d1338) [0282.111] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.111] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.111] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.111] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.111] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.111] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.111] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.111] malloc (_Size=0x8c) returned 0x1d1338 [0282.111] malloc (_Size=0xfc) returned 0x31d7af8 [0282.112] malloc (_Size=0x40) returned 0x1d14e8 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.112] malloc (_Size=0x40) returned 0x1d7470 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.112] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] malloc (_Size=0xc) returned 0x31e1dc0 [0282.113] malloc (_Size=0x40) returned 0x1d74b8 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] GetCurrentThreadId () returned 0x1130 [0282.113] free (_Block=0x31e40b0) [0282.113] free (_Block=0x1d14e8) [0282.113] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] GetCurrentThreadId () returned 0x1130 [0282.114] free (_Block=0x1d74b8) [0282.114] free (_Block=0x31e1dc0) [0282.114] free (_Block=0x1d7470) [0282.114] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.116] free (_Block=0x31d7af8) [0282.116] free (_Block=0x1d1338) [0282.116] CloseHandle (hObject=0x2b4) returned 1 [0282.117] CloseHandle (hObject=0x404) returned 1 [0282.117] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0282.117] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0282.117] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0282.117] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0282.117] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0282.117] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0282.117] SetLastError (dwErrCode=0x0) [0282.117] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x7a [0282.117] GetLastError () returned 0x0 [0282.117] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0282.117] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0282.117] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0282.117] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0282.117] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcookies")) returned 0x2016 [0282.118] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcookies\\container.dat")) returned 1 [0282.118] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x56)) [0282.118] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.118] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.119] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.119] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.119] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.119] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.119] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.119] CloseHandle (hObject=0x404) returned 1 [0282.119] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[5№^kyZCl&{3SNM4&8yP*7c$\"8pYXaCrq:cj№]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0282.119] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[5№^kyZCl&{3SNM4&8yP*7c$\"8pYXaCrq:cj№]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0282.119] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[5№^kyZCl&{3SNM4&8yP*7c$\"8pYXaCrq:cj№]", cchWideChar=63, lpMultiByteStr=0x2541d78, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[5?^kyZCl&{3SNM4&8yP*7c$\"8pYXaCrq:cj?]", lpUsedDefaultChar=0x0) returned 63 [0282.128] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.128] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY=") returned 172 [0282.128] GetCurrentThreadId () returned 0x1130 [0282.128] GetCurrentThreadId () returned 0x1130 [0282.128] GetCurrentThreadId () returned 0x1130 [0282.128] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.128] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.128] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.128] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.128] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.128] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.129] SetLastError (dwErrCode=0x0) [0282.129] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320") returned 0xb9 [0282.129] GetLastError () returned 0x0 [0282.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.129] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcookies")) returned 0x2016 [0282.129] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].wannacash ncov v310320")) returned 0x2020 [0282.129] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1007].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.129] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.130] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.130] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.130] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.130] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.130] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.130] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.130] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.130] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.130] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.130] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3") returned 197 [0282.130] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.130] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3") returned 197 [0282.130] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.130] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.130] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.131] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:UpRvlpfv7V71mBCq01dgnRq+BU7937b5Hs5xQWom5SJCaICpx2NJ9kbnAEjM0HdxHEFaE+diIEQSgQ/tyBYM3/lGBekQ8Mn+ab6/s+wpmplvR7uWUWSJ/pqkOGuHefy4Yqu+FwQIrnQV1TwL6Zh9eibO0hn9DiR0AME8XqEwBgY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.131] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.133] CloseHandle (hObject=0x404) returned 1 [0282.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0282.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0282.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0282.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0282.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0282.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0282.133] SetLastError (dwErrCode=0x0) [0282.133] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x7a [0282.133] GetLastError () returned 0x0 [0282.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0282.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0282.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0282.133] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0282.133] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcookies")) returned 0x2016 [0282.134] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcookies\\container.dat")) returned 0 [0282.134] GetLastError () returned 0x2 [0282.134] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetCookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inetcookies\\container.dat")) returned 0xffffffff [0282.134] SetLastError (dwErrCode=0x2) [0282.134] GetLastError () returned 0x2 [0282.134] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.134] LocalFree (hMem=0x92fe20) returned 0x0 [0282.134] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.134] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.134] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inethistory\\backgroundtransferapi\\container.dat")) returned 0x2026 [0282.135] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37704102639) returned 1 [0282.135] GetCurrentThreadId () returned 0x1130 [0282.135] GetCurrentThreadId () returned 0x1130 [0282.135] GetCurrentThreadId () returned 0x1130 [0282.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fB+n(KK!fG\"B6SN}`ER!%nj\\UT=P}`wi,tq~", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0282.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fB+n(KK!fG\"B6SN}`ER!%nj\\UT=P}`wi,tq~", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0282.135] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fB+n(KK!fG\"B6SN}`ER!%nj\\UT=P}`wi,tq~", cchWideChar=36, lpMultiByteStr=0x250f7b8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fB+n(KK!fG\"B6SN}`ER!%nj\\UT=P}`wi,tq~@óP\x02°\x04\x02", lpUsedDefaultChar=0x0) returned 36 [0282.135] GetCurrentThreadId () returned 0x1130 [0282.135] GetCurrentThreadId () returned 0x1130 [0282.135] GetCurrentThreadId () returned 0x1130 [0282.135] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inethistory\\backgroundtransferapi\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.135] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inethistory\\backgroundtransferapi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.150] GetCurrentThreadId () returned 0x1130 [0282.151] GetCurrentThreadId () returned 0x1130 [0282.151] malloc (_Size=0x64) returned 0x1d1338 [0282.151] GetCurrentThreadId () returned 0x1130 [0282.151] GetCurrentThreadId () returned 0x1130 [0282.151] GetCurrentThreadId () returned 0x1130 [0282.151] GetCurrentThreadId () returned 0x1130 [0282.151] GetCurrentThreadId () returned 0x1130 [0282.151] GetCurrentThreadId () returned 0x1130 [0282.151] free (_Block=0x1d1338) [0282.151] malloc (_Size=0x60) returned 0x1d1338 [0282.151] free (_Block=0x1d1338) [0282.151] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.151] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.152] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.152] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.152] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.152] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.152] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.152] malloc (_Size=0x8c) returned 0x1d1338 [0282.152] malloc (_Size=0xfc) returned 0x31d78e8 [0282.152] malloc (_Size=0x40) returned 0x1d14e8 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.152] GetCurrentThreadId () returned 0x1130 [0282.153] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.153] malloc (_Size=0x40) returned 0x1d7470 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] malloc (_Size=0xc) returned 0x31e1dc0 [0282.153] malloc (_Size=0x40) returned 0x1d74b8 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.153] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] free (_Block=0x31e40b0) [0282.154] free (_Block=0x1d14e8) [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.154] GetCurrentThreadId () returned 0x1130 [0282.155] free (_Block=0x1d74b8) [0282.155] free (_Block=0x31e1dc0) [0282.155] free (_Block=0x1d7470) [0282.155] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.156] free (_Block=0x31d78e8) [0282.156] free (_Block=0x1d1338) [0282.156] CloseHandle (hObject=0x2b4) returned 1 [0282.156] CloseHandle (hObject=0x404) returned 1 [0282.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0282.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0282.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0282.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0282.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0282.156] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0282.156] SetLastError (dwErrCode=0x0) [0282.156] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x90 [0282.157] GetLastError () returned 0x0 [0282.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0282.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0282.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0282.157] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0282.157] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inethistory\\backgroundtransferapi")) returned 0x2016 [0282.157] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inethistory\\backgroundtransferapi\\container.dat")) returned 1 [0282.158] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x75)) [0282.158] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.158] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.158] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.158] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.158] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.158] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.158] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.158] CloseHandle (hObject=0x404) returned 1 [0282.158] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[fB+n(KK!fG\"B6SN}`ER!%nj\\UT=P}`wi,tq~]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0282.158] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[fB+n(KK!fG\"B6SN}`ER!%nj\\UT=P}`wi,tq~]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0282.159] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[fB+n(KK!fG\"B6SN}`ER!%nj\\UT=P}`wi,tq~]", cchWideChar=63, lpMultiByteStr=0x2541d78, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[fB+n(KK!fG\"B6SN}`ER!%nj\\UT=P}`wi,tq~]", lpUsedDefaultChar=0x0) returned 63 [0282.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.168] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4=") returned 172 [0282.168] GetCurrentThreadId () returned 0x1130 [0282.168] GetCurrentThreadId () returned 0x1130 [0282.168] GetCurrentThreadId () returned 0x1130 [0282.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.168] SetLastError (dwErrCode=0x0) [0282.168] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320") returned 0xcf [0282.168] GetLastError () returned 0x0 [0282.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.168] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.168] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inethistory\\backgroundtransferapi")) returned 0x2016 [0282.169] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inethistory\\backgroundtransferapi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].wannacash ncov v310320")) returned 0x2020 [0282.169] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inethistory\\backgroundtransferapi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1008].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.169] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.169] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.169] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.169] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.169] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.169] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.169] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.169] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.169] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.170] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.170] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.170] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3") returned 197 [0282.170] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.170] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3") returned 197 [0282.170] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.170] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.170] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.170] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:QtLCELrF7fsMuwRXwM86HjbmZB0GnKRXiAWe0tGRx6QdsbFMusU+1OHB/8uVidj+3LGfwvQ+ZjZIEF7vkBE7mKplISO1IKzJtwFDa+ej0NhE5vLGmyAo8jQbL4KcTuNXzI3vmLHiwwFBMA9dcZyP8fQ056aLNm7kSkTundjTcS4= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.170] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.170] CloseHandle (hObject=0x404) returned 1 [0282.170] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0282.170] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0282.171] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0282.171] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0282.171] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0282.171] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0282.171] SetLastError (dwErrCode=0x0) [0282.171] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x90 [0282.171] GetLastError () returned 0x0 [0282.171] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0282.171] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0282.171] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0282.171] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0282.171] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inethistory\\backgroundtransferapi")) returned 0x2016 [0282.171] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inethistory\\backgroundtransferapi\\container.dat")) returned 0 [0282.171] GetLastError () returned 0x2 [0282.171] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\AC\\INetHistory\\BackgroundTransferApi\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\ac\\inethistory\\backgroundtransferapi\\container.dat")) returned 0xffffffff [0282.171] SetLastError (dwErrCode=0x2) [0282.171] GetLastError () returned 0x2 [0282.171] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.171] LocalFree (hMem=0x92fe20) returned 0x0 [0282.172] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.172] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.172] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\202914\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\202914\\eventbeacons.dat")) returned 0x20 [0282.174] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37708040590) returned 1 [0282.174] GetCurrentThreadId () returned 0x1130 [0282.174] GetCurrentThreadId () returned 0x1130 [0282.174] GetCurrentThreadId () returned 0x1130 [0282.174] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="NAWWkQe|X-{aT+41{HF+>~pYi!Q~7TvTKs`no+>~pYi!Q~7TvTKs`no+>~pYi!Q~7TvTKs`no+>~pYi!Q~7TvTKs`no+>~pYi!Q~7TvTKs`no+>~pYi!Q~7TvTKs`no+>~pYi!Q~7TvTKs`no+>~pYi!Q~7TvTKs`no8hD/+C)G8Ixc?", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0282.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(K-*`Bt\"E,MXkNWaD$d6_>8hD/+C)G8Ixc?", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0282.458] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(K-*`Bt\"E,MXkNWaD$d6_>8hD/+C)G8Ixc?", cchWideChar=35, lpMultiByteStr=0x250f7b8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="(K-*`Bt\"E,MXkNWaD$d6_>8hD/+C)G8Ixc?", lpUsedDefaultChar=0x0) returned 35 [0282.458] GetCurrentThreadId () returned 0x1130 [0282.458] GetCurrentThreadId () returned 0x1130 [0282.458] GetCurrentThreadId () returned 0x1130 [0282.458] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243289\\imprbeacons.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.458] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] malloc (_Size=0x64) returned 0x1d1338 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.459] GetCurrentThreadId () returned 0x1130 [0282.460] GetCurrentThreadId () returned 0x1130 [0282.460] GetCurrentThreadId () returned 0x1130 [0282.460] free (_Block=0x1d1338) [0282.460] malloc (_Size=0x60) returned 0x1d1338 [0282.460] free (_Block=0x1d1338) [0282.460] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.460] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.460] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.460] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.460] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.460] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.460] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.460] malloc (_Size=0x8c) returned 0x1d1338 [0282.460] malloc (_Size=0xfc) returned 0x31d71b0 [0282.461] malloc (_Size=0x40) returned 0x1d14e8 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.461] malloc (_Size=0x40) returned 0x1d7470 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] GetCurrentThreadId () returned 0x1130 [0282.461] malloc (_Size=0xc) returned 0x31e1d18 [0282.462] malloc (_Size=0x40) returned 0x1d74b8 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] free (_Block=0x31e40b0) [0282.462] free (_Block=0x1d14e8) [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.462] GetCurrentThreadId () returned 0x1130 [0282.463] GetCurrentThreadId () returned 0x1130 [0282.463] GetCurrentThreadId () returned 0x1130 [0282.463] GetCurrentThreadId () returned 0x1130 [0282.463] GetCurrentThreadId () returned 0x1130 [0282.463] GetCurrentThreadId () returned 0x1130 [0282.463] GetCurrentThreadId () returned 0x1130 [0282.463] GetCurrentThreadId () returned 0x1130 [0282.463] GetCurrentThreadId () returned 0x1130 [0282.463] GetCurrentThreadId () returned 0x1130 [0282.463] GetCurrentThreadId () returned 0x1130 [0282.463] GetCurrentThreadId () returned 0x1130 [0282.463] free (_Block=0x1d74b8) [0282.463] free (_Block=0x31e1d18) [0282.463] free (_Block=0x1d7470) [0282.463] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.464] free (_Block=0x31d71b0) [0282.464] free (_Block=0x1d1338) [0282.464] CloseHandle (hObject=0x2b4) returned 1 [0282.464] CloseHandle (hObject=0x404) returned 1 [0282.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=8) returned 1 [0282.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=4) returned 1 [0282.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=8) returned 1 [0282.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=4) returned 1 [0282.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=8) returned 1 [0282.464] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=4) returned 1 [0282.464] SetLastError (dwErrCode=0x0) [0282.464] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", lpFilePart=0x19f9f8*="imprbeacons.dat") returned 0x9e [0282.465] GetLastError () returned 0x0 [0282.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=8) returned 1 [0282.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=4) returned 1 [0282.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=8) returned 1 [0282.465] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=4) returned 1 [0282.465] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243289")) returned 0x10 [0282.465] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243289\\imprbeacons.dat")) returned 1 [0282.465] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x1aa)) [0282.466] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.466] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.466] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.466] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.466] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.466] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.466] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.466] CloseHandle (hObject=0x404) returned 1 [0282.466] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[(K-*`Bt\"E,MXkNWaD$d6_>8hD/+C)G8Ixc?]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0282.466] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[(K-*`Bt\"E,MXkNWaD$d6_>8hD/+C)G8Ixc?]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0282.466] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[(K-*`Bt\"E,MXkNWaD$d6_>8hD/+C)G8Ixc?]", cchWideChar=64, lpMultiByteStr=0x2541d78, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[imprbeacons.dat]omgp:[(K-*`Bt\"E,MXkNWaD$d6_>8hD/+C)G8Ixc?]8", lpUsedDefaultChar=0x0) returned 64 [0282.520] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.520] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo=") returned 172 [0282.520] GetCurrentThreadId () returned 0x1130 [0282.520] GetCurrentThreadId () returned 0x1130 [0282.520] GetCurrentThreadId () returned 0x1130 [0282.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.520] SetLastError (dwErrCode=0x0) [0282.520] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320") returned 0xdb [0282.520] GetLastError () returned 0x0 [0282.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.520] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.520] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243289")) returned 0x10 [0282.521] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].wannacash ncov v310320")) returned 0x20 [0282.521] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243289\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1018].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.521] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.521] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.522] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.522] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.522] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.522] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.522] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.522] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.522] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.522] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3") returned 197 [0282.522] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.522] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3") returned 197 [0282.522] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.522] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.522] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.522] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:BfIlSzeThXmJPe2wTCMuDILUsGkNz9Gdk/9UoipYCAoJsnTpMAr49NYq6DWVgpGOPpvB5PycFS6Yj37oPsovoa8E656bowmIi5WzdIezp/AIsEeYWBPLSj7pG02aD68GPr7oONUEI6JFH6OX5/mH+OJS4PE6h08izzJDUVxJmCo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.522] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.522] CloseHandle (hObject=0x404) returned 1 [0282.523] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=8) returned 1 [0282.523] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=4) returned 1 [0282.523] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=8) returned 1 [0282.523] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=4) returned 1 [0282.523] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=8) returned 1 [0282.523] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=4) returned 1 [0282.523] SetLastError (dwErrCode=0x0) [0282.523] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", lpFilePart=0x19fa34*="imprbeacons.dat") returned 0x9e [0282.523] GetLastError () returned 0x0 [0282.523] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=8) returned 1 [0282.523] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=4) returned 1 [0282.523] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=8) returned 1 [0282.523] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat", cchCount2=4) returned 1 [0282.523] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243289")) returned 0x10 [0282.523] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243289\\imprbeacons.dat")) returned 0 [0282.524] GetLastError () returned 0x2 [0282.524] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243289\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243289\\imprbeacons.dat")) returned 0xffffffff [0282.524] SetLastError (dwErrCode=0x2) [0282.524] GetLastError () returned 0x2 [0282.524] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.524] LocalFree (hMem=0x92fe20) returned 0x0 [0282.524] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.524] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.524] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\eventbeacons.dat")) returned 0x20 [0282.526] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37743178207) returned 1 [0282.526] GetCurrentThreadId () returned 0x1130 [0282.526] GetCurrentThreadId () returned 0x1130 [0282.526] GetCurrentThreadId () returned 0x1130 [0282.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FhJk/3A6%,Xj*>)^&N&reeZ%\\dv&WCkkB!wm{F8/DH", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0282.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FhJk/3A6%,Xj*>)^&N&reeZ%\\dv&WCkkB!wm{F8/DH", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0282.526] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FhJk/3A6%,Xj*>)^&N&reeZ%\\dv&WCkkB!wm{F8/DH", cchWideChar=42, lpMultiByteStr=0x2524fd0, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FhJk/3A6%,Xj*>)^&N&reeZ%\\dv&WCkkB!wm{F8/DH", lpUsedDefaultChar=0x0) returned 42 [0282.526] GetCurrentThreadId () returned 0x1130 [0282.526] GetCurrentThreadId () returned 0x1130 [0282.526] GetCurrentThreadId () returned 0x1130 [0282.526] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\eventbeacons.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.526] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.527] GetCurrentThreadId () returned 0x1130 [0282.527] GetCurrentThreadId () returned 0x1130 [0282.527] GetCurrentThreadId () returned 0x1130 [0282.527] GetCurrentThreadId () returned 0x1130 [0282.527] GetCurrentThreadId () returned 0x1130 [0282.527] GetCurrentThreadId () returned 0x1130 [0282.527] GetCurrentThreadId () returned 0x1130 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] malloc (_Size=0x64) returned 0x1d1338 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] GetCurrentThreadId () returned 0x1130 [0282.528] free (_Block=0x1d1338) [0282.528] malloc (_Size=0x60) returned 0x1d1338 [0282.528] free (_Block=0x1d1338) [0282.528] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.529] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.529] malloc (_Size=0x8c) returned 0x1d1338 [0282.529] malloc (_Size=0xfc) returned 0x31d77e0 [0282.529] malloc (_Size=0x40) returned 0x1d14e8 [0282.529] GetCurrentThreadId () returned 0x1130 [0282.529] GetCurrentThreadId () returned 0x1130 [0282.529] GetCurrentThreadId () returned 0x1130 [0282.529] GetCurrentThreadId () returned 0x1130 [0282.529] GetCurrentThreadId () returned 0x1130 [0282.529] GetCurrentThreadId () returned 0x1130 [0282.529] GetCurrentThreadId () returned 0x1130 [0282.529] GetCurrentThreadId () returned 0x1130 [0282.529] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.530] malloc (_Size=0x40) returned 0x1d7470 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] malloc (_Size=0xc) returned 0x31e1e20 [0282.530] malloc (_Size=0x40) returned 0x1d74b8 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.530] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] free (_Block=0x31e40b0) [0282.531] free (_Block=0x1d14e8) [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.531] GetCurrentThreadId () returned 0x1130 [0282.532] GetCurrentThreadId () returned 0x1130 [0282.532] GetCurrentThreadId () returned 0x1130 [0282.532] GetCurrentThreadId () returned 0x1130 [0282.532] GetCurrentThreadId () returned 0x1130 [0282.532] GetCurrentThreadId () returned 0x1130 [0282.532] GetCurrentThreadId () returned 0x1130 [0282.532] GetCurrentThreadId () returned 0x1130 [0282.532] GetCurrentThreadId () returned 0x1130 [0282.532] GetCurrentThreadId () returned 0x1130 [0282.532] free (_Block=0x1d74b8) [0282.532] free (_Block=0x31e1e20) [0282.532] free (_Block=0x1d7470) [0282.532] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.534] free (_Block=0x31d77e0) [0282.534] free (_Block=0x1d1338) [0282.534] CloseHandle (hObject=0x2b4) returned 1 [0282.534] CloseHandle (hObject=0x404) returned 1 [0282.534] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=8) returned 1 [0282.534] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=4) returned 1 [0282.534] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=8) returned 1 [0282.534] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=4) returned 1 [0282.534] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=8) returned 1 [0282.534] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=4) returned 1 [0282.534] SetLastError (dwErrCode=0x0) [0282.534] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", lpFilePart=0x19f9f8*="eventbeacons.dat") returned 0x9f [0282.534] GetLastError () returned 0x0 [0282.535] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=8) returned 1 [0282.535] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=4) returned 1 [0282.535] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=8) returned 1 [0282.535] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=4) returned 1 [0282.535] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292")) returned 0x10 [0282.535] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\eventbeacons.dat")) returned 1 [0282.536] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x1f8)) [0282.536] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.536] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.536] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.536] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.536] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.536] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.536] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.536] CloseHandle (hObject=0x404) returned 1 [0282.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[FhJk/3A6%,Xj*>)^&N&reeZ%\\dv&WCkkB!wm{F8/DH]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0282.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[FhJk/3A6%,Xj*>)^&N&reeZ%\\dv&WCkkB!wm{F8/DH]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0282.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[FhJk/3A6%,Xj*>)^&N&reeZ%\\dv&WCkkB!wm{F8/DH]", cchWideChar=72, lpMultiByteStr=0x252c708, cbMultiByte=72, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[eventbeacons.dat]omgp:[FhJk/3A6%,Xj*>)^&N&reeZ%\\dv&WCkkB!wm{F8/DH]", lpUsedDefaultChar=0x0) returned 72 [0282.546] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.546] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q=") returned 172 [0282.546] GetCurrentThreadId () returned 0x1130 [0282.546] GetCurrentThreadId () returned 0x1130 [0282.546] GetCurrentThreadId () returned 0x1130 [0282.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.546] SetLastError (dwErrCode=0x0) [0282.546] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320") returned 0xdb [0282.546] GetLastError () returned 0x0 [0282.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.546] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.546] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292")) returned 0x10 [0282.547] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].wannacash ncov v310320")) returned 0x20 [0282.547] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1019].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.547] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.547] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.547] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.548] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.548] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.548] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.548] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.548] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3") returned 197 [0282.548] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.548] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3") returned 197 [0282.548] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.548] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:N8CS+pce+Zkkbg5PFNZSxHcmenc8SCtr884dr4ZQjA5E5CCgppGaCu1qBGoJFGDNtCtk8m5qzX1qQ5MLyybOSPjLvU9faaUIhP1rQ7E4G/0iYoXY6EKsw/SQ2xLUzlk7sL3oLUw/r1sqLpNjGbyvPHwl5nG1SEnCe274Fif7s0Q= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.548] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.548] CloseHandle (hObject=0x404) returned 1 [0282.548] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=8) returned 1 [0282.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=4) returned 1 [0282.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=8) returned 1 [0282.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=4) returned 1 [0282.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=8) returned 1 [0282.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=4) returned 1 [0282.549] SetLastError (dwErrCode=0x0) [0282.549] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", lpFilePart=0x19fa34*="eventbeacons.dat") returned 0x9f [0282.549] GetLastError () returned 0x0 [0282.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=8) returned 1 [0282.549] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=4) returned 1 [0282.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=8) returned 1 [0282.550] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat", cchCount2=4) returned 1 [0282.550] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292")) returned 0x10 [0282.550] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\eventbeacons.dat")) returned 0 [0282.550] GetLastError () returned 0x2 [0282.550] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\eventbeacons.dat")) returned 0xffffffff [0282.550] SetLastError (dwErrCode=0x2) [0282.550] GetLastError () returned 0x2 [0282.550] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.550] LocalFree (hMem=0x92fe20) returned 0x0 [0282.551] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.551] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.551] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\imprbeacons.dat")) returned 0x20 [0282.551] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37745747876) returned 1 [0282.551] GetCurrentThreadId () returned 0x1130 [0282.551] GetCurrentThreadId () returned 0x1130 [0282.551] GetCurrentThreadId () returned 0x1130 [0282.551] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZD1lL98|-AN:!+>Q.WaP:D%p_XnphgSPUw*", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0282.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZD1lL98|-AN:!+>Q.WaP:D%p_XnphgSPUw*", cchWideChar=35, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0282.552] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ZD1lL98|-AN:!+>Q.WaP:D%p_XnphgSPUw*", cchWideChar=35, lpMultiByteStr=0x250f7b8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZD1lL98|-AN:!+>Q.WaP:D%p_XnphgSPUw*", lpUsedDefaultChar=0x0) returned 35 [0282.552] GetCurrentThreadId () returned 0x1130 [0282.552] GetCurrentThreadId () returned 0x1130 [0282.552] GetCurrentThreadId () returned 0x1130 [0282.552] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\imprbeacons.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.552] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] malloc (_Size=0x64) returned 0x1d1338 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.553] GetCurrentThreadId () returned 0x1130 [0282.554] GetCurrentThreadId () returned 0x1130 [0282.554] free (_Block=0x1d1338) [0282.554] malloc (_Size=0x60) returned 0x1d1338 [0282.554] free (_Block=0x1d1338) [0282.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.554] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.554] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.554] malloc (_Size=0x8c) returned 0x1d1338 [0282.554] malloc (_Size=0xfc) returned 0x31d71b0 [0282.554] malloc (_Size=0x40) returned 0x1d14e8 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.555] malloc (_Size=0x40) returned 0x1d7470 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.555] GetCurrentThreadId () returned 0x1130 [0282.556] malloc (_Size=0xc) returned 0x31e1dc0 [0282.556] malloc (_Size=0x40) returned 0x1d74b8 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] free (_Block=0x31e40b0) [0282.556] free (_Block=0x1d14e8) [0282.556] GetCurrentThreadId () returned 0x1130 [0282.556] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] GetCurrentThreadId () returned 0x1130 [0282.557] free (_Block=0x1d74b8) [0282.557] free (_Block=0x31e1dc0) [0282.557] free (_Block=0x1d7470) [0282.557] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.559] free (_Block=0x31d71b0) [0282.559] free (_Block=0x1d1338) [0282.559] CloseHandle (hObject=0x2b4) returned 1 [0282.559] CloseHandle (hObject=0x404) returned 1 [0282.559] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=8) returned 1 [0282.559] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=4) returned 1 [0282.559] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=8) returned 1 [0282.559] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=4) returned 1 [0282.559] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=8) returned 1 [0282.559] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=4) returned 1 [0282.559] SetLastError (dwErrCode=0x0) [0282.559] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", lpFilePart=0x19f9f8*="imprbeacons.dat") returned 0x9e [0282.559] GetLastError () returned 0x0 [0282.559] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=8) returned 1 [0282.559] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=4) returned 1 [0282.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=8) returned 1 [0282.560] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=4) returned 1 [0282.560] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292")) returned 0x10 [0282.560] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\imprbeacons.dat")) returned 1 [0282.561] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x208)) [0282.561] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.561] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.561] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.561] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.561] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.561] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.561] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.561] CloseHandle (hObject=0x404) returned 1 [0282.561] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[ZD1lL98|-AN:!+>Q.WaP:D%p_XnphgSPUw*]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0282.561] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[ZD1lL98|-AN:!+>Q.WaP:D%p_XnphgSPUw*]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0282.561] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[ZD1lL98|-AN:!+>Q.WaP:D%p_XnphgSPUw*]", cchWideChar=64, lpMultiByteStr=0x2541d78, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[imprbeacons.dat]omgp:[ZD1lL98|-AN:!+>Q.WaP:D%p_XnphgSPUw*]S", lpUsedDefaultChar=0x0) returned 64 [0282.574] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.574] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs=") returned 172 [0282.574] GetCurrentThreadId () returned 0x1130 [0282.574] GetCurrentThreadId () returned 0x1130 [0282.574] GetCurrentThreadId () returned 0x1130 [0282.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.574] SetLastError (dwErrCode=0x0) [0282.574] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320") returned 0xdb [0282.574] GetLastError () returned 0x0 [0282.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.575] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292")) returned 0x10 [0282.575] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].wannacash ncov v310320")) returned 0x20 [0282.575] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1020].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.575] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.575] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.575] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.575] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.576] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.576] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.576] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.576] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.576] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.576] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.576] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.576] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.576] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3") returned 197 [0282.576] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.576] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3") returned 197 [0282.576] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.576] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.576] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.576] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:wBSSMTcoRqekrN1i+UjPKCRFN11s81iTezVTGYd1EOoN4zdJbbYYLAyrrywshom41yMCmZkw6WNurdKcYkqyaNQoFpg339dU0zRwC0qqauKne1sdykS7PmgrSORO15DOuWdkcVPuWEVR6Zo4fi2AH+CSnDfnuT9Aw7RrHTddlGs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.576] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.577] CloseHandle (hObject=0x404) returned 1 [0282.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=8) returned 1 [0282.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=4) returned 1 [0282.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=8) returned 1 [0282.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=4) returned 1 [0282.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=8) returned 1 [0282.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=4) returned 1 [0282.577] SetLastError (dwErrCode=0x0) [0282.577] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", lpFilePart=0x19fa34*="imprbeacons.dat") returned 0x9e [0282.577] GetLastError () returned 0x0 [0282.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=8) returned 1 [0282.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=4) returned 1 [0282.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=8) returned 1 [0282.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat", cchCount2=4) returned 1 [0282.577] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292")) returned 0x10 [0282.577] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\imprbeacons.dat")) returned 0 [0282.577] GetLastError () returned 0x2 [0282.577] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\243292\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\243292\\imprbeacons.dat")) returned 0xffffffff [0282.577] SetLastError (dwErrCode=0x2) [0282.577] GetLastError () returned 0x2 [0282.577] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.577] LocalFree (hMem=0x92fe20) returned 0x0 [0282.578] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.578] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.578] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\eventbeacons.dat")) returned 0x20 [0282.579] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37748499233) returned 1 [0282.579] GetCurrentThreadId () returned 0x1130 [0282.579] GetCurrentThreadId () returned 0x1130 [0282.579] GetCurrentThreadId () returned 0x1130 [0282.579] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i?G,cE(U8zD1b~FnVK`<(9j$OY.:tl=T-u+^J", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0282.579] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i?G,cE(U8zD1b~FnVK`<(9j$OY.:tl=T-u+^J", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0282.579] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i?G,cE(U8zD1b~FnVK`<(9j$OY.:tl=T-u+^J", cchWideChar=37, lpMultiByteStr=0x2524fd0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="i?G,cE(U8zD1b~FnVK`<(9j$OY.:tl=T-u+^J", lpUsedDefaultChar=0x0) returned 37 [0282.579] GetCurrentThreadId () returned 0x1130 [0282.579] GetCurrentThreadId () returned 0x1130 [0282.579] GetCurrentThreadId () returned 0x1130 [0282.579] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\eventbeacons.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.579] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.580] GetCurrentThreadId () returned 0x1130 [0282.580] GetCurrentThreadId () returned 0x1130 [0282.580] GetCurrentThreadId () returned 0x1130 [0282.580] GetCurrentThreadId () returned 0x1130 [0282.580] GetCurrentThreadId () returned 0x1130 [0282.580] GetCurrentThreadId () returned 0x1130 [0282.580] GetCurrentThreadId () returned 0x1130 [0282.580] GetCurrentThreadId () returned 0x1130 [0282.580] GetCurrentThreadId () returned 0x1130 [0282.580] GetCurrentThreadId () returned 0x1130 [0282.580] GetCurrentThreadId () returned 0x1130 [0282.581] GetCurrentThreadId () returned 0x1130 [0282.581] GetCurrentThreadId () returned 0x1130 [0282.581] malloc (_Size=0x64) returned 0x1d1338 [0282.581] GetCurrentThreadId () returned 0x1130 [0282.581] GetCurrentThreadId () returned 0x1130 [0282.581] GetCurrentThreadId () returned 0x1130 [0282.581] GetCurrentThreadId () returned 0x1130 [0282.581] GetCurrentThreadId () returned 0x1130 [0282.581] GetCurrentThreadId () returned 0x1130 [0282.581] free (_Block=0x1d1338) [0282.581] malloc (_Size=0x60) returned 0x1d1338 [0282.581] free (_Block=0x1d1338) [0282.581] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.581] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.581] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.581] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.581] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.581] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.582] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.582] malloc (_Size=0x8c) returned 0x1d1338 [0282.582] malloc (_Size=0xfc) returned 0x31d77e0 [0282.582] malloc (_Size=0x40) returned 0x1d14e8 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.582] malloc (_Size=0x40) returned 0x1d7470 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.582] GetCurrentThreadId () returned 0x1130 [0282.583] malloc (_Size=0xc) returned 0x31e1ca0 [0282.583] malloc (_Size=0x40) returned 0x1d74b8 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] free (_Block=0x31e40b0) [0282.583] free (_Block=0x1d14e8) [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.583] GetCurrentThreadId () returned 0x1130 [0282.584] GetCurrentThreadId () returned 0x1130 [0282.584] GetCurrentThreadId () returned 0x1130 [0282.584] GetCurrentThreadId () returned 0x1130 [0282.584] GetCurrentThreadId () returned 0x1130 [0282.584] GetCurrentThreadId () returned 0x1130 [0282.584] GetCurrentThreadId () returned 0x1130 [0282.584] GetCurrentThreadId () returned 0x1130 [0282.584] GetCurrentThreadId () returned 0x1130 [0282.584] GetCurrentThreadId () returned 0x1130 [0282.584] GetCurrentThreadId () returned 0x1130 [0282.584] GetCurrentThreadId () returned 0x1130 [0282.584] free (_Block=0x1d74b8) [0282.584] free (_Block=0x31e1ca0) [0282.584] free (_Block=0x1d7470) [0282.584] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.585] free (_Block=0x31d77e0) [0282.585] free (_Block=0x1d1338) [0282.585] CloseHandle (hObject=0x2b4) returned 1 [0282.585] CloseHandle (hObject=0x404) returned 1 [0282.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=8) returned 1 [0282.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=4) returned 1 [0282.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=8) returned 1 [0282.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=4) returned 1 [0282.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=8) returned 1 [0282.585] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=4) returned 1 [0282.586] SetLastError (dwErrCode=0x0) [0282.586] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", lpFilePart=0x19f9f8*="eventbeacons.dat") returned 0x9f [0282.586] GetLastError () returned 0x0 [0282.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=8) returned 1 [0282.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=4) returned 1 [0282.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=8) returned 1 [0282.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=4) returned 1 [0282.586] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978")) returned 0x10 [0282.586] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\eventbeacons.dat")) returned 1 [0282.587] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x227)) [0282.587] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.587] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.587] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.587] CloseHandle (hObject=0x404) returned 1 [0282.587] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[i?G,cE(U8zD1b~FnVK`<(9j$OY.:tl=T-u+^J]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0282.587] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[i?G,cE(U8zD1b~FnVK`<(9j$OY.:tl=T-u+^J]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0282.587] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[i?G,cE(U8zD1b~FnVK`<(9j$OY.:tl=T-u+^J]", cchWideChar=67, lpMultiByteStr=0x2541d78, cbMultiByte=67, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[eventbeacons.dat]omgp:[i?G,cE(U8zD1b~FnVK`<(9j$OY.:tl=T-u+^J]", lpUsedDefaultChar=0x0) returned 67 [0282.594] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.594] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo=") returned 172 [0282.594] GetCurrentThreadId () returned 0x1130 [0282.594] GetCurrentThreadId () returned 0x1130 [0282.594] GetCurrentThreadId () returned 0x1130 [0282.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.594] SetLastError (dwErrCode=0x0) [0282.594] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320") returned 0xdb [0282.594] GetLastError () returned 0x0 [0282.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.594] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.594] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978")) returned 0x10 [0282.595] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].wannacash ncov v310320")) returned 0x20 [0282.595] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1021].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.595] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.595] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.595] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.595] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.595] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.595] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.595] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.595] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.595] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.595] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.595] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.595] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.595] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3") returned 197 [0282.595] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.595] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3") returned 197 [0282.595] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.596] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.596] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.596] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iYzsyIfebpSjeEf0YvdJGr1lQInQmVB86JJ3YyaU7WUmbbrjh8oHimKFC905LzQRmZTEhmBqnPy4RTbPzmp6H+kPE11gWj8cONhi9tAzh2HMb0cXwzRLAH7CDjYKXcpub996fbewQwmYl3FJlpAzsmt/3Ytnwb0RLrN7xl3vGRo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.596] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.596] CloseHandle (hObject=0x404) returned 1 [0282.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=8) returned 1 [0282.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=4) returned 1 [0282.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=8) returned 1 [0282.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=4) returned 1 [0282.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=8) returned 1 [0282.596] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=4) returned 1 [0282.597] SetLastError (dwErrCode=0x0) [0282.597] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", lpFilePart=0x19fa34*="eventbeacons.dat") returned 0x9f [0282.597] GetLastError () returned 0x0 [0282.597] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=8) returned 1 [0282.597] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=4) returned 1 [0282.597] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=8) returned 1 [0282.597] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat", cchCount2=4) returned 1 [0282.597] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978")) returned 0x10 [0282.597] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\eventbeacons.dat")) returned 0 [0282.597] GetLastError () returned 0x2 [0282.597] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\eventbeacons.dat")) returned 0xffffffff [0282.597] SetLastError (dwErrCode=0x2) [0282.597] GetLastError () returned 0x2 [0282.597] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.597] LocalFree (hMem=0x92fe20) returned 0x0 [0282.597] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.597] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.598] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\imprbeacons.dat")) returned 0x20 [0282.598] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37750406899) returned 1 [0282.598] GetCurrentThreadId () returned 0x1130 [0282.598] GetCurrentThreadId () returned 0x1130 [0282.598] GetCurrentThreadId () returned 0x1130 [0282.598] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fkb(jHE%h&N->\">h7Un{2e,@HqwS@z:ukC7)e", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0282.598] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fkb(jHE%h&N->\">h7Un{2e,@HqwS@z:ukC7)e", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0282.598] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="fkb(jHE%h&N->\">h7Un{2e,@HqwS@z:ukC7)e", cchWideChar=37, lpMultiByteStr=0x2525040, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fkb(jHE%h&N->\">h7Un{2e,@HqwS@z:ukC7)e", lpUsedDefaultChar=0x0) returned 37 [0282.598] GetCurrentThreadId () returned 0x1130 [0282.598] GetCurrentThreadId () returned 0x1130 [0282.598] GetCurrentThreadId () returned 0x1130 [0282.598] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\imprbeacons.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.598] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.599] GetCurrentThreadId () returned 0x1130 [0282.600] GetCurrentThreadId () returned 0x1130 [0282.600] malloc (_Size=0x64) returned 0x1d1338 [0282.600] GetCurrentThreadId () returned 0x1130 [0282.600] GetCurrentThreadId () returned 0x1130 [0282.600] GetCurrentThreadId () returned 0x1130 [0282.600] GetCurrentThreadId () returned 0x1130 [0282.600] GetCurrentThreadId () returned 0x1130 [0282.600] GetCurrentThreadId () returned 0x1130 [0282.600] free (_Block=0x1d1338) [0282.600] malloc (_Size=0x60) returned 0x1d1338 [0282.600] free (_Block=0x1d1338) [0282.600] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.600] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.600] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.600] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.600] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.600] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.600] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.601] malloc (_Size=0x8c) returned 0x1d1338 [0282.601] malloc (_Size=0xfc) returned 0x31d77e0 [0282.601] malloc (_Size=0x40) returned 0x1d14e8 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.601] malloc (_Size=0x40) returned 0x1d7470 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.601] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] malloc (_Size=0xc) returned 0x31e1dc0 [0282.602] malloc (_Size=0x40) returned 0x1d74b8 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] free (_Block=0x31e40b0) [0282.602] free (_Block=0x1d14e8) [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.602] GetCurrentThreadId () returned 0x1130 [0282.603] GetCurrentThreadId () returned 0x1130 [0282.603] GetCurrentThreadId () returned 0x1130 [0282.603] GetCurrentThreadId () returned 0x1130 [0282.603] GetCurrentThreadId () returned 0x1130 [0282.603] GetCurrentThreadId () returned 0x1130 [0282.603] GetCurrentThreadId () returned 0x1130 [0282.603] GetCurrentThreadId () returned 0x1130 [0282.603] GetCurrentThreadId () returned 0x1130 [0282.603] GetCurrentThreadId () returned 0x1130 [0282.603] GetCurrentThreadId () returned 0x1130 [0282.603] GetCurrentThreadId () returned 0x1130 [0282.603] free (_Block=0x1d74b8) [0282.603] free (_Block=0x31e1dc0) [0282.603] free (_Block=0x1d7470) [0282.603] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.604] free (_Block=0x31d77e0) [0282.604] free (_Block=0x1d1338) [0282.604] CloseHandle (hObject=0x2b4) returned 1 [0282.604] CloseHandle (hObject=0x404) returned 1 [0282.604] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=8) returned 1 [0282.604] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=4) returned 1 [0282.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=8) returned 1 [0282.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=4) returned 1 [0282.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=8) returned 1 [0282.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=4) returned 1 [0282.605] SetLastError (dwErrCode=0x0) [0282.605] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", lpFilePart=0x19f9f8*="imprbeacons.dat") returned 0x9e [0282.605] GetLastError () returned 0x0 [0282.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=8) returned 1 [0282.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=4) returned 1 [0282.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=8) returned 1 [0282.605] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=4) returned 1 [0282.605] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978")) returned 0x10 [0282.605] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\imprbeacons.dat")) returned 1 [0282.606] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x237)) [0282.606] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.606] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.606] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.606] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.606] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.606] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.606] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.606] CloseHandle (hObject=0x404) returned 1 [0282.606] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[fkb(jHE%h&N->\">h7Un{2e,@HqwS@z:ukC7)e]", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0282.606] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[fkb(jHE%h&N->\">h7Un{2e,@HqwS@z:ukC7)e]", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0282.606] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[fkb(jHE%h&N->\">h7Un{2e,@HqwS@z:ukC7)e]", cchWideChar=66, lpMultiByteStr=0x2541d78, cbMultiByte=66, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[imprbeacons.dat]omgp:[fkb(jHE%h&N->\">h7Un{2e,@HqwS@z:ukC7)e]", lpUsedDefaultChar=0x0) returned 66 [0282.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.617] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY=") returned 172 [0282.617] GetCurrentThreadId () returned 0x1130 [0282.617] GetCurrentThreadId () returned 0x1130 [0282.617] GetCurrentThreadId () returned 0x1130 [0282.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.617] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.617] SetLastError (dwErrCode=0x0) [0282.617] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320") returned 0xdb [0282.617] GetLastError () returned 0x0 [0282.618] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.618] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.618] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.618] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.618] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978")) returned 0x10 [0282.618] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].wannacash ncov v310320")) returned 0x20 [0282.618] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1022].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.618] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.618] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.618] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.618] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.618] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.618] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.618] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.618] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.619] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.619] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.619] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3") returned 197 [0282.619] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.619] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3") returned 197 [0282.619] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.619] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FW3F/dUA5kRxIagNbFW8OBOaChbjj+ukVgVwCzJxP1YgZ392zI/qZMLlOraj7ysYIXE+YEstR+hzPcz/HCYRk5lfgAz+Az8kBpZVSQ/FN7vyAQOYkSkzD3baj91hP6YirWGF9CcG/MLAT2OwTSRw7rM2BBYudKJrJdgcxrcyIHY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.619] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.619] CloseHandle (hObject=0x404) returned 1 [0282.619] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=8) returned 1 [0282.619] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=4) returned 1 [0282.619] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=8) returned 1 [0282.619] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=4) returned 1 [0282.619] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=8) returned 1 [0282.619] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=4) returned 1 [0282.619] SetLastError (dwErrCode=0x0) [0282.619] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", lpFilePart=0x19fa34*="imprbeacons.dat") returned 0x9e [0282.619] GetLastError () returned 0x0 [0282.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=8) returned 1 [0282.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=4) returned 1 [0282.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=8) returned 1 [0282.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat", cchCount2=4) returned 1 [0282.620] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978")) returned 0x10 [0282.620] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\imprbeacons.dat")) returned 0 [0282.620] GetLastError () returned 0x2 [0282.620] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279978\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279978\\imprbeacons.dat")) returned 0xffffffff [0282.620] SetLastError (dwErrCode=0x2) [0282.620] GetLastError () returned 0x2 [0282.620] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.620] LocalFree (hMem=0x92fe20) returned 0x0 [0282.620] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.620] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.621] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986\\eventbeacons.dat")) returned 0x20 [0282.622] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37752771189) returned 1 [0282.622] GetCurrentThreadId () returned 0x1130 [0282.622] GetCurrentThreadId () returned 0x1130 [0282.622] GetCurrentThreadId () returned 0x1130 [0282.622] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VXR@neQf4№Own6Xnc^,9fpjw7ePLj5E\"C.b8:,E", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0282.622] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VXR@neQf4№Own6Xnc^,9fpjw7ePLj5E\"C.b8:,E", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0282.622] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VXR@neQf4№Own6Xnc^,9fpjw7ePLj5E\"C.b8:,E", cchWideChar=39, lpMultiByteStr=0x2524fd0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VXR@neQf4â\x84\x96Own6Xnc^,9fpjw7ePLj5E\"C.b8:,E", lpUsedDefaultChar=0x0) returned 41 [0282.622] GetCurrentThreadId () returned 0x1130 [0282.622] GetCurrentThreadId () returned 0x1130 [0282.622] GetCurrentThreadId () returned 0x1130 [0282.622] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986\\eventbeacons.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.622] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] malloc (_Size=0x64) returned 0x1d1338 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.623] GetCurrentThreadId () returned 0x1130 [0282.624] free (_Block=0x1d1338) [0282.624] malloc (_Size=0x60) returned 0x1d1338 [0282.624] free (_Block=0x1d1338) [0282.624] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.624] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.624] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.624] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.624] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.624] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.624] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.624] malloc (_Size=0x8c) returned 0x1d1338 [0282.624] malloc (_Size=0xfc) returned 0x31d71b0 [0282.624] malloc (_Size=0x40) returned 0x1d14e8 [0282.624] GetCurrentThreadId () returned 0x1130 [0282.624] GetCurrentThreadId () returned 0x1130 [0282.624] GetCurrentThreadId () returned 0x1130 [0282.624] GetCurrentThreadId () returned 0x1130 [0282.624] GetCurrentThreadId () returned 0x1130 [0282.624] GetCurrentThreadId () returned 0x1130 [0282.624] GetCurrentThreadId () returned 0x1130 [0282.624] GetCurrentThreadId () returned 0x1130 [0282.624] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.625] malloc (_Size=0x40) returned 0x1d7470 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] malloc (_Size=0xc) returned 0x31e1e50 [0282.625] malloc (_Size=0x40) returned 0x1d74b8 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.625] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] free (_Block=0x31e40b0) [0282.626] free (_Block=0x1d14e8) [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] GetCurrentThreadId () returned 0x1130 [0282.626] free (_Block=0x1d74b8) [0282.626] free (_Block=0x31e1e50) [0282.626] free (_Block=0x1d7470) [0282.626] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.628] free (_Block=0x31d71b0) [0282.628] free (_Block=0x1d1338) [0282.628] CloseHandle (hObject=0x2b4) returned 1 [0282.628] CloseHandle (hObject=0x404) returned 1 [0282.628] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=8) returned 1 [0282.628] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=4) returned 1 [0282.628] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=8) returned 1 [0282.628] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=4) returned 1 [0282.628] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=8) returned 1 [0282.628] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=4) returned 1 [0282.628] SetLastError (dwErrCode=0x0) [0282.628] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", lpFilePart=0x19f9f8*="eventbeacons.dat") returned 0x9f [0282.628] GetLastError () returned 0x0 [0282.628] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=8) returned 1 [0282.628] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=4) returned 1 [0282.628] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=8) returned 1 [0282.628] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=4) returned 1 [0282.628] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986")) returned 0x10 [0282.628] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986\\eventbeacons.dat")) returned 1 [0282.629] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x256)) [0282.629] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.629] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.629] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.629] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.629] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.629] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.630] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.630] CloseHandle (hObject=0x404) returned 1 [0282.630] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[VXR@neQf4№Own6Xnc^,9fpjw7ePLj5E\"C.b8:,E]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0282.630] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[VXR@neQf4№Own6Xnc^,9fpjw7ePLj5E\"C.b8:,E]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0282.630] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[VXR@neQf4№Own6Xnc^,9fpjw7ePLj5E\"C.b8:,E]", cchWideChar=69, lpMultiByteStr=0x252c708, cbMultiByte=69, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[eventbeacons.dat]omgp:[VXR@neQf4?Own6Xnc^,9fpjw7ePLj5E\"C.b8:,E]", lpUsedDefaultChar=0x0) returned 69 [0282.636] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.636] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc=") returned 172 [0282.636] GetCurrentThreadId () returned 0x1130 [0282.636] GetCurrentThreadId () returned 0x1130 [0282.636] GetCurrentThreadId () returned 0x1130 [0282.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.636] SetLastError (dwErrCode=0x0) [0282.636] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320") returned 0xdb [0282.636] GetLastError () returned 0x0 [0282.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.636] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986")) returned 0x10 [0282.637] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].wannacash ncov v310320")) returned 0x20 [0282.637] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1023].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.637] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.637] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.637] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3") returned 197 [0282.637] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.637] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3") returned 197 [0282.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:f5nb52lTx3GkCeVOOky0e8tqi93GKhN40XC8CCTCCZ5b3r8Olb2QZ2p4rzmlwX4GOXqHgTqoNFctX+VC9GVbLCywOPVf7dSEZf32x+6TmtgVH9TLfkeS1FHQohCNnOVVHUodLVVAO4gXNpLmudfB8ViNQPoVIyGEYQb96DKPaIc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.638] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.638] CloseHandle (hObject=0x404) returned 1 [0282.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=8) returned 1 [0282.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=4) returned 1 [0282.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=8) returned 1 [0282.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=4) returned 1 [0282.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=8) returned 1 [0282.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=4) returned 1 [0282.638] SetLastError (dwErrCode=0x0) [0282.638] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", lpFilePart=0x19fa34*="eventbeacons.dat") returned 0x9f [0282.638] GetLastError () returned 0x0 [0282.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=8) returned 1 [0282.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=4) returned 1 [0282.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=8) returned 1 [0282.638] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat", cchCount2=4) returned 1 [0282.638] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986")) returned 0x10 [0282.638] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986\\eventbeacons.dat")) returned 0 [0282.638] GetLastError () returned 0x2 [0282.639] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986\\eventbeacons.dat")) returned 0xffffffff [0282.639] SetLastError (dwErrCode=0x2) [0282.639] GetLastError () returned 0x2 [0282.639] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.639] LocalFree (hMem=0x92fe20) returned 0x0 [0282.639] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.639] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.639] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\279986\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\279986\\imprbeacons.dat")) returned 0x20 [0282.639] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37754565934) returned 1 [0282.640] GetCurrentThreadId () returned 0x1130 [0282.640] GetCurrentThreadId () returned 0x1130 [0282.640] GetCurrentThreadId () returned 0x1130 [0282.640] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Kbm~HT^PMA=U+o!L5`7:oQ\"j?", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0282.874] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=",@*d$psaC_Y=}u~`8)\"e5H#P-z;n>T^PMA=U+o!L5`7:oQ\"j?", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0282.874] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=",@*d$psaC_Y=}u~`8)\"e5H#P-z;n>T^PMA=U+o!L5`7:oQ\"j?", cchWideChar=49, lpMultiByteStr=0x25337d8, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",@*d$psaC_Y=}u~`8)\"e5H#P-z;n>T^PMA=U+o!L5`7:oQ\"j?", lpUsedDefaultChar=0x0) returned 49 [0282.874] GetCurrentThreadId () returned 0x1130 [0282.874] GetCurrentThreadId () returned 0x1130 [0282.874] GetCurrentThreadId () returned 0x1130 [0282.874] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280813\\imprbeacons.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.875] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.875] GetCurrentThreadId () returned 0x1130 [0282.875] GetCurrentThreadId () returned 0x1130 [0282.875] GetCurrentThreadId () returned 0x1130 [0282.875] GetCurrentThreadId () returned 0x1130 [0282.875] GetCurrentThreadId () returned 0x1130 [0282.875] GetCurrentThreadId () returned 0x1130 [0282.875] GetCurrentThreadId () returned 0x1130 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] malloc (_Size=0x64) returned 0x1d1338 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] GetCurrentThreadId () returned 0x1130 [0282.876] free (_Block=0x1d1338) [0282.876] malloc (_Size=0x60) returned 0x1d1338 [0282.876] free (_Block=0x1d1338) [0282.876] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.877] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.877] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.877] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.877] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.877] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.877] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.877] malloc (_Size=0x8c) returned 0x1d1338 [0282.877] malloc (_Size=0xfc) returned 0x31d70a8 [0282.878] malloc (_Size=0x40) returned 0x1d14e8 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.878] malloc (_Size=0x40) returned 0x1d7470 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.878] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] malloc (_Size=0xc) returned 0x31e1ca0 [0282.879] malloc (_Size=0x40) returned 0x1d74b8 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] GetCurrentThreadId () returned 0x1130 [0282.879] free (_Block=0x31e40b0) [0282.879] free (_Block=0x1d14e8) [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] GetCurrentThreadId () returned 0x1130 [0282.880] free (_Block=0x1d74b8) [0282.880] free (_Block=0x31e1ca0) [0282.880] free (_Block=0x1d7470) [0282.880] WriteFile (in: hFile=0x2b4, lpBuffer=0x2533798*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x2533798*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.882] free (_Block=0x31d70a8) [0282.882] free (_Block=0x1d1338) [0282.882] CloseHandle (hObject=0x2b4) returned 1 [0282.882] CloseHandle (hObject=0x404) returned 1 [0282.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=8) returned 1 [0282.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=4) returned 1 [0282.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=8) returned 1 [0282.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=4) returned 1 [0282.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=8) returned 1 [0282.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=4) returned 1 [0282.882] SetLastError (dwErrCode=0x0) [0282.882] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", lpFilePart=0x19f9f8*="imprbeacons.dat") returned 0x9e [0282.882] GetLastError () returned 0x0 [0282.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=8) returned 1 [0282.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=4) returned 1 [0282.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=8) returned 1 [0282.882] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=4) returned 1 [0282.883] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280813")) returned 0x10 [0282.883] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280813\\imprbeacons.dat")) returned 1 [0282.884] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x350)) [0282.884] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.884] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.884] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.884] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.884] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.884] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.884] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.884] CloseHandle (hObject=0x404) returned 1 [0282.884] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[,@*d$psaC_Y=}u~`8)\"e5H#P-z;n>T^PMA=U+o!L5`7:oQ\"j?]", cchWideChar=78, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 78 [0282.884] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[,@*d$psaC_Y=}u~`8)\"e5H#P-z;n>T^PMA=U+o!L5`7:oQ\"j?]", cchWideChar=78, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 78 [0282.884] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[,@*d$psaC_Y=}u~`8)\"e5H#P-z;n>T^PMA=U+o!L5`7:oQ\"j?]", cchWideChar=78, lpMultiByteStr=0x251e148, cbMultiByte=78, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[imprbeacons.dat]omgp:[,@*d$psaC_Y=}u~`8)\"e5H#P-z;n>T^PMA=U+o!L5`7:oQ\"j?]3", lpUsedDefaultChar=0x0) returned 78 [0282.892] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.892] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8=") returned 172 [0282.892] GetCurrentThreadId () returned 0x1130 [0282.893] GetCurrentThreadId () returned 0x1130 [0282.893] GetCurrentThreadId () returned 0x1130 [0282.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.893] SetLastError (dwErrCode=0x0) [0282.893] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320") returned 0xdb [0282.893] GetLastError () returned 0x0 [0282.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.894] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.894] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.894] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.894] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280813")) returned 0x10 [0282.894] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].wannacash ncov v310320")) returned 0x20 [0282.894] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280813\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1030].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.894] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.894] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.894] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.895] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.895] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.895] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.895] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.895] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.895] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.895] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.895] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.895] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.895] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3") returned 197 [0282.895] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.895] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3") returned 197 [0282.895] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.895] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.895] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.895] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:6Ldf9ABTuO+GfVeDvvspHNa6UZpXzvHgOIRBC9By1KycHBlqHt/8c43s+hTZuF43ykgvlI2hkAzXATO/SO9CYAO7I46UsVn9MlLr7r8h5nsY6pdG0Xx+3xu3Pzgbg5LcW7HnPoiU5eO5OFKT1Pk/eJjhaDIjWQ9cxE8GB6/ycD8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.895] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.896] CloseHandle (hObject=0x404) returned 1 [0282.896] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=8) returned 1 [0282.896] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=4) returned 1 [0282.896] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=8) returned 1 [0282.896] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=4) returned 1 [0282.896] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=8) returned 1 [0282.896] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=4) returned 1 [0282.896] SetLastError (dwErrCode=0x0) [0282.896] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", lpFilePart=0x19fa34*="imprbeacons.dat") returned 0x9e [0282.896] GetLastError () returned 0x0 [0282.896] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=8) returned 1 [0282.896] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=4) returned 1 [0282.896] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=8) returned 1 [0282.896] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat", cchCount2=4) returned 1 [0282.896] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280813")) returned 0x10 [0282.896] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280813\\imprbeacons.dat")) returned 0 [0282.897] GetLastError () returned 0x2 [0282.897] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280813\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280813\\imprbeacons.dat")) returned 0xffffffff [0282.897] SetLastError (dwErrCode=0x2) [0282.897] GetLastError () returned 0x2 [0282.897] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.897] LocalFree (hMem=0x92fe20) returned 0x0 [0282.897] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.897] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.897] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\eventbeacons.dat")) returned 0x20 [0282.899] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37780470614) returned 1 [0282.899] GetCurrentThreadId () returned 0x1130 [0282.899] GetCurrentThreadId () returned 0x1130 [0282.899] GetCurrentThreadId () returned 0x1130 [0282.899] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VI4o2aq9|@;gAI&kYLWdVsH<*BO^Q#{-yO/U;6A^%Ze", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0282.899] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VI4o2aq9|@;gAI&kYLWdVsH<*BO^Q#{-yO/U;6A^%Ze", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0282.899] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="VI4o2aq9|@;gAI&kYLWdVsH<*BO^Q#{-yO/U;6A^%Ze", cchWideChar=43, lpMultiByteStr=0x2524fd0, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VI4o2aq9|@;gAI&kYLWdVsH<*BO^Q#{-yO/U;6A^%Ze", lpUsedDefaultChar=0x0) returned 43 [0282.899] GetCurrentThreadId () returned 0x1130 [0282.899] GetCurrentThreadId () returned 0x1130 [0282.899] GetCurrentThreadId () returned 0x1130 [0282.899] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\eventbeacons.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.899] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] GetCurrentThreadId () returned 0x1130 [0282.900] malloc (_Size=0x64) returned 0x1d1338 [0282.901] GetCurrentThreadId () returned 0x1130 [0282.901] GetCurrentThreadId () returned 0x1130 [0282.901] GetCurrentThreadId () returned 0x1130 [0282.901] GetCurrentThreadId () returned 0x1130 [0282.901] GetCurrentThreadId () returned 0x1130 [0282.901] GetCurrentThreadId () returned 0x1130 [0282.901] free (_Block=0x1d1338) [0282.901] malloc (_Size=0x60) returned 0x1d1338 [0282.901] free (_Block=0x1d1338) [0282.901] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.901] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.901] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.901] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.901] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.902] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.902] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.902] malloc (_Size=0x8c) returned 0x1d1338 [0282.902] malloc (_Size=0xfc) returned 0x31d73c0 [0282.902] malloc (_Size=0x40) returned 0x1d14e8 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] GetCurrentThreadId () returned 0x1130 [0282.902] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.903] malloc (_Size=0x40) returned 0x1d7470 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] malloc (_Size=0xc) returned 0x31e1e20 [0282.903] malloc (_Size=0x40) returned 0x1d74b8 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.903] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] free (_Block=0x31e40b0) [0282.904] free (_Block=0x1d14e8) [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.904] GetCurrentThreadId () returned 0x1130 [0282.905] GetCurrentThreadId () returned 0x1130 [0282.905] GetCurrentThreadId () returned 0x1130 [0282.905] GetCurrentThreadId () returned 0x1130 [0282.905] free (_Block=0x1d74b8) [0282.905] free (_Block=0x31e1e20) [0282.905] free (_Block=0x1d7470) [0282.905] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.906] free (_Block=0x31d73c0) [0282.906] free (_Block=0x1d1338) [0282.906] CloseHandle (hObject=0x2b4) returned 1 [0282.906] CloseHandle (hObject=0x404) returned 1 [0282.906] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=8) returned 1 [0282.906] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=4) returned 1 [0282.907] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=8) returned 1 [0282.907] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=4) returned 1 [0282.907] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=8) returned 1 [0282.907] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=4) returned 1 [0282.907] SetLastError (dwErrCode=0x0) [0282.907] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", lpFilePart=0x19f9f8*="eventbeacons.dat") returned 0x9f [0282.907] GetLastError () returned 0x0 [0282.907] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=8) returned 1 [0282.907] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=4) returned 1 [0282.907] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=8) returned 1 [0282.907] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=4) returned 1 [0282.907] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815")) returned 0x10 [0282.907] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\eventbeacons.dat")) returned 1 [0282.908] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x360)) [0282.908] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.908] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.908] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.908] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.908] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.908] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.908] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.909] CloseHandle (hObject=0x404) returned 1 [0282.909] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[VI4o2aq9|@;gAI&kYLWdVsH<*BO^Q#{-yO/U;6A^%Ze]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0282.909] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[VI4o2aq9|@;gAI&kYLWdVsH<*BO^Q#{-yO/U;6A^%Ze]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0282.909] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[eventbeacons.dat]omgp:[VI4o2aq9|@;gAI&kYLWdVsH<*BO^Q#{-yO/U;6A^%Ze]", cchWideChar=73, lpMultiByteStr=0x252c708, cbMultiByte=73, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[eventbeacons.dat]omgp:[VI4o2aq9|@;gAI&kYLWdVsH<*BO^Q#{-yO/U;6A^%Ze]", lpUsedDefaultChar=0x0) returned 73 [0282.920] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.920] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc=") returned 172 [0282.920] GetCurrentThreadId () returned 0x1130 [0282.920] GetCurrentThreadId () returned 0x1130 [0282.920] GetCurrentThreadId () returned 0x1130 [0282.920] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.920] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.920] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.920] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.920] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.920] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.920] SetLastError (dwErrCode=0x0) [0282.920] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320") returned 0xdb [0282.920] GetLastError () returned 0x0 [0282.921] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.921] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.921] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.921] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.921] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815")) returned 0x10 [0282.921] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].wannacash ncov v310320")) returned 0x20 [0282.921] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1031].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.921] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.921] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.922] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.922] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.922] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.922] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.922] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.922] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.922] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.922] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.922] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.922] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.922] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3") returned 197 [0282.922] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.922] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3") returned 197 [0282.922] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.922] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.922] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.922] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:vHAgdUgo1jLSjECb6f+rsMSSsxUaJ6zosx/9TpN6xqSF71VB3NoNFFyyZOyea3Ut2JjUcjg4bMt4TrcnpqtiMj7dq0+YjAXkNdwOK0FHmL9GDlDv6dMmwCPWoMTKdr0IWDKTfelnPH4+anjJMEElsn98mMgnLcOmNmccWdvh4oc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.922] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.923] CloseHandle (hObject=0x404) returned 1 [0282.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=8) returned 1 [0282.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=4) returned 1 [0282.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=8) returned 1 [0282.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=4) returned 1 [0282.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=8) returned 1 [0282.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=4) returned 1 [0282.923] SetLastError (dwErrCode=0x0) [0282.923] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", lpFilePart=0x19fa34*="eventbeacons.dat") returned 0x9f [0282.923] GetLastError () returned 0x0 [0282.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=8) returned 1 [0282.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=4) returned 1 [0282.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=8) returned 1 [0282.923] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat", cchCount2=4) returned 1 [0282.924] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815")) returned 0x10 [0282.924] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\eventbeacons.dat")) returned 0 [0282.924] GetLastError () returned 0x2 [0282.924] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\eventbeacons.dat")) returned 0xffffffff [0282.924] SetLastError (dwErrCode=0x2) [0282.924] GetLastError () returned 0x2 [0282.924] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.924] LocalFree (hMem=0x92fe20) returned 0x0 [0282.924] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.925] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.925] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\imprbeacons.dat")) returned 0x20 [0282.925] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37783138456) returned 1 [0282.925] GetCurrentThreadId () returned 0x1130 [0282.925] GetCurrentThreadId () returned 0x1130 [0282.925] GetCurrentThreadId () returned 0x1130 [0282.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hf{4MG\"^bZ%+:F9!oo}qB1?{_To\\S;Tfau.BQDw", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0282.925] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hf{4MG\"^bZ%+:F9!oo}qB1?{_To\\S;Tfau.BQDw", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0282.926] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="hf{4MG\"^bZ%+:F9!oo}qB1?{_To\\S;Tfau.BQDw", cchWideChar=39, lpMultiByteStr=0x2525040, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hf{4MG\"^bZ%+:F9!oo}qB1?{_To\\S;Tfau.BQDw", lpUsedDefaultChar=0x0) returned 39 [0282.926] GetCurrentThreadId () returned 0x1130 [0282.926] GetCurrentThreadId () returned 0x1130 [0282.926] GetCurrentThreadId () returned 0x1130 [0282.926] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\imprbeacons.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.926] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] malloc (_Size=0x64) returned 0x1d1338 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.927] GetCurrentThreadId () returned 0x1130 [0282.928] GetCurrentThreadId () returned 0x1130 [0282.928] GetCurrentThreadId () returned 0x1130 [0282.928] GetCurrentThreadId () returned 0x1130 [0282.928] free (_Block=0x1d1338) [0282.928] malloc (_Size=0x60) returned 0x1d1338 [0282.928] free (_Block=0x1d1338) [0282.928] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.928] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.928] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.928] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.928] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.928] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0282.928] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0282.928] malloc (_Size=0x8c) returned 0x1d1338 [0282.928] malloc (_Size=0xfc) returned 0x31d71b0 [0282.929] malloc (_Size=0x40) returned 0x1d14e8 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] malloc (_Size=0xa5c) returned 0x31e40b0 [0282.929] malloc (_Size=0x40) returned 0x1d7470 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.929] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] malloc (_Size=0xc) returned 0x31e1ca0 [0282.930] malloc (_Size=0x40) returned 0x1d74b8 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] GetCurrentThreadId () returned 0x1130 [0282.930] free (_Block=0x31e40b0) [0282.930] free (_Block=0x1d14e8) [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] GetCurrentThreadId () returned 0x1130 [0282.931] free (_Block=0x1d74b8) [0282.931] free (_Block=0x31e1ca0) [0282.931] free (_Block=0x1d7470) [0282.931] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0282.933] free (_Block=0x31d71b0) [0282.933] free (_Block=0x1d1338) [0282.933] CloseHandle (hObject=0x2b4) returned 1 [0282.933] CloseHandle (hObject=0x404) returned 1 [0282.933] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=8) returned 1 [0282.933] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=4) returned 1 [0282.933] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=8) returned 1 [0282.933] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=4) returned 1 [0282.933] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=8) returned 1 [0282.933] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=4) returned 1 [0282.933] SetLastError (dwErrCode=0x0) [0282.933] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", lpFilePart=0x19f9f8*="imprbeacons.dat") returned 0x9e [0282.933] GetLastError () returned 0x0 [0282.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=8) returned 1 [0282.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=4) returned 1 [0282.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=8) returned 1 [0282.934] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=4) returned 1 [0282.934] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815")) returned 0x10 [0282.934] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\imprbeacons.dat")) returned 1 [0282.935] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2a, wSecond=0x3a, wMilliseconds=0x37f)) [0282.935] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0282.935] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.935] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0282.935] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.935] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0282.935] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0282.935] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0282.935] CloseHandle (hObject=0x404) returned 1 [0282.935] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[hf{4MG\"^bZ%+:F9!oo}qB1?{_To\\S;Tfau.BQDw]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0282.936] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[hf{4MG\"^bZ%+:F9!oo}qB1?{_To\\S;Tfau.BQDw]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0282.936] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[imprbeacons.dat]omgp:[hf{4MG\"^bZ%+:F9!oo}qB1?{_To\\S;Tfau.BQDw]", cchWideChar=68, lpMultiByteStr=0x2541d78, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[imprbeacons.dat]omgp:[hf{4MG\"^bZ%+:F9!oo}qB1?{_To\\S;Tfau.BQDw]", lpUsedDefaultChar=0x0) returned 68 [0282.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0282.944] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e43c, cchWideChar=172 | out: lpWideCharStr="OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ=") returned 172 [0282.944] GetCurrentThreadId () returned 0x1130 [0282.944] GetCurrentThreadId () returned 0x1130 [0282.944] GetCurrentThreadId () returned 0x1130 [0282.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.944] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.945] SetLastError (dwErrCode=0x0) [0282.945] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320") returned 0xdb [0282.945] GetLastError () returned 0x0 [0282.945] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.945] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.945] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0282.945] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0282.945] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815")) returned 0x10 [0282.945] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].wannacash ncov v310320")) returned 0x20 [0282.945] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1032].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0282.946] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0282.946] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.946] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0282.946] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0282.946] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0282.946] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.946] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.946] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.946] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.946] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.946] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.946] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.946] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3") returned 197 [0282.946] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0282.946] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3") returned 197 [0282.946] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0282.947] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.947] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0282.947] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:OfufgC+75+z5MNiTIdDMAcZ5HqJR6ZfxrdXYIRgR31Y4mpfZxMIX+eOCb/LV3VFHnQh0gAuA4+yhfK70e66PhCjiQp/tl9VwqqMk6th8++Q5f3K8KVwlbBSlSHRUUZgMEMh+i5JtLid0h1l4VrwKLA0ZdJ+qL7nd0vrcjpns8RQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0282.947] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0282.947] CloseHandle (hObject=0x404) returned 1 [0282.947] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=8) returned 1 [0282.947] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=4) returned 1 [0282.947] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=8) returned 1 [0282.947] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=4) returned 1 [0282.947] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=8) returned 1 [0282.947] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=4) returned 1 [0282.948] SetLastError (dwErrCode=0x0) [0282.948] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", lpFilePart=0x19fa34*="imprbeacons.dat") returned 0x9e [0282.948] GetLastError () returned 0x0 [0282.948] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=8) returned 1 [0282.948] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=4) returned 1 [0282.948] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=8) returned 1 [0282.948] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat", cchCount2=4) returned 1 [0282.948] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815")) returned 0x10 [0282.948] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\imprbeacons.dat")) returned 0 [0282.948] GetLastError () returned 0x2 [0282.948] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280815\\imprbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280815\\imprbeacons.dat")) returned 0xffffffff [0282.948] SetLastError (dwErrCode=0x2) [0282.948] GetLastError () returned 0x2 [0282.948] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0282.948] LocalFree (hMem=0x92fe20) returned 0x0 [0282.948] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0282.949] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0282.949] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\LocalState\\ContentManagementSDK\\Creatives\\280819\\eventbeacons.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\localstate\\contentmanagementsdk\\creatives\\280819\\eventbeacons.dat")) returned 0x20 [0282.950] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=37785639426) returned 1 [0282.950] GetCurrentThreadId () returned 0x1130 [0282.950] GetCurrentThreadId () returned 0x1130 [0282.950] GetCurrentThreadId () returned 0x1130 [0282.950] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="ezT:5|i~YS(i~YS(i~YS(i~YS(i~YS(i~YS(i~YS(i~YS(|5", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0286.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="U1Mm9,\\.a1%C\"x&yrP.%v7IUljkn+rhy:>|5", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0286.921] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="U1Mm9,\\.a1%C\"x&yrP.%v7IUljkn+rhy:>|5", cchWideChar=36, lpMultiByteStr=0x250f7e8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="U1Mm9,\\.a1%C\"x&yrP.%v7IUljkn+rhy:>|5AøP\x02\x01", lpUsedDefaultChar=0x0) returned 36 [0286.921] GetCurrentThreadId () returned 0x1130 [0286.921] GetCurrentThreadId () returned 0x1130 [0286.921] GetCurrentThreadId () returned 0x1130 [0286.921] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0286.922] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] GetCurrentThreadId () returned 0x1130 [0286.923] malloc (_Size=0x64) returned 0x1d1338 [0286.924] GetCurrentThreadId () returned 0x1130 [0286.924] GetCurrentThreadId () returned 0x1130 [0286.924] GetCurrentThreadId () returned 0x1130 [0286.924] GetCurrentThreadId () returned 0x1130 [0286.924] GetCurrentThreadId () returned 0x1130 [0286.924] GetCurrentThreadId () returned 0x1130 [0286.924] free (_Block=0x1d1338) [0286.924] malloc (_Size=0x60) returned 0x1d1338 [0286.924] free (_Block=0x1d1338) [0286.924] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.924] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5 [0286.924] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.924] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.924] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5 [0286.924] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.924] ReadFile (in: hFile=0x404, lpBuffer=0x24f3b78, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24f3b78*, lpNumberOfBytesRead=0x19fbc8*=0x5, lpOverlapped=0x0) returned 1 [0286.926] malloc (_Size=0x8c) returned 0x1d1338 [0286.926] malloc (_Size=0xfc) returned 0x31d72b8 [0286.926] malloc (_Size=0x40) returned 0x1d14e8 [0286.926] GetCurrentThreadId () returned 0x1130 [0286.926] GetCurrentThreadId () returned 0x1130 [0286.926] GetCurrentThreadId () returned 0x1130 [0286.926] GetCurrentThreadId () returned 0x1130 [0286.926] GetCurrentThreadId () returned 0x1130 [0286.926] GetCurrentThreadId () returned 0x1130 [0286.926] GetCurrentThreadId () returned 0x1130 [0286.926] GetCurrentThreadId () returned 0x1130 [0286.926] GetCurrentThreadId () returned 0x1130 [0286.926] GetCurrentThreadId () returned 0x1130 [0286.926] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] malloc (_Size=0xa5c) returned 0x31e40b0 [0286.927] malloc (_Size=0x40) returned 0x1d7470 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] GetCurrentThreadId () returned 0x1130 [0286.927] malloc (_Size=0xc) returned 0x31e1dc0 [0286.927] malloc (_Size=0x40) returned 0x1d74b8 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] free (_Block=0x31e40b0) [0286.928] free (_Block=0x1d14e8) [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.928] GetCurrentThreadId () returned 0x1130 [0286.929] GetCurrentThreadId () returned 0x1130 [0286.929] GetCurrentThreadId () returned 0x1130 [0286.929] GetCurrentThreadId () returned 0x1130 [0286.929] GetCurrentThreadId () returned 0x1130 [0286.929] GetCurrentThreadId () returned 0x1130 [0286.929] GetCurrentThreadId () returned 0x1130 [0286.929] GetCurrentThreadId () returned 0x1130 [0286.929] GetCurrentThreadId () returned 0x1130 [0286.929] GetCurrentThreadId () returned 0x1130 [0286.929] free (_Block=0x1d74b8) [0286.929] free (_Block=0x31e1dc0) [0286.929] free (_Block=0x1d7470) [0286.929] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0286.930] free (_Block=0x31d72b8) [0286.930] free (_Block=0x1d1338) [0286.930] CloseHandle (hObject=0x2b4) returned 1 [0286.931] CloseHandle (hObject=0x404) returned 1 [0286.931] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.931] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.931] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.931] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.931] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.931] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.931] SetLastError (dwErrCode=0x0) [0286.931] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", lpFilePart=0x19f9f8*="0.1.filtertrie.intermediate.txt") returned 0xb9 [0286.931] GetLastError () returned 0x0 [0286.931] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.931] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.931] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.932] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.932] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}")) returned 0x10 [0286.932] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt")) returned 1 [0286.934] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x2, wMilliseconds=0x381)) [0286.934] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0286.934] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0286.934] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0286.934] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0286.934] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0286.934] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0286.934] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0286.934] CloseHandle (hObject=0x404) returned 1 [0286.934] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0.1.filtertrie.intermediate.txt]omgp:[U1Mm9,\\.a1%C\"x&yrP.%v7IUljkn+rhy:>|5]", cchWideChar=81, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 81 [0286.935] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0.1.filtertrie.intermediate.txt]omgp:[U1Mm9,\\.a1%C\"x&yrP.%v7IUljkn+rhy:>|5]", cchWideChar=81, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 81 [0286.935] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0.1.filtertrie.intermediate.txt]omgp:[U1Mm9,\\.a1%C\"x&yrP.%v7IUljkn+rhy:>|5]", cchWideChar=81, lpMultiByteStr=0x251e1a8, cbMultiByte=81, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[0.1.filtertrie.intermediate.txt]omgp:[U1Mm9,\\.a1%C\"x&yrP.%v7IUljkn+rhy:>|5]", lpUsedDefaultChar=0x0) returned 81 [0286.943] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0286.943] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e73c, cchWideChar=172 | out: lpWideCharStr="btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc=") returned 172 [0286.943] GetCurrentThreadId () returned 0x1130 [0286.943] GetCurrentThreadId () returned 0x1130 [0286.943] GetCurrentThreadId () returned 0x1130 [0286.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0286.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0286.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0286.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0286.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0286.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0286.943] SetLastError (dwErrCode=0x0) [0286.943] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320") returned 0xe6 [0286.943] GetLastError () returned 0x0 [0286.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0286.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0286.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0286.943] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0286.943] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}")) returned 0x10 [0286.944] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].wannacash ncov v310320")) returned 0x20 [0286.944] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1111].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0286.944] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0286.944] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0286.944] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0286.944] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0286.944] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0286.944] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.945] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.945] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0286.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.945] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0286.945] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0286.945] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3") returned 197 [0286.945] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0286.945] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3") returned 197 [0286.945] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0286.945] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.945] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.945] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:btfVwQrxGOqU5lUCIpox3gdKXDbU7EU9TulZEXItdx+9uk6m8i4uREfwpsHeOuM3Cafqtq4Oslmv0TUAXBcJ2kL/LHAtn9pON2s3tb4rQQHsXDX40th3MgVacWVW3kXfK8H6dMuuuxI8zq/wbQvBH9oLwuBK3CR4Dbq95qtY0jc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0286.945] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0286.946] CloseHandle (hObject=0x404) returned 1 [0286.946] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.946] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.946] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.946] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.946] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.946] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.946] SetLastError (dwErrCode=0x0) [0286.946] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", lpFilePart=0x19fa34*="0.1.filtertrie.intermediate.txt") returned 0xb9 [0286.946] GetLastError () returned 0x0 [0286.946] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.946] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.946] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.946] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.946] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}")) returned 0x10 [0286.946] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt")) returned 0 [0286.947] GetLastError () returned 0x2 [0286.947] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.1.filtertrie.intermediate.txt")) returned 0xffffffff [0286.947] SetLastError (dwErrCode=0x2) [0286.947] GetLastError () returned 0x2 [0286.947] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0286.947] LocalFree (hMem=0x92fe20) returned 0x0 [0286.947] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0286.947] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0286.947] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt")) returned 0x20 [0286.948] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38185393103) returned 1 [0286.948] GetCurrentThreadId () returned 0x1130 [0286.948] GetCurrentThreadId () returned 0x1130 [0286.948] GetCurrentThreadId () returned 0x1130 [0286.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FtxFa-Rx}Qu\\=w?!QQYQ`E6&o", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0286.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FtxFa-Rx}Qu\\=w?!QQYQ`E6&o", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0286.948] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="FtxFa-Rx}Qu\\=w?!QQYQ`E6&o", cchWideChar=25, lpMultiByteStr=0x2508ee8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FtxFa-Rx}Qu\\=w?!QQYQ`E6&o", lpUsedDefaultChar=0x0) returned 25 [0286.948] GetCurrentThreadId () returned 0x1130 [0286.948] GetCurrentThreadId () returned 0x1130 [0286.948] GetCurrentThreadId () returned 0x1130 [0286.948] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0286.948] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0286.949] GetCurrentThreadId () returned 0x1130 [0286.949] GetCurrentThreadId () returned 0x1130 [0286.949] GetCurrentThreadId () returned 0x1130 [0286.949] GetCurrentThreadId () returned 0x1130 [0286.949] GetCurrentThreadId () returned 0x1130 [0286.949] GetCurrentThreadId () returned 0x1130 [0286.949] GetCurrentThreadId () returned 0x1130 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] malloc (_Size=0x64) returned 0x1d1338 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] GetCurrentThreadId () returned 0x1130 [0286.950] free (_Block=0x1d1338) [0286.950] malloc (_Size=0x60) returned 0x1d1338 [0286.950] free (_Block=0x1d1338) [0286.950] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.951] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5 [0286.951] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.951] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.951] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x5 [0286.951] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.951] ReadFile (in: hFile=0x404, lpBuffer=0x24f3b30, nNumberOfBytesToRead=0x5, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x24f3b30*, lpNumberOfBytesRead=0x19fbc8*=0x5, lpOverlapped=0x0) returned 1 [0286.952] malloc (_Size=0x8c) returned 0x1d1338 [0286.952] malloc (_Size=0xfc) returned 0x31d79f0 [0286.952] malloc (_Size=0x40) returned 0x1d14e8 [0286.952] GetCurrentThreadId () returned 0x1130 [0286.952] GetCurrentThreadId () returned 0x1130 [0286.952] GetCurrentThreadId () returned 0x1130 [0286.952] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] malloc (_Size=0xa5c) returned 0x31e40b0 [0286.953] malloc (_Size=0x40) returned 0x1d7470 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] GetCurrentThreadId () returned 0x1130 [0286.953] malloc (_Size=0xc) returned 0x31e1df0 [0286.953] malloc (_Size=0x40) returned 0x1d74b8 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] free (_Block=0x31e40b0) [0286.954] free (_Block=0x1d14e8) [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.954] GetCurrentThreadId () returned 0x1130 [0286.955] GetCurrentThreadId () returned 0x1130 [0286.955] GetCurrentThreadId () returned 0x1130 [0286.955] GetCurrentThreadId () returned 0x1130 [0286.955] GetCurrentThreadId () returned 0x1130 [0286.955] GetCurrentThreadId () returned 0x1130 [0286.955] GetCurrentThreadId () returned 0x1130 [0286.955] GetCurrentThreadId () returned 0x1130 [0286.955] GetCurrentThreadId () returned 0x1130 [0286.955] GetCurrentThreadId () returned 0x1130 [0286.955] GetCurrentThreadId () returned 0x1130 [0286.955] free (_Block=0x1d74b8) [0286.955] free (_Block=0x31e1df0) [0286.955] free (_Block=0x1d7470) [0286.955] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0286.957] free (_Block=0x31d79f0) [0286.957] free (_Block=0x1d1338) [0286.957] CloseHandle (hObject=0x2b4) returned 1 [0286.957] CloseHandle (hObject=0x404) returned 1 [0286.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.958] SetLastError (dwErrCode=0x0) [0286.958] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", lpFilePart=0x19f9f8*="0.2.filtertrie.intermediate.txt") returned 0xb9 [0286.958] GetLastError () returned 0x0 [0286.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.958] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.958] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}")) returned 0x10 [0286.958] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt")) returned 1 [0286.961] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x2, wMilliseconds=0x3a0)) [0286.961] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0286.961] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0286.961] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0286.961] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0286.961] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0286.961] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0286.961] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0286.962] CloseHandle (hObject=0x404) returned 1 [0286.962] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0.2.filtertrie.intermediate.txt]omgp:[FtxFa-Rx}Qu\\=w?!QQYQ`E6&o]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0286.962] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0.2.filtertrie.intermediate.txt]omgp:[FtxFa-Rx}Qu\\=w?!QQYQ`E6&o]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0286.962] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0.2.filtertrie.intermediate.txt]omgp:[FtxFa-Rx}Qu\\=w?!QQYQ`E6&o]", cchWideChar=70, lpMultiByteStr=0x252c708, cbMultiByte=70, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[0.2.filtertrie.intermediate.txt]omgp:[FtxFa-Rx}Qu\\=w?!QQYQ`E6&o]", lpUsedDefaultChar=0x0) returned 70 [0286.969] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0286.969] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0=") returned 172 [0286.970] GetCurrentThreadId () returned 0x1130 [0286.970] GetCurrentThreadId () returned 0x1130 [0286.970] GetCurrentThreadId () returned 0x1130 [0286.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0286.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0286.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0286.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0286.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0286.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0286.970] SetLastError (dwErrCode=0x0) [0286.970] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320") returned 0xe6 [0286.970] GetLastError () returned 0x0 [0286.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0286.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0286.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0286.970] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0286.970] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}")) returned 0x10 [0286.970] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].wannacash ncov v310320")) returned 0x20 [0286.971] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1112].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0286.971] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0286.971] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0286.971] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0286.971] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0286.971] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0286.971] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.971] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.971] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0286.971] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.971] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.972] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0286.972] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0286.972] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3") returned 197 [0286.972] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0286.972] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3") returned 197 [0286.972] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0286.972] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.972] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0286.972] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Fz7Nj6f7ggFsHHUCTM/Wtw2vsRaDdBbw3nPOFzhtcbJYPgUied0KEJs7Dye5D3ZJZYxeCqqL+qHrsP+hq35XBa2nZdF1BftWr8MstsvT4DBYyJbl2USfmsS2eIvP+VfEiOmprpesNpE42kXJ/Z12lrC3Z3A/oq5iZtDAlMwClk0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0286.972] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0286.972] CloseHandle (hObject=0x404) returned 1 [0286.972] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.972] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.972] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.973] SetLastError (dwErrCode=0x0) [0286.973] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", lpFilePart=0x19fa34*="0.2.filtertrie.intermediate.txt") returned 0xb9 [0286.973] GetLastError () returned 0x0 [0286.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=8) returned 1 [0286.973] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt", cchCount2=4) returned 1 [0286.973] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}")) returned 0x10 [0286.973] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt")) returned 0 [0286.973] GetLastError () returned 0x2 [0286.973] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\ConstraintIndex\\Settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\constraintindex\\settings_{549dafe6-de7c-4227-9b89-3b85713bbc8d}\\0.2.filtertrie.intermediate.txt")) returned 0xffffffff [0286.973] SetLastError (dwErrCode=0x2) [0286.973] GetLastError () returned 0x2 [0286.974] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0286.974] LocalFree (hMem=0x92fe20) returned 0x0 [0286.974] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0286.974] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0286.974] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\appcache131509115860744759.txt")) returned 0x20 [0286.974] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38188050351) returned 1 [0286.974] GetCurrentThreadId () returned 0x1130 [0286.974] GetCurrentThreadId () returned 0x1130 [0286.974] GetCurrentThreadId () returned 0x1130 [0286.975] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wia:EF2dX@>e<|*k|Chpo~Zj`UKMd\"RgTxKN%ZL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0286.975] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wia:EF2dX@>e<|*k|Chpo~Zj`UKMd\"RgTxKN%ZL", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0286.975] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="wia:EF2dX@>e<|*k|Chpo~Zj`UKMd\"RgTxKN%ZL", cchWideChar=39, lpMultiByteStr=0x2524fd0, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wia:EF2dX@>e<|*k|Chpo~Zj`UKMd\"RgTxKN%ZL", lpUsedDefaultChar=0x0) returned 39 [0286.975] GetCurrentThreadId () returned 0x1130 [0286.975] GetCurrentThreadId () returned 0x1130 [0286.975] GetCurrentThreadId () returned 0x1130 [0286.975] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\appcache131509115860744759.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0286.975] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0286.976] GetCurrentThreadId () returned 0x1130 [0286.976] GetCurrentThreadId () returned 0x1130 [0286.976] GetCurrentThreadId () returned 0x1130 [0286.976] GetCurrentThreadId () returned 0x1130 [0286.976] GetCurrentThreadId () returned 0x1130 [0286.976] GetCurrentThreadId () returned 0x1130 [0286.976] GetCurrentThreadId () returned 0x1130 [0286.976] GetCurrentThreadId () returned 0x1130 [0286.977] GetCurrentThreadId () returned 0x1130 [0286.977] GetCurrentThreadId () returned 0x1130 [0286.977] GetCurrentThreadId () returned 0x1130 [0286.977] GetCurrentThreadId () returned 0x1130 [0286.977] GetCurrentThreadId () returned 0x1130 [0286.977] malloc (_Size=0x64) returned 0x1d1338 [0286.977] GetCurrentThreadId () returned 0x1130 [0286.977] GetCurrentThreadId () returned 0x1130 [0286.977] GetCurrentThreadId () returned 0x1130 [0286.977] GetCurrentThreadId () returned 0x1130 [0286.977] GetCurrentThreadId () returned 0x1130 [0286.977] GetCurrentThreadId () returned 0x1130 [0286.977] free (_Block=0x1d1338) [0286.977] malloc (_Size=0x60) returned 0x1d1338 [0286.977] free (_Block=0x1d1338) [0286.977] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.977] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x20e85 [0286.978] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.978] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.978] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x20e85 [0286.978] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0286.978] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x20e85, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x20e85, lpOverlapped=0x0) returned 1 [0286.980] malloc (_Size=0x8c) returned 0x1d1338 [0286.980] malloc (_Size=0xfc) returned 0x31d7c00 [0286.980] malloc (_Size=0x40) returned 0x1d14e8 [0286.980] GetCurrentThreadId () returned 0x1130 [0286.980] GetCurrentThreadId () returned 0x1130 [0286.980] GetCurrentThreadId () returned 0x1130 [0286.980] GetCurrentThreadId () returned 0x1130 [0286.980] GetCurrentThreadId () returned 0x1130 [0286.980] GetCurrentThreadId () returned 0x1130 [0286.980] GetCurrentThreadId () returned 0x1130 [0286.980] GetCurrentThreadId () returned 0x1130 [0286.980] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] malloc (_Size=0xa5c) returned 0x31e40b0 [0286.981] malloc (_Size=0x40) returned 0x1d7470 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] GetCurrentThreadId () returned 0x1130 [0286.981] malloc (_Size=0xc) returned 0x31e1ec8 [0286.981] malloc (_Size=0x720) returned 0x31d2860 [0286.981] malloc (_Size=0xe3c) returned 0x1d9aa8 [0286.981] free (_Block=0x31d2860) [0286.981] malloc (_Size=0x15ac) returned 0x1da8f0 [0286.982] free (_Block=0x1d9aa8) [0286.982] malloc (_Size=0x23e4) returned 0x1dbea8 [0286.982] free (_Block=0x1da8f0) [0286.982] malloc (_Size=0x3274) returned 0x3a60048 [0286.982] free (_Block=0x1dbea8) [0286.983] malloc (_Size=0x4820) returned 0x1d9aa8 [0286.983] free (_Block=0x3a60048) [0286.984] malloc (_Size=0x64e4) returned 0x3a60048 [0286.984] free (_Block=0x1d9aa8) [0286.984] malloc (_Size=0x8920) returned 0x3a66538 [0286.984] free (_Block=0x3a60048) [0286.984] malloc (_Size=0xbb90) returned 0x3a6ee60 [0286.985] free (_Block=0x3a66538) [0286.985] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0286.986] free (_Block=0x3a6ee60) [0286.986] malloc (_Size=0x1533c) returned 0x3a60048 [0286.986] free (_Block=0x3a7a9f8) [0286.986] malloc (_Size=0x1c704) returned 0x3a75390 [0286.986] free (_Block=0x3a60048) [0286.987] malloc (_Size=0x265c8) returned 0x3a91aa0 [0286.987] free (_Block=0x3a75390) [0286.987] malloc (_Size=0x33758) returned 0x31e4b18 [0286.988] free (_Block=0x3a91aa0) [0286.988] GetCurrentThreadId () returned 0x1130 [0286.989] GetCurrentThreadId () returned 0x1130 [0286.989] GetCurrentThreadId () returned 0x1130 [0286.989] GetCurrentThreadId () returned 0x1130 [0286.989] GetCurrentThreadId () returned 0x1130 [0286.989] GetCurrentThreadId () returned 0x1130 [0287.004] GetCurrentThreadId () returned 0x1130 [0287.004] GetCurrentThreadId () returned 0x1130 [0287.004] GetCurrentThreadId () returned 0x1130 [0287.004] GetCurrentThreadId () returned 0x1130 [0287.004] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] free (_Block=0x31e40b0) [0287.005] free (_Block=0x1d14e8) [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.005] GetCurrentThreadId () returned 0x1130 [0287.006] free (_Block=0x31e4b18) [0287.006] free (_Block=0x31e1ec8) [0287.006] free (_Block=0x1d7470) [0287.006] WriteFile (in: hFile=0x2b4, lpBuffer=0x39f8608*, nNumberOfBytesToWrite=0x2c925, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39f8608*, lpNumberOfBytesWritten=0x19fbbc*=0x2c925, lpOverlapped=0x0) returned 1 [0287.009] free (_Block=0x31d7c00) [0287.009] free (_Block=0x1d1338) [0287.009] CloseHandle (hObject=0x2b4) returned 1 [0287.010] CloseHandle (hObject=0x404) returned 1 [0287.010] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=8) returned 1 [0287.010] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=4) returned 1 [0287.010] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=8) returned 1 [0287.010] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=4) returned 1 [0287.010] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=8) returned 1 [0287.010] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=4) returned 1 [0287.010] SetLastError (dwErrCode=0x0) [0287.010] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", lpFilePart=0x19f9f8*="AppCache131509115860744759.txt") returned 0x8a [0287.010] GetLastError () returned 0x0 [0287.010] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=8) returned 1 [0287.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=4) returned 1 [0287.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=8) returned 1 [0287.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=4) returned 1 [0287.011] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache")) returned 0x10 [0287.011] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\appcache131509115860744759.txt")) returned 1 [0287.014] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x2, wMilliseconds=0x3cf)) [0287.014] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0287.014] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0287.014] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0287.014] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0287.015] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0287.015] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0287.015] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0287.015] CloseHandle (hObject=0x404) returned 1 [0287.015] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AppCache131509115860744759.txt]omgp:[wia:EF2dX@>e<|*k|Chpo~Zj`UKMd\"RgTxKN%ZL]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0287.015] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AppCache131509115860744759.txt]omgp:[wia:EF2dX@>e<|*k|Chpo~Zj`UKMd\"RgTxKN%ZL]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0287.015] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[AppCache131509115860744759.txt]omgp:[wia:EF2dX@>e<|*k|Chpo~Zj`UKMd\"RgTxKN%ZL]", cchWideChar=83, lpMultiByteStr=0x251e1a8, cbMultiByte=83, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[AppCache131509115860744759.txt]omgp:[wia:EF2dX@>e<|*k|Chpo~Zj`UKMd\"RgTxKN%ZL]", lpUsedDefaultChar=0x0) returned 83 [0287.022] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0287.022] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e73c, cchWideChar=172 | out: lpWideCharStr="SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg=") returned 172 [0287.023] GetCurrentThreadId () returned 0x1130 [0287.023] GetCurrentThreadId () returned 0x1130 [0287.023] GetCurrentThreadId () returned 0x1130 [0287.023] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.023] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.023] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.023] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.023] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.023] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.023] SetLastError (dwErrCode=0x0) [0287.023] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320") returned 0xb8 [0287.023] GetLastError () returned 0x0 [0287.023] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.023] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.023] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.023] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.023] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache")) returned 0x10 [0287.023] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].wannacash ncov v310320")) returned 0x20 [0287.024] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1113].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0287.024] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0287.024] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0287.024] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2c925 [0287.024] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0287.024] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0287.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.024] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0287.024] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.024] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.024] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0287.024] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0287.024] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3") returned 197 [0287.024] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0287.024] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3") returned 197 [0287.025] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2c925 [0287.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.025] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:SPwh9DOgrMxJfel2hgM8StABKhaN3QS6cX1CHGeiKJZFgR83/Kc1s9MUB7bD00HsaFU+CO0xoALJYm56Ne1ic72HPFCN2jd9L0G7K+IBBEjclzm4t+9LvvtrxNBtkBqSTLk4unXkbajPQjEN3HNjL/gnr/TLlnJ1LF/IrigyBRg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0287.025] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0287.025] CloseHandle (hObject=0x404) returned 1 [0287.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=8) returned 1 [0287.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=4) returned 1 [0287.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=8) returned 1 [0287.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=4) returned 1 [0287.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=8) returned 1 [0287.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=4) returned 1 [0287.025] SetLastError (dwErrCode=0x0) [0287.025] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", lpFilePart=0x19fa34*="AppCache131509115860744759.txt") returned 0x8a [0287.025] GetLastError () returned 0x0 [0287.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=8) returned 1 [0287.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=4) returned 1 [0287.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=8) returned 1 [0287.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt", cchCount2=4) returned 1 [0287.026] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache")) returned 0x10 [0287.026] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\appcache131509115860744759.txt")) returned 0 [0287.026] GetLastError () returned 0x2 [0287.026] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\AppCache131509115860744759.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\appcache131509115860744759.txt")) returned 0xffffffff [0287.026] SetLastError (dwErrCode=0x2) [0287.026] GetLastError () returned 0x2 [0287.026] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0287.026] LocalFree (hMem=0x92fe20) returned 0x0 [0287.026] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0287.027] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0287.027] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\settingscache.txt")) returned 0x20 [0287.027] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38193361090) returned 1 [0287.028] GetCurrentThreadId () returned 0x1130 [0287.028] GetCurrentThreadId () returned 0x1130 [0287.028] GetCurrentThreadId () returned 0x1130 [0287.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№,\"8Qixnz,ZX<>t\";sKw\\2*u5", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0287.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№,\"8Qixnz,ZX<>t\";sKw\\2*u5", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0287.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№,\"8Qixnz,ZX<>t\";sKw\\2*u5", cchWideChar=25, lpMultiByteStr=0x2508f10, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="â\x84\x96,\"8Qixnz,ZX<>t\";sKw\\2*u5", lpUsedDefaultChar=0x0) returned 27 [0287.028] GetCurrentThreadId () returned 0x1130 [0287.028] GetCurrentThreadId () returned 0x1130 [0287.028] GetCurrentThreadId () returned 0x1130 [0287.028] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\settingscache.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0287.028] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0287.029] GetCurrentThreadId () returned 0x1130 [0287.029] GetCurrentThreadId () returned 0x1130 [0287.029] GetCurrentThreadId () returned 0x1130 [0287.029] GetCurrentThreadId () returned 0x1130 [0287.029] GetCurrentThreadId () returned 0x1130 [0287.029] GetCurrentThreadId () returned 0x1130 [0287.029] GetCurrentThreadId () returned 0x1130 [0287.029] GetCurrentThreadId () returned 0x1130 [0287.029] GetCurrentThreadId () returned 0x1130 [0287.030] GetCurrentThreadId () returned 0x1130 [0287.030] GetCurrentThreadId () returned 0x1130 [0287.030] GetCurrentThreadId () returned 0x1130 [0287.030] GetCurrentThreadId () returned 0x1130 [0287.030] malloc (_Size=0x64) returned 0x1d1338 [0287.030] GetCurrentThreadId () returned 0x1130 [0287.030] GetCurrentThreadId () returned 0x1130 [0287.030] GetCurrentThreadId () returned 0x1130 [0287.030] GetCurrentThreadId () returned 0x1130 [0287.030] GetCurrentThreadId () returned 0x1130 [0287.030] GetCurrentThreadId () returned 0x1130 [0287.030] free (_Block=0x1d1338) [0287.030] malloc (_Size=0x60) returned 0x1d1338 [0287.030] free (_Block=0x1d1338) [0287.030] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0287.030] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x538f2 [0287.031] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0287.031] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fe50000 [0287.037] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0287.037] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x538f2 [0287.038] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0287.038] ReadFile (in: hFile=0x404, lpBuffer=0x7fe50018, nNumberOfBytesToRead=0x538f2, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fe50018*, lpNumberOfBytesRead=0x19fbc8*=0x538f2, lpOverlapped=0x0) returned 1 [0287.041] malloc (_Size=0x8c) returned 0x1d1338 [0287.041] malloc (_Size=0xfc) returned 0x31d72b8 [0287.041] VirtualAlloc (lpAddress=0x0, dwSize=0x60000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fdf0000 [0287.047] malloc (_Size=0x40) returned 0x1d14e8 [0287.047] GetCurrentThreadId () returned 0x1130 [0287.047] GetCurrentThreadId () returned 0x1130 [0287.047] GetCurrentThreadId () returned 0x1130 [0287.047] GetCurrentThreadId () returned 0x1130 [0287.047] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] malloc (_Size=0xa5c) returned 0x1d9aa8 [0287.048] malloc (_Size=0x40) returned 0x1d7470 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] GetCurrentThreadId () returned 0x1130 [0287.048] malloc (_Size=0xc) returned 0x31e1e68 [0287.048] malloc (_Size=0x720) returned 0x31d2860 [0287.048] malloc (_Size=0xe3c) returned 0x1da510 [0287.048] free (_Block=0x31d2860) [0287.048] malloc (_Size=0x15ac) returned 0x1db358 [0287.049] free (_Block=0x1da510) [0287.049] malloc (_Size=0x23e4) returned 0x1dc910 [0287.049] free (_Block=0x1db358) [0287.049] malloc (_Size=0x3274) returned 0x31e40b0 [0287.049] free (_Block=0x1dc910) [0287.050] malloc (_Size=0x4820) returned 0x1da510 [0287.050] free (_Block=0x31e40b0) [0287.051] malloc (_Size=0x64e4) returned 0x31e40b0 [0287.051] free (_Block=0x1da510) [0287.051] malloc (_Size=0x8920) returned 0x31ea5a0 [0287.051] free (_Block=0x31e40b0) [0287.052] malloc (_Size=0xbb90) returned 0x31f2ec8 [0287.052] free (_Block=0x31ea5a0) [0287.053] malloc (_Size=0xfc90) returned 0x31fea60 [0287.053] free (_Block=0x31f2ec8) [0287.054] malloc (_Size=0x1533c) returned 0x31e40b0 [0287.054] free (_Block=0x31fea60) [0287.054] malloc (_Size=0x1c704) returned 0x31f93f8 [0287.054] free (_Block=0x31e40b0) [0287.055] malloc (_Size=0x265c8) returned 0x3a60048 [0287.056] free (_Block=0x31f93f8) [0287.058] malloc (_Size=0x33758) returned 0x31e40b0 [0287.060] free (_Block=0x3a60048) [0287.061] malloc (_Size=0x45104) returned 0x3a60048 [0287.062] free (_Block=0x31e40b0) [0287.063] malloc (_Size=0x5c874) returned 0x31e40b0 [0287.065] free (_Block=0x3a60048) [0287.067] malloc (_Size=0x7bac8) returned 0x3a60048 [0287.108] free (_Block=0x31e40b0) [0287.111] VirtualAlloc (lpAddress=0x0, dwSize=0x80000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd70000 [0287.120] GetCurrentThreadId () returned 0x1130 [0287.120] GetCurrentThreadId () returned 0x1130 [0287.120] GetCurrentThreadId () returned 0x1130 [0287.120] GetCurrentThreadId () returned 0x1130 [0287.120] GetCurrentThreadId () returned 0x1130 [0287.120] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] free (_Block=0x1d9aa8) [0287.121] free (_Block=0x1d14e8) [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.121] GetCurrentThreadId () returned 0x1130 [0287.122] GetCurrentThreadId () returned 0x1130 [0287.122] GetCurrentThreadId () returned 0x1130 [0287.122] GetCurrentThreadId () returned 0x1130 [0287.122] GetCurrentThreadId () returned 0x1130 [0287.122] GetCurrentThreadId () returned 0x1130 [0287.122] GetCurrentThreadId () returned 0x1130 [0287.122] GetCurrentThreadId () returned 0x1130 [0287.122] GetCurrentThreadId () returned 0x1130 [0287.122] GetCurrentThreadId () returned 0x1130 [0287.122] GetCurrentThreadId () returned 0x1130 [0287.122] free (_Block=0x3a60048) [0287.122] free (_Block=0x31e1e68) [0287.122] free (_Block=0x1d7470) [0287.122] WriteFile (in: hFile=0x2b4, lpBuffer=0x7fd70018*, nNumberOfBytesToWrite=0x7129b, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fd70018*, lpNumberOfBytesWritten=0x19fbbc*=0x7129b, lpOverlapped=0x0) returned 1 [0287.186] free (_Block=0x31d72b8) [0287.186] free (_Block=0x1d1338) [0287.186] VirtualFree (lpAddress=0x7fd70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0287.189] VirtualFree (lpAddress=0x7fdf0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0287.189] VirtualFree (lpAddress=0x7fe50000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0287.190] CloseHandle (hObject=0x2b4) returned 1 [0287.190] CloseHandle (hObject=0x404) returned 1 [0287.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=8) returned 1 [0287.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=4) returned 1 [0287.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=8) returned 1 [0287.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=4) returned 1 [0287.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=8) returned 1 [0287.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=4) returned 1 [0287.190] SetLastError (dwErrCode=0x0) [0287.190] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", lpFilePart=0x19f9f8*="SettingsCache.txt") returned 0x7d [0287.190] GetLastError () returned 0x0 [0287.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=8) returned 1 [0287.190] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=4) returned 1 [0287.191] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=8) returned 1 [0287.191] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=4) returned 1 [0287.191] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache")) returned 0x10 [0287.191] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\settingscache.txt")) returned 1 [0287.197] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x3, wMilliseconds=0xa3)) [0287.197] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0287.197] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0287.198] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0287.198] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0287.198] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0287.198] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0287.198] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0287.198] CloseHandle (hObject=0x404) returned 1 [0287.198] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[SettingsCache.txt]omgp:[№,\"8Qixnz,ZX<>t\";sKw\\2*u5]", cchWideChar=56, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0287.198] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[SettingsCache.txt]omgp:[№,\"8Qixnz,ZX<>t\";sKw\\2*u5]", cchWideChar=56, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0287.198] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[SettingsCache.txt]omgp:[№,\"8Qixnz,ZX<>t\";sKw\\2*u5]", cchWideChar=56, lpMultiByteStr=0x2516890, cbMultiByte=56, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[SettingsCache.txt]omgp:[?,\"8Qixnz,ZX<>t\";sKw\\2*u5]", lpUsedDefaultChar=0x0) returned 56 [0287.205] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0287.205] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I=") returned 172 [0287.205] GetCurrentThreadId () returned 0x1130 [0287.205] GetCurrentThreadId () returned 0x1130 [0287.205] GetCurrentThreadId () returned 0x1130 [0287.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.205] SetLastError (dwErrCode=0x0) [0287.206] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320") returned 0xb8 [0287.206] GetLastError () returned 0x0 [0287.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.206] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.206] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache")) returned 0x10 [0287.206] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].wannacash ncov v310320")) returned 0x20 [0287.206] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1114].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0287.206] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0287.206] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0287.206] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x7129b [0287.207] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0287.207] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0287.207] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.207] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.207] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0287.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.207] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0287.207] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0287.207] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3") returned 197 [0287.207] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0287.207] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x24563bc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3") returned 197 [0287.207] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x7129b [0287.207] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.207] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.207] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:2Hp9CcXCRhQkFNzv9y3/wAuSVQEAuQCde0Id/4vCvhG/w9cV6MoGJWCnli1xcha3JvLA0QRWP1QHtao0NQagzoVCLfJndDdKSQF8raloF6DxsMpURF2HfX1lZOXjWWJgIb3A/UPSoZPHHZUY9+r2PZffGkdSRSiaEXcbm8izf3I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0287.207] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0287.214] CloseHandle (hObject=0x404) returned 1 [0287.214] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=8) returned 1 [0287.214] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=4) returned 1 [0287.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=8) returned 1 [0287.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=4) returned 1 [0287.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=8) returned 1 [0287.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=4) returned 1 [0287.215] SetLastError (dwErrCode=0x0) [0287.215] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", lpFilePart=0x19fa34*="SettingsCache.txt") returned 0x7d [0287.215] GetLastError () returned 0x0 [0287.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=8) returned 1 [0287.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=4) returned 1 [0287.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=8) returned 1 [0287.215] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt", cchCount2=4) returned 1 [0287.215] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache")) returned 0x10 [0287.215] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\settingscache.txt")) returned 0 [0287.215] GetLastError () returned 0x2 [0287.215] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache\\SettingsCache.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\localstate\\devicesearchcache\\settingscache.txt")) returned 0xffffffff [0287.215] SetLastError (dwErrCode=0x2) [0287.215] GetLastError () returned 0x2 [0287.215] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0287.215] LocalFree (hMem=0x92fe20) returned 0x0 [0287.215] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0287.216] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0287.216] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\settings\\settings.dat")) returned 0x20 [0287.216] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38212234721) returned 1 [0287.216] GetCurrentThreadId () returned 0x1130 [0287.216] GetCurrentThreadId () returned 0x1130 [0287.216] GetCurrentThreadId () returned 0x1130 [0287.216] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="a*}e=-NaC_Kp6`}Qb}8ntJuhxcWI2qW*{?4o|j<_mEP№", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0287.919] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9s\"=O`>NaC_Kp6`}Qb}8ntJuhxcWI2qW*{?4o|j<_mEP№", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0287.919] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9s\"=O`>NaC_Kp6`}Qb}8ntJuhxcWI2qW*{?4o|j<_mEP№", cchWideChar=45, lpMultiByteStr=0x25337d8, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9s\"=O`>NaC_Kp6`}Qb}8ntJuhxcWI2qW*{?4o|j<_mEPâ\x84\x96", lpUsedDefaultChar=0x0) returned 47 [0287.919] GetCurrentThreadId () returned 0x1130 [0287.919] GetCurrentThreadId () returned 0x1130 [0287.919] GetCurrentThreadId () returned 0x1130 [0287.919] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0287.920] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] GetCurrentThreadId () returned 0x1130 [0287.921] malloc (_Size=0x64) returned 0x1d1338 [0287.922] GetCurrentThreadId () returned 0x1130 [0287.922] GetCurrentThreadId () returned 0x1130 [0287.922] GetCurrentThreadId () returned 0x1130 [0287.922] GetCurrentThreadId () returned 0x1130 [0287.922] GetCurrentThreadId () returned 0x1130 [0287.922] GetCurrentThreadId () returned 0x1130 [0287.922] free (_Block=0x1d1338) [0287.922] malloc (_Size=0x60) returned 0x1d1338 [0287.922] free (_Block=0x1d1338) [0287.922] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0287.922] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0287.922] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0287.922] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0287.922] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0287.923] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0287.923] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0287.924] malloc (_Size=0x8c) returned 0x1d1338 [0287.925] malloc (_Size=0xfc) returned 0x31d72b8 [0287.925] malloc (_Size=0x40) returned 0x1d14e8 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] malloc (_Size=0xa5c) returned 0x31e40b0 [0287.925] malloc (_Size=0x40) returned 0x1d7470 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.925] GetCurrentThreadId () returned 0x1130 [0287.926] GetCurrentThreadId () returned 0x1130 [0287.926] GetCurrentThreadId () returned 0x1130 [0287.926] GetCurrentThreadId () returned 0x1130 [0287.926] malloc (_Size=0xc) returned 0x31e1ee0 [0287.926] malloc (_Size=0x720) returned 0x31d2860 [0287.926] malloc (_Size=0xe3c) returned 0x1d9aa8 [0287.933] free (_Block=0x31d2860) [0287.933] malloc (_Size=0x15ac) returned 0x1da8f0 [0287.933] free (_Block=0x1d9aa8) [0287.933] malloc (_Size=0x23e4) returned 0x1dbea8 [0287.933] free (_Block=0x1da8f0) [0287.934] malloc (_Size=0x3274) returned 0x3a60048 [0287.934] free (_Block=0x1dbea8) [0287.934] GetCurrentThreadId () returned 0x1130 [0287.934] GetCurrentThreadId () returned 0x1130 [0287.934] GetCurrentThreadId () returned 0x1130 [0287.934] GetCurrentThreadId () returned 0x1130 [0287.934] GetCurrentThreadId () returned 0x1130 [0287.934] GetCurrentThreadId () returned 0x1130 [0287.934] GetCurrentThreadId () returned 0x1130 [0287.934] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] free (_Block=0x31e40b0) [0287.935] free (_Block=0x1d14e8) [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.935] GetCurrentThreadId () returned 0x1130 [0287.936] GetCurrentThreadId () returned 0x1130 [0287.936] GetCurrentThreadId () returned 0x1130 [0287.936] GetCurrentThreadId () returned 0x1130 [0287.936] free (_Block=0x3a60048) [0287.936] free (_Block=0x31e1ee0) [0287.936] free (_Block=0x1d7470) [0287.936] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0287.937] free (_Block=0x31d72b8) [0287.938] free (_Block=0x1d1338) [0287.938] CloseHandle (hObject=0x2b4) returned 1 [0287.938] CloseHandle (hObject=0x404) returned 1 [0287.938] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0287.938] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0287.938] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0287.938] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0287.938] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0287.938] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0287.938] SetLastError (dwErrCode=0x0) [0287.938] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x62 [0287.938] GetLastError () returned 0x0 [0287.939] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0287.939] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0287.939] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0287.939] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0287.939] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings")) returned 0x10 [0287.939] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings\\settings.dat")) returned 1 [0287.941] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x3, wMilliseconds=0x381)) [0287.941] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0287.941] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0287.941] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0287.941] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0287.941] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0287.942] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0287.942] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0287.942] CloseHandle (hObject=0x404) returned 1 [0287.942] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[9s\"=O`>NaC_Kp6`}Qb}8ntJuhxcWI2qW*{?4o|j<_mEP№]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0287.942] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[9s\"=O`>NaC_Kp6`}Qb}8ntJuhxcWI2qW*{?4o|j<_mEP№]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0287.942] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[9s\"=O`>NaC_Kp6`}Qb}8ntJuhxcWI2qW*{?4o|j<_mEP№]", cchWideChar=71, lpMultiByteStr=0x252c708, cbMultiByte=71, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[9s\"=O`>NaC_Kp6`}Qb}8ntJuhxcWI2qW*{?4o|j<_mEP?]", lpUsedDefaultChar=0x0) returned 71 [0287.951] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0287.951] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I=") returned 172 [0287.951] GetCurrentThreadId () returned 0x1130 [0287.951] GetCurrentThreadId () returned 0x1130 [0287.951] GetCurrentThreadId () returned 0x1130 [0287.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.951] SetLastError (dwErrCode=0x0) [0287.951] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320") returned 0xa2 [0287.951] GetLastError () returned 0x0 [0287.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0287.951] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0287.952] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings")) returned 0x10 [0287.952] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].wannacash ncov v310320")) returned 0x20 [0287.952] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1130].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0287.952] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0287.952] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0287.952] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0287.952] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0287.953] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0287.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0287.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.953] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0287.953] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0287.953] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3") returned 197 [0287.953] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0287.953] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3") returned 197 [0287.953] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0287.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0287.953] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hxAokStc7MslY99ou1abTgJJamqToSP4hfVDiFgN1n6TCJ1kXp8dgKDwzdx4wAoUaqSzOpUlKayBOBhV9HyVYUzxxxbHUHwOXVoBuVz/thNv8X8jzFQAjkZw44ekk1yQ9uBa+KagA4b2FQ/nfUY17F0WXBbZlycPQs4fua/no4I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0287.953] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0287.954] CloseHandle (hObject=0x404) returned 1 [0287.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0287.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0287.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0287.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0287.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0287.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0287.954] SetLastError (dwErrCode=0x0) [0287.954] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x62 [0287.954] GetLastError () returned 0x0 [0287.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0287.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0287.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0287.954] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0287.954] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings")) returned 0x10 [0287.954] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0 [0287.954] GetLastError () returned 0x2 [0287.954] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0xffffffff [0287.954] SetLastError (dwErrCode=0x2) [0287.954] GetLastError () returned 0x2 [0287.954] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0287.955] LocalFree (hMem=0x92fe20) returned 0x0 [0287.955] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0287.955] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0287.956] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\ac\\inethistory\\backgroundtransferapi\\container.dat")) returned 0x2026 [0287.957] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38286289301) returned 1 [0287.957] GetCurrentThreadId () returned 0x1130 [0287.957] GetCurrentThreadId () returned 0x1130 [0287.957] GetCurrentThreadId () returned 0x1130 [0287.957] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#y@}D>>!5p`(\"VG%yRc|7T4omf{P<)Q_", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0287.957] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#y@}D>>!5p`(\"VG%yRc|7T4omf{P<)Q_", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0287.957] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="#y@}D>>!5p`(\"VG%yRc|7T4omf{P<)Q_", cchWideChar=32, lpMultiByteStr=0x250f7e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="#y@}D>>!5p`(\"VG%yRc|7T4omf{P<)Q_", lpUsedDefaultChar=0x0) returned 32 [0287.957] GetCurrentThreadId () returned 0x1130 [0287.957] GetCurrentThreadId () returned 0x1130 [0287.957] GetCurrentThreadId () returned 0x1130 [0287.957] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\ac\\inethistory\\backgroundtransferapi\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0287.957] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\ac\\inethistory\\backgroundtransferapi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] GetCurrentThreadId () returned 0x1130 [0288.008] malloc (_Size=0x64) returned 0x1d1338 [0288.009] GetCurrentThreadId () returned 0x1130 [0288.009] GetCurrentThreadId () returned 0x1130 [0288.009] GetCurrentThreadId () returned 0x1130 [0288.009] GetCurrentThreadId () returned 0x1130 [0288.009] GetCurrentThreadId () returned 0x1130 [0288.009] GetCurrentThreadId () returned 0x1130 [0288.009] free (_Block=0x1d1338) [0288.009] malloc (_Size=0x60) returned 0x1d1338 [0288.009] free (_Block=0x1d1338) [0288.009] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.009] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.009] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.009] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.009] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.010] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.010] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0288.010] malloc (_Size=0x8c) returned 0x1d1338 [0288.010] malloc (_Size=0xfc) returned 0x31d7af8 [0288.010] malloc (_Size=0x40) returned 0x1d14e8 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.010] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.010] malloc (_Size=0x40) returned 0x1d7470 [0288.010] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] malloc (_Size=0xc) returned 0x31e1ec8 [0288.011] malloc (_Size=0x40) returned 0x1d74b8 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.011] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] free (_Block=0x31e40b0) [0288.012] free (_Block=0x1d14e8) [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.012] GetCurrentThreadId () returned 0x1130 [0288.013] free (_Block=0x1d74b8) [0288.013] free (_Block=0x31e1ec8) [0288.013] free (_Block=0x1d7470) [0288.013] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0288.014] free (_Block=0x31d7af8) [0288.014] free (_Block=0x1d1338) [0288.014] CloseHandle (hObject=0x2b4) returned 1 [0288.015] CloseHandle (hObject=0x404) returned 1 [0288.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0288.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0288.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0288.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0288.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0288.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0288.015] SetLastError (dwErrCode=0x0) [0288.015] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x8b [0288.015] GetLastError () returned 0x0 [0288.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0288.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0288.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0288.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0288.015] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\ac\\inethistory\\backgroundtransferapi")) returned 0x2016 [0288.016] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\ac\\inethistory\\backgroundtransferapi\\container.dat")) returned 1 [0288.017] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x3, wMilliseconds=0x3cf)) [0288.017] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.017] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.017] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.017] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.017] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.017] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.017] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.017] CloseHandle (hObject=0x404) returned 1 [0288.017] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[#y@}D>>!5p`(\"VG%yRc|7T4omf{P<)Q_]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0288.018] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[#y@}D>>!5p`(\"VG%yRc|7T4omf{P<)Q_]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0288.018] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[#y@}D>>!5p`(\"VG%yRc|7T4omf{P<)Q_]", cchWideChar=59, lpMultiByteStr=0x2516a88, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[#y@}D>>!5p`(\"VG%yRc|7T4omf{P<)Q_]", lpUsedDefaultChar=0x0) returned 59 [0288.026] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.026] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU=") returned 172 [0288.026] GetCurrentThreadId () returned 0x1130 [0288.026] GetCurrentThreadId () returned 0x1130 [0288.026] GetCurrentThreadId () returned 0x1130 [0288.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.026] SetLastError (dwErrCode=0x0) [0288.026] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320") returned 0xca [0288.026] GetLastError () returned 0x0 [0288.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.026] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.027] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\ac\\inethistory\\backgroundtransferapi")) returned 0x2016 [0288.027] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\ac\\inethistory\\backgroundtransferapi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].wannacash ncov v310320")) returned 0x2020 [0288.027] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\ac\\inethistory\\backgroundtransferapi\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1131].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.027] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.027] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.027] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0288.027] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.027] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.028] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.028] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.028] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.028] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.028] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.028] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3") returned 197 [0288.028] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.028] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3") returned 197 [0288.028] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0288.028] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.028] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.028] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Lp8zHqy+JhXEVKasdtc1uRYgTTx2gv/A5VHXbYtCPRfxnGu74282lFFO+KqeegtNHBHH/4YfABoL32YQXtJe+RzBh/ERZzXnthpdeIXvLDhAwbkF4QKfs0yGCR7nF1AEh1+1GN4Es9xfTVQOqVK7XXMT3ocWVC5TgZHnxSTNyIU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.028] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.029] CloseHandle (hObject=0x404) returned 1 [0288.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0288.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0288.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0288.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0288.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0288.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0288.029] SetLastError (dwErrCode=0x0) [0288.029] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x8b [0288.029] GetLastError () returned 0x0 [0288.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0288.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0288.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=8) returned 1 [0288.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat", cchCount2=4) returned 1 [0288.029] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\ac\\inethistory\\backgroundtransferapi")) returned 0x2016 [0288.029] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\ac\\inethistory\\backgroundtransferapi\\container.dat")) returned 0 [0288.030] GetLastError () returned 0x2 [0288.030] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\AC\\INetHistory\\BackgroundTransferApi\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\ac\\inethistory\\backgroundtransferapi\\container.dat")) returned 0xffffffff [0288.030] SetLastError (dwErrCode=0x2) [0288.030] GetLastError () returned 0x2 [0288.030] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.030] LocalFree (hMem=0x92fe20) returned 0x0 [0288.030] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.030] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.030] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0x20 [0288.032] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38293840791) returned 1 [0288.032] GetCurrentThreadId () returned 0x1130 [0288.032] GetCurrentThreadId () returned 0x1130 [0288.032] GetCurrentThreadId () returned 0x1130 [0288.032] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`Ggb`f^vO№GnwsoR5R.Q:xK$w4!1ZwbiPa!OQ>plr№(7oGR", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0288.032] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`Ggb`f^vO№GnwsoR5R.Q:xK$w4!1ZwbiPa!OQ>plr№(7oGR", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0288.033] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`Ggb`f^vO№GnwsoR5R.Q:xK$w4!1ZwbiPa!OQ>plr№(7oGR", cchWideChar=47, lpMultiByteStr=0x25337d8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="`Ggb`f^vOâ\x84\x96GnwsoR5R.Q:xK$w4!1ZwbiPa!OQ>plrâ\x84\x96(7oGR", lpUsedDefaultChar=0x0) returned 51 [0288.033] GetCurrentThreadId () returned 0x1130 [0288.033] GetCurrentThreadId () returned 0x1130 [0288.033] GetCurrentThreadId () returned 0x1130 [0288.033] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.033] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] GetCurrentThreadId () returned 0x1130 [0288.034] malloc (_Size=0x64) returned 0x1d1338 [0288.035] GetCurrentThreadId () returned 0x1130 [0288.035] GetCurrentThreadId () returned 0x1130 [0288.035] GetCurrentThreadId () returned 0x1130 [0288.035] GetCurrentThreadId () returned 0x1130 [0288.035] GetCurrentThreadId () returned 0x1130 [0288.035] GetCurrentThreadId () returned 0x1130 [0288.035] free (_Block=0x1d1338) [0288.035] malloc (_Size=0x60) returned 0x1d1338 [0288.035] free (_Block=0x1d1338) [0288.035] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.035] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x4000 [0288.035] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.035] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.035] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x4000 [0288.036] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.036] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x4000, lpOverlapped=0x0) returned 1 [0288.038] malloc (_Size=0x8c) returned 0x1d1338 [0288.039] malloc (_Size=0xfc) returned 0x31d7f18 [0288.039] malloc (_Size=0x40) returned 0x1d14e8 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.039] malloc (_Size=0x40) returned 0x1d7470 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.039] GetCurrentThreadId () returned 0x1130 [0288.040] GetCurrentThreadId () returned 0x1130 [0288.040] GetCurrentThreadId () returned 0x1130 [0288.040] GetCurrentThreadId () returned 0x1130 [0288.040] malloc (_Size=0xc) returned 0x31e1d18 [0288.040] malloc (_Size=0x720) returned 0x31d2860 [0288.040] malloc (_Size=0xe3c) returned 0x1d9aa8 [0288.040] free (_Block=0x31d2860) [0288.040] malloc (_Size=0x15ac) returned 0x1da8f0 [0288.040] free (_Block=0x1d9aa8) [0288.040] malloc (_Size=0x23e4) returned 0x1dbea8 [0288.040] free (_Block=0x1da8f0) [0288.040] malloc (_Size=0x3274) returned 0x3a60048 [0288.040] free (_Block=0x1dbea8) [0288.040] malloc (_Size=0x4820) returned 0x1d9aa8 [0288.040] free (_Block=0x3a60048) [0288.041] malloc (_Size=0x64e4) returned 0x3a60048 [0288.041] free (_Block=0x1d9aa8) [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] GetCurrentThreadId () returned 0x1130 [0288.041] free (_Block=0x31e40b0) [0288.042] free (_Block=0x1d14e8) [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] GetCurrentThreadId () returned 0x1130 [0288.042] free (_Block=0x3a60048) [0288.043] free (_Block=0x31e1d18) [0288.043] free (_Block=0x1d7470) [0288.043] WriteFile (in: hFile=0x2b4, lpBuffer=0x39be808*, nNumberOfBytesToWrite=0x56d6, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39be808*, lpNumberOfBytesWritten=0x19fbbc*=0x56d6, lpOverlapped=0x0) returned 1 [0288.045] free (_Block=0x31d7f18) [0288.045] free (_Block=0x1d1338) [0288.045] CloseHandle (hObject=0x2b4) returned 1 [0288.045] CloseHandle (hObject=0x404) returned 1 [0288.045] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.045] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.045] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.045] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.046] SetLastError (dwErrCode=0x0) [0288.046] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x6e [0288.046] GetLastError () returned 0x0 [0288.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.046] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.046] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.046] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings\\settings.dat")) returned 1 [0288.048] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0x6)) [0288.048] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.048] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.049] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.049] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.049] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.049] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.049] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.049] CloseHandle (hObject=0x404) returned 1 [0288.049] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[`Ggb`f^vO№GnwsoR5R.Q:xK$w4!1ZwbiPa!OQ>plr№(7oGR]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0288.049] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[`Ggb`f^vO№GnwsoR5R.Q:xK$w4!1ZwbiPa!OQ>plr№(7oGR]", cchWideChar=73, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0288.049] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[`Ggb`f^vO№GnwsoR5R.Q:xK$w4!1ZwbiPa!OQ>plr№(7oGR]", cchWideChar=73, lpMultiByteStr=0x252c708, cbMultiByte=73, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[`Ggb`f^vO?GnwsoR5R.Q:xK$w4!1ZwbiPa!OQ>plr?(7oGR]", lpUsedDefaultChar=0x0) returned 73 [0288.056] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.056] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e73c, cchWideChar=172 | out: lpWideCharStr="fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls=") returned 172 [0288.057] GetCurrentThreadId () returned 0x1130 [0288.057] GetCurrentThreadId () returned 0x1130 [0288.057] GetCurrentThreadId () returned 0x1130 [0288.057] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.057] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.057] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.057] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.057] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.057] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.057] SetLastError (dwErrCode=0x0) [0288.057] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320") returned 0xae [0288.057] GetLastError () returned 0x0 [0288.057] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.057] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.057] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.057] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.057] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.057] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].wannacash ncov v310320")) returned 0x20 [0288.058] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1132].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.058] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.058] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.058] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x56d6 [0288.058] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.058] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.058] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.058] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.058] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.058] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.058] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.059] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.059] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.059] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3") returned 197 [0288.059] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.059] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3") returned 197 [0288.059] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x56d6 [0288.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.059] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:fR0XaA5MrHlTRPUtTnLtN3ThwiWvGTT97jok28EBPCal9uNv2vch8biEYfzn05UDCYslJABU+lhhT0RC0iRZAXoAEwYsimi0ZFKNgyR+Pc/Tf8C6BRoIB8CL9s9QSjQWpBesnoUaXQTFEBauX0/tml3Yz3tachjIwQ20NTCHhls= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.059] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.059] CloseHandle (hObject=0x404) returned 1 [0288.059] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.059] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.059] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.060] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.060] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.060] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.060] SetLastError (dwErrCode=0x0) [0288.060] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x6e [0288.060] GetLastError () returned 0x0 [0288.060] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.060] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.060] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.060] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.060] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.060] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0 [0288.060] GetLastError () returned 0x2 [0288.060] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0xffffffff [0288.060] SetLastError (dwErrCode=0x2) [0288.060] GetLastError () returned 0x2 [0288.060] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.060] LocalFree (hMem=0x92fe20) returned 0x0 [0288.061] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.061] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.062] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0x20 [0288.063] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38296909335) returned 1 [0288.063] GetCurrentThreadId () returned 0x1130 [0288.063] GetCurrentThreadId () returned 0x1130 [0288.063] GetCurrentThreadId () returned 0x1130 [0288.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C_:M+&ljH.Qk4SwLdb@__\\Fn-\"6@7;o1>RpU", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0288.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C_:M+&ljH.Qk4SwLdb@__\\Fn-\"6@7;o1>RpU", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0288.063] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C_:M+&ljH.Qk4SwLdb@__\\Fn-\"6@7;o1>RpU", cchWideChar=36, lpMultiByteStr=0x250f7e8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C_:M+&ljH.Qk4SwLdb@__\\Fn-\"6@7;o1>RpUAøP\x02\x01", lpUsedDefaultChar=0x0) returned 36 [0288.063] GetCurrentThreadId () returned 0x1130 [0288.063] GetCurrentThreadId () returned 0x1130 [0288.063] GetCurrentThreadId () returned 0x1130 [0288.063] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.064] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.123] GetCurrentThreadId () returned 0x1130 [0288.123] GetCurrentThreadId () returned 0x1130 [0288.123] GetCurrentThreadId () returned 0x1130 [0288.123] GetCurrentThreadId () returned 0x1130 [0288.123] GetCurrentThreadId () returned 0x1130 [0288.123] GetCurrentThreadId () returned 0x1130 [0288.123] GetCurrentThreadId () returned 0x1130 [0288.123] GetCurrentThreadId () returned 0x1130 [0288.123] GetCurrentThreadId () returned 0x1130 [0288.123] GetCurrentThreadId () returned 0x1130 [0288.123] GetCurrentThreadId () returned 0x1130 [0288.124] GetCurrentThreadId () returned 0x1130 [0288.124] GetCurrentThreadId () returned 0x1130 [0288.124] malloc (_Size=0x64) returned 0x1d1338 [0288.124] GetCurrentThreadId () returned 0x1130 [0288.124] GetCurrentThreadId () returned 0x1130 [0288.124] GetCurrentThreadId () returned 0x1130 [0288.124] GetCurrentThreadId () returned 0x1130 [0288.124] GetCurrentThreadId () returned 0x1130 [0288.124] GetCurrentThreadId () returned 0x1130 [0288.124] free (_Block=0x1d1338) [0288.124] malloc (_Size=0x60) returned 0x1d1338 [0288.124] free (_Block=0x1d1338) [0288.124] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.124] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.125] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.125] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.125] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.125] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.125] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0288.127] malloc (_Size=0x8c) returned 0x1d1338 [0288.127] malloc (_Size=0xfc) returned 0x31d79f0 [0288.127] malloc (_Size=0x40) returned 0x1d14e8 [0288.127] GetCurrentThreadId () returned 0x1130 [0288.127] GetCurrentThreadId () returned 0x1130 [0288.127] GetCurrentThreadId () returned 0x1130 [0288.127] GetCurrentThreadId () returned 0x1130 [0288.127] GetCurrentThreadId () returned 0x1130 [0288.127] GetCurrentThreadId () returned 0x1130 [0288.127] GetCurrentThreadId () returned 0x1130 [0288.127] GetCurrentThreadId () returned 0x1130 [0288.127] GetCurrentThreadId () returned 0x1130 [0288.127] GetCurrentThreadId () returned 0x1130 [0288.127] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.128] malloc (_Size=0x40) returned 0x1d7470 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] GetCurrentThreadId () returned 0x1130 [0288.128] malloc (_Size=0xc) returned 0x31e1d18 [0288.128] malloc (_Size=0x720) returned 0x31d2860 [0288.128] malloc (_Size=0xe3c) returned 0x1d9aa8 [0288.129] free (_Block=0x31d2860) [0288.129] malloc (_Size=0x15ac) returned 0x1da8f0 [0288.129] free (_Block=0x1d9aa8) [0288.129] malloc (_Size=0x23e4) returned 0x1dbea8 [0288.129] free (_Block=0x1da8f0) [0288.129] malloc (_Size=0x3274) returned 0x3a60048 [0288.135] free (_Block=0x1dbea8) [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.135] GetCurrentThreadId () returned 0x1130 [0288.136] free (_Block=0x31e40b0) [0288.136] free (_Block=0x1d14e8) [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] GetCurrentThreadId () returned 0x1130 [0288.136] free (_Block=0x3a60048) [0288.137] free (_Block=0x31e1d18) [0288.137] free (_Block=0x1d7470) [0288.137] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0288.139] free (_Block=0x31d79f0) [0288.139] free (_Block=0x1d1338) [0288.139] CloseHandle (hObject=0x2b4) returned 1 [0288.139] CloseHandle (hObject=0x404) returned 1 [0288.139] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.139] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.139] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.139] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.139] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.139] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.139] SetLastError (dwErrCode=0x0) [0288.140] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x67 [0288.140] GetLastError () returned 0x0 [0288.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.140] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.140] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.140] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\\settings\\settings.dat")) returned 1 [0288.142] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0x64)) [0288.142] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.142] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.142] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.142] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.142] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.143] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.143] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.143] CloseHandle (hObject=0x404) returned 1 [0288.143] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[C_:M+&ljH.Qk4SwLdb@__\\Fn-\"6@7;o1>RpU]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0288.143] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[C_:M+&ljH.Qk4SwLdb@__\\Fn-\"6@7;o1>RpU]", cchWideChar=62, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0288.143] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[C_:M+&ljH.Qk4SwLdb@__\\Fn-\"6@7;o1>RpU]", cchWideChar=62, lpMultiByteStr=0x2541d28, cbMultiByte=62, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[C_:M+&ljH.Qk4SwLdb@__\\Fn-\"6@7;o1>RpU];", lpUsedDefaultChar=0x0) returned 62 [0288.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.152] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc=") returned 172 [0288.152] GetCurrentThreadId () returned 0x1130 [0288.152] GetCurrentThreadId () returned 0x1130 [0288.152] GetCurrentThreadId () returned 0x1130 [0288.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.152] SetLastError (dwErrCode=0x0) [0288.152] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320") returned 0xa7 [0288.152] GetLastError () returned 0x0 [0288.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.153] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.153] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.153] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].wannacash ncov v310320")) returned 0x20 [0288.153] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1133].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.153] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.153] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.153] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0288.153] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.154] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.154] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.154] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.154] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3") returned 197 [0288.154] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.154] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3") returned 197 [0288.154] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0288.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.154] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:eW6UJqrk31crRGKCsx3eY446gY1QBVUMUXnV+P6ZxdiAUt7QGf8uOaMX+LbkWDjHlGSz2vwQw+NkcqQktbPr4nnJel4ZOT3IBFEPhjrDAAuXIU1Zoiz8EyuIcxsCuluvUjO1jCHSyULaEUXqNJv75z1siC+qLqkV6tOukMlMEDc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.154] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.155] CloseHandle (hObject=0x404) returned 1 [0288.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.155] SetLastError (dwErrCode=0x0) [0288.155] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x67 [0288.155] GetLastError () returned 0x0 [0288.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.155] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.155] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.155] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0 [0288.156] GetLastError () returned 0x2 [0288.156] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsfeedbackhub_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0xffffffff [0288.156] SetLastError (dwErrCode=0x2) [0288.156] GetLastError () returned 0x2 [0288.156] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.156] LocalFree (hMem=0x92fe20) returned 0x0 [0288.156] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.156] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.156] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0x20 [0288.158] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38306448705) returned 1 [0288.158] GetCurrentThreadId () returned 0x1130 [0288.158] GetCurrentThreadId () returned 0x1130 [0288.158] GetCurrentThreadId () returned 0x1130 [0288.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9pn+X}8.!{SfS?|{\"%~p(1dB/", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0288.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9pn+X}8.!{SfS?|{\"%~p(1dB/", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0288.159] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9pn+X}8.!{SfS?|{\"%~p(1dB/", cchWideChar=25, lpMultiByteStr=0x2508ee8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9pn+X}8.!{SfS?|{\"%~p(1dB/", lpUsedDefaultChar=0x0) returned 25 [0288.159] GetCurrentThreadId () returned 0x1130 [0288.159] GetCurrentThreadId () returned 0x1130 [0288.159] GetCurrentThreadId () returned 0x1130 [0288.159] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.159] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.160] GetCurrentThreadId () returned 0x1130 [0288.160] GetCurrentThreadId () returned 0x1130 [0288.160] GetCurrentThreadId () returned 0x1130 [0288.160] GetCurrentThreadId () returned 0x1130 [0288.160] GetCurrentThreadId () returned 0x1130 [0288.160] GetCurrentThreadId () returned 0x1130 [0288.161] GetCurrentThreadId () returned 0x1130 [0288.161] GetCurrentThreadId () returned 0x1130 [0288.163] GetCurrentThreadId () returned 0x1130 [0288.163] GetCurrentThreadId () returned 0x1130 [0288.163] GetCurrentThreadId () returned 0x1130 [0288.163] GetCurrentThreadId () returned 0x1130 [0288.163] GetCurrentThreadId () returned 0x1130 [0288.163] malloc (_Size=0x64) returned 0x1d1338 [0288.163] GetCurrentThreadId () returned 0x1130 [0288.163] GetCurrentThreadId () returned 0x1130 [0288.163] GetCurrentThreadId () returned 0x1130 [0288.163] GetCurrentThreadId () returned 0x1130 [0288.163] GetCurrentThreadId () returned 0x1130 [0288.163] GetCurrentThreadId () returned 0x1130 [0288.163] free (_Block=0x1d1338) [0288.163] malloc (_Size=0x60) returned 0x1d1338 [0288.163] free (_Block=0x1d1338) [0288.163] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.164] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.164] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.164] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.164] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.164] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.164] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0288.166] malloc (_Size=0x8c) returned 0x1d1338 [0288.166] malloc (_Size=0xfc) returned 0x31d7af8 [0288.166] malloc (_Size=0x40) returned 0x1d14e8 [0288.166] GetCurrentThreadId () returned 0x1130 [0288.166] GetCurrentThreadId () returned 0x1130 [0288.166] GetCurrentThreadId () returned 0x1130 [0288.166] GetCurrentThreadId () returned 0x1130 [0288.166] GetCurrentThreadId () returned 0x1130 [0288.166] GetCurrentThreadId () returned 0x1130 [0288.166] GetCurrentThreadId () returned 0x1130 [0288.166] GetCurrentThreadId () returned 0x1130 [0288.166] GetCurrentThreadId () returned 0x1130 [0288.166] GetCurrentThreadId () returned 0x1130 [0288.166] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.167] malloc (_Size=0x40) returned 0x1d7470 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] GetCurrentThreadId () returned 0x1130 [0288.167] malloc (_Size=0xc) returned 0x31e1e80 [0288.167] malloc (_Size=0x720) returned 0x31d2860 [0288.167] malloc (_Size=0xe3c) returned 0x1d9aa8 [0288.168] free (_Block=0x31d2860) [0288.168] malloc (_Size=0x15ac) returned 0x1da8f0 [0288.168] free (_Block=0x1d9aa8) [0288.168] malloc (_Size=0x23e4) returned 0x1dbea8 [0288.168] free (_Block=0x1da8f0) [0288.168] malloc (_Size=0x3274) returned 0x3a60048 [0288.169] free (_Block=0x1dbea8) [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] GetCurrentThreadId () returned 0x1130 [0288.169] free (_Block=0x31e40b0) [0288.169] free (_Block=0x1d14e8) [0288.169] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] GetCurrentThreadId () returned 0x1130 [0288.170] free (_Block=0x3a60048) [0288.170] free (_Block=0x31e1e80) [0288.170] free (_Block=0x1d7470) [0288.170] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0288.172] free (_Block=0x31d7af8) [0288.172] free (_Block=0x1d1338) [0288.172] CloseHandle (hObject=0x2b4) returned 1 [0288.172] CloseHandle (hObject=0x404) returned 1 [0288.173] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.173] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.173] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.173] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.173] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.173] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.173] SetLastError (dwErrCode=0x0) [0288.173] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x60 [0288.173] GetLastError () returned 0x0 [0288.173] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.173] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.173] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.173] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.173] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.173] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\settings.dat")) returned 1 [0288.176] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0x83)) [0288.176] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.176] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.176] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.176] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.176] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.176] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.176] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.176] CloseHandle (hObject=0x404) returned 1 [0288.176] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[9pn+X}8.!{SfS?|{\"%~p(1dB/]", cchWideChar=51, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0288.176] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[9pn+X}8.!{SfS?|{\"%~p(1dB/]", cchWideChar=51, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0288.177] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[9pn+X}8.!{SfS?|{\"%~p(1dB/]", cchWideChar=51, lpMultiByteStr=0x25337d8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[9pn+X}8.!{SfS?|{\"%~p(1dB/]", lpUsedDefaultChar=0x0) returned 51 [0288.185] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.185] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e73c, cchWideChar=172 | out: lpWideCharStr="P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY=") returned 172 [0288.185] GetCurrentThreadId () returned 0x1130 [0288.185] GetCurrentThreadId () returned 0x1130 [0288.185] GetCurrentThreadId () returned 0x1130 [0288.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.185] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.185] SetLastError (dwErrCode=0x0) [0288.185] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320") returned 0xa0 [0288.185] GetLastError () returned 0x0 [0288.186] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.186] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.186] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.186] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.186] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.186] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].wannacash ncov v310320")) returned 0x20 [0288.186] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1134].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.186] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.186] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.186] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0288.187] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.187] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.187] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.187] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.187] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3") returned 197 [0288.187] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.187] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3") returned 197 [0288.187] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0288.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.187] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:P/TKPxUWY1kpih6EieAHKNSlsE3ao6NxFuYPvVwPdkJu9RzKwiSAfytlHlhtMtzxE7yWlApy1jOMFdXoWsVSah0di4eqnSWLC1yUMTpFkGMshkeY5w8LfrFPGmY07PePfcZ01muEJo3+KSTPyekuH74U22o/TxKUB4u+8KKICDY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.187] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.188] CloseHandle (hObject=0x404) returned 1 [0288.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.188] SetLastError (dwErrCode=0x0) [0288.188] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x60 [0288.188] GetLastError () returned 0x0 [0288.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.189] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.189] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0 [0288.189] GetLastError () returned 0x2 [0288.189] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0xffffffff [0288.189] SetLastError (dwErrCode=0x2) [0288.189] GetLastError () returned 0x2 [0288.189] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.189] LocalFree (hMem=0x92fe20) returned 0x0 [0288.189] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.189] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.190] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0x20 [0288.191] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38309766666) returned 1 [0288.192] GetCurrentThreadId () returned 0x1130 [0288.192] GetCurrentThreadId () returned 0x1130 [0288.192] GetCurrentThreadId () returned 0x1130 [0288.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="T){!R9ur\"{w_ubv%Z|yhI}\\}1/J%`tE*>G:zYp@d){", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0288.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="T){!R9ur\"{w_ubv%Z|yhI}\\}1/J%`tE*>G:zYp@d){", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0288.192] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="T){!R9ur\"{w_ubv%Z|yhI}\\}1/J%`tE*>G:zYp@d){", cchWideChar=42, lpMultiByteStr=0x2524fd0, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="T){!R9ur\"{w_ubv%Z|yhI}\\}1/J%`tE*>G:zYp@d){", lpUsedDefaultChar=0x0) returned 42 [0288.193] GetCurrentThreadId () returned 0x1130 [0288.193] GetCurrentThreadId () returned 0x1130 [0288.193] GetCurrentThreadId () returned 0x1130 [0288.193] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.193] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] GetCurrentThreadId () returned 0x1130 [0288.195] malloc (_Size=0x64) returned 0x1d1338 [0288.196] GetCurrentThreadId () returned 0x1130 [0288.196] GetCurrentThreadId () returned 0x1130 [0288.196] GetCurrentThreadId () returned 0x1130 [0288.196] GetCurrentThreadId () returned 0x1130 [0288.196] GetCurrentThreadId () returned 0x1130 [0288.196] GetCurrentThreadId () returned 0x1130 [0288.196] free (_Block=0x1d1338) [0288.196] malloc (_Size=0x60) returned 0x1d1338 [0288.196] free (_Block=0x1d1338) [0288.196] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.196] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.196] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.196] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.197] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.197] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.197] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0288.199] malloc (_Size=0x8c) returned 0x1d1338 [0288.199] malloc (_Size=0xfc) returned 0x31d73c0 [0288.199] malloc (_Size=0x40) returned 0x1d14e8 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.199] malloc (_Size=0x40) returned 0x1d7470 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.199] GetCurrentThreadId () returned 0x1130 [0288.200] GetCurrentThreadId () returned 0x1130 [0288.200] GetCurrentThreadId () returned 0x1130 [0288.200] GetCurrentThreadId () returned 0x1130 [0288.200] GetCurrentThreadId () returned 0x1130 [0288.200] GetCurrentThreadId () returned 0x1130 [0288.200] GetCurrentThreadId () returned 0x1130 [0288.200] GetCurrentThreadId () returned 0x1130 [0288.200] GetCurrentThreadId () returned 0x1130 [0288.200] GetCurrentThreadId () returned 0x1130 [0288.200] GetCurrentThreadId () returned 0x1130 [0288.200] malloc (_Size=0xc) returned 0x31e1d18 [0288.200] malloc (_Size=0x720) returned 0x31d2860 [0288.200] malloc (_Size=0xe3c) returned 0x1d9aa8 [0288.200] free (_Block=0x31d2860) [0288.200] malloc (_Size=0x15ac) returned 0x1da8f0 [0288.200] free (_Block=0x1d9aa8) [0288.200] malloc (_Size=0x23e4) returned 0x1dbea8 [0288.200] free (_Block=0x1da8f0) [0288.201] malloc (_Size=0x3274) returned 0x3a60048 [0288.201] free (_Block=0x1dbea8) [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] free (_Block=0x31e40b0) [0288.201] free (_Block=0x1d14e8) [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.201] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] GetCurrentThreadId () returned 0x1130 [0288.202] free (_Block=0x3a60048) [0288.202] free (_Block=0x31e1d18) [0288.202] free (_Block=0x1d7470) [0288.202] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0288.204] free (_Block=0x31d73c0) [0288.204] free (_Block=0x1d1338) [0288.204] CloseHandle (hObject=0x2b4) returned 1 [0288.205] CloseHandle (hObject=0x404) returned 1 [0288.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.205] SetLastError (dwErrCode=0x0) [0288.205] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x61 [0288.205] GetLastError () returned 0x0 [0288.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.205] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.205] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.206] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\settings.dat")) returned 1 [0288.208] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0xb2)) [0288.209] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.209] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.209] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.209] CloseHandle (hObject=0x404) returned 1 [0288.209] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[T){!R9ur\"{w_ubv%Z|yhI}\\}1/J%`tE*>G:zYp@d){]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0288.209] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[T){!R9ur\"{w_ubv%Z|yhI}\\}1/J%`tE*>G:zYp@d){]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0288.209] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[T){!R9ur\"{w_ubv%Z|yhI}\\}1/J%`tE*>G:zYp@d){]", cchWideChar=68, lpMultiByteStr=0x2541d28, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[T){!R9ur\"{w_ubv%Z|yhI}\\}1/J%`tE*>G:zYp@d){]1\x1cT\x02\x01", lpUsedDefaultChar=0x0) returned 68 [0288.218] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.218] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI=") returned 172 [0288.218] GetCurrentThreadId () returned 0x1130 [0288.218] GetCurrentThreadId () returned 0x1130 [0288.218] GetCurrentThreadId () returned 0x1130 [0288.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.218] SetLastError (dwErrCode=0x0) [0288.218] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320") returned 0xa1 [0288.218] GetLastError () returned 0x0 [0288.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.218] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.219] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.219] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].wannacash ncov v310320")) returned 0x20 [0288.219] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1135].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.219] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.219] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.219] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0288.219] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.219] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.220] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.220] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.220] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.220] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.220] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3") returned 197 [0288.220] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.220] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3") returned 197 [0288.220] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0288.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.220] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:1UUn37/CAHfj/H93DLHrnlJ53xgXfogunn9AGTBk3yrFh4SCd1YlsQ9kSc1b8vsktzakCeFaW1WDlTiEs7kQup/GI/xBok2IYCcQKEXOMDzpk7Tt6pEYSPmvrtmn6lmvUIpcMAlNB+uA1a1H9DGYtUDtw40lE5h0U7tPrcRohkI= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.220] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.220] CloseHandle (hObject=0x404) returned 1 [0288.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.221] SetLastError (dwErrCode=0x0) [0288.221] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x61 [0288.221] GetLastError () returned 0x0 [0288.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.221] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.221] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0 [0288.221] GetLastError () returned 0x2 [0288.221] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0xffffffff [0288.221] SetLastError (dwErrCode=0x2) [0288.221] GetLastError () returned 0x2 [0288.221] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.221] LocalFree (hMem=0x92fe20) returned 0x0 [0288.221] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.222] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.222] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0x20 [0288.260] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38316601604) returned 1 [0288.260] GetCurrentThreadId () returned 0x1130 [0288.260] GetCurrentThreadId () returned 0x1130 [0288.260] GetCurrentThreadId () returned 0x1130 [0288.260] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="l-di$3GmM?Mf&}Jp}#Iex*UWBx|EYwstZcXf,>TTK/u5}w", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0288.261] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="l-di$3GmM?Mf&}Jp}#Iex*UWBx|EYwstZcXf,>TTK/u5}w", cchWideChar=46, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0288.261] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="l-di$3GmM?Mf&}Jp}#Iex*UWBx|EYwstZcXf,>TTK/u5}w", cchWideChar=46, lpMultiByteStr=0x25337d8, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="l-di$3GmM?Mf&}Jp}#Iex*UWBx|EYwstZcXf,>TTK/u5}w", lpUsedDefaultChar=0x0) returned 46 [0288.261] GetCurrentThreadId () returned 0x1130 [0288.261] GetCurrentThreadId () returned 0x1130 [0288.261] GetCurrentThreadId () returned 0x1130 [0288.261] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.261] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] malloc (_Size=0x64) returned 0x1d1338 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.264] GetCurrentThreadId () returned 0x1130 [0288.265] GetCurrentThreadId () returned 0x1130 [0288.265] free (_Block=0x1d1338) [0288.265] malloc (_Size=0x60) returned 0x1d1338 [0288.265] free (_Block=0x1d1338) [0288.265] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.265] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.265] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.265] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.265] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.265] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.265] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0288.269] malloc (_Size=0x8c) returned 0x1d1338 [0288.269] malloc (_Size=0xfc) returned 0x31d77e0 [0288.269] malloc (_Size=0x40) returned 0x1d14e8 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] GetCurrentThreadId () returned 0x1130 [0288.269] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.270] malloc (_Size=0x40) returned 0x1d7470 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] GetCurrentThreadId () returned 0x1130 [0288.270] malloc (_Size=0xc) returned 0x31e1e20 [0288.271] malloc (_Size=0x720) returned 0x31d2860 [0288.271] malloc (_Size=0xe3c) returned 0x1d9aa8 [0288.271] free (_Block=0x31d2860) [0288.271] malloc (_Size=0x15ac) returned 0x1da8f0 [0288.271] free (_Block=0x1d9aa8) [0288.271] malloc (_Size=0x23e4) returned 0x1dbea8 [0288.271] free (_Block=0x1da8f0) [0288.271] malloc (_Size=0x3274) returned 0x3a60048 [0288.271] free (_Block=0x1dbea8) [0288.271] GetCurrentThreadId () returned 0x1130 [0288.271] GetCurrentThreadId () returned 0x1130 [0288.271] GetCurrentThreadId () returned 0x1130 [0288.271] GetCurrentThreadId () returned 0x1130 [0288.271] GetCurrentThreadId () returned 0x1130 [0288.271] GetCurrentThreadId () returned 0x1130 [0288.271] GetCurrentThreadId () returned 0x1130 [0288.271] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] free (_Block=0x31e40b0) [0288.272] free (_Block=0x1d14e8) [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.272] GetCurrentThreadId () returned 0x1130 [0288.273] GetCurrentThreadId () returned 0x1130 [0288.273] GetCurrentThreadId () returned 0x1130 [0288.273] GetCurrentThreadId () returned 0x1130 [0288.273] free (_Block=0x3a60048) [0288.273] free (_Block=0x31e1e20) [0288.273] free (_Block=0x1d7470) [0288.273] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0288.275] free (_Block=0x31d77e0) [0288.275] free (_Block=0x1d1338) [0288.275] CloseHandle (hObject=0x2b4) returned 1 [0288.276] CloseHandle (hObject=0x404) returned 1 [0288.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.276] SetLastError (dwErrCode=0x0) [0288.276] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x69 [0288.276] GetLastError () returned 0x0 [0288.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.276] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.276] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.277] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings\\settings.dat")) returned 1 [0288.279] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0xf1)) [0288.279] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.279] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.279] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.280] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.280] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.280] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.280] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.280] CloseHandle (hObject=0x404) returned 1 [0288.280] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[l-di$3GmM?Mf&}Jp}#Iex*UWBx|EYwstZcXf,>TTK/u5}w]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0288.280] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[l-di$3GmM?Mf&}Jp}#Iex*UWBx|EYwstZcXf,>TTK/u5}w]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0288.280] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[l-di$3GmM?Mf&}Jp}#Iex*UWBx|EYwstZcXf,>TTK/u5}w]", cchWideChar=72, lpMultiByteStr=0x252c708, cbMultiByte=72, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[l-di$3GmM?Mf&}Jp}#Iex*UWBx|EYwstZcXf,>TTK/u5}w]", lpUsedDefaultChar=0x0) returned 72 [0288.289] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.289] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY=") returned 172 [0288.289] GetCurrentThreadId () returned 0x1130 [0288.289] GetCurrentThreadId () returned 0x1130 [0288.289] GetCurrentThreadId () returned 0x1130 [0288.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.289] SetLastError (dwErrCode=0x0) [0288.289] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320") returned 0xa9 [0288.289] GetLastError () returned 0x0 [0288.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.289] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.289] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.290] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].wannacash ncov v310320")) returned 0x20 [0288.290] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1136].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.290] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.290] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.290] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0288.290] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.290] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.290] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.290] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.290] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.290] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.290] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3") returned 197 [0288.291] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.291] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3") returned 197 [0288.291] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0288.291] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.291] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.291] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:7h+UgH5tBDiwdRJsg5AqnJG3C3sU5OulJ89AgawykldVRYtyHdWVtR5Ss4mmjKO2QVJx4Rt0qCQZ8ycQQv3z5nMMBWvxOq5fnrdtNYca7Mrar0lY5Yy1QjfayOMJteB0E1Gk7WGkOJewNykqEnTcont++F8/QozRtf+QEVDNGUY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.291] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.291] CloseHandle (hObject=0x404) returned 1 [0288.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.291] SetLastError (dwErrCode=0x0) [0288.291] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x69 [0288.291] GetLastError () returned 0x0 [0288.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.291] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.291] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.292] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0 [0288.292] GetLastError () returned 0x2 [0288.292] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0xffffffff [0288.292] SetLastError (dwErrCode=0x2) [0288.292] GetLastError () returned 0x2 [0288.292] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.292] LocalFree (hMem=0x92fe20) returned 0x0 [0288.292] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.292] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.292] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcache\\container.dat")) returned 0x2026 [0288.293] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38319959283) returned 1 [0288.294] GetCurrentThreadId () returned 0x1130 [0288.294] GetCurrentThreadId () returned 0x1130 [0288.294] GetCurrentThreadId () returned 0x1130 [0288.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A№nl9,b!sxYbZoU5$=5lZyoG<-2y&5al<", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0288.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A№nl9,b!sxYbZoU5$=5lZyoG<-2y&5al<", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0288.294] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="A№nl9,b!sxYbZoU5$=5lZyoG<-2y&5al<", cchWideChar=33, lpMultiByteStr=0x250f7e8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Aâ\x84\x96nl9,b!sxYbZoU5$=5lZyoG<-2y&5al<", lpUsedDefaultChar=0x0) returned 35 [0288.294] GetCurrentThreadId () returned 0x1130 [0288.294] GetCurrentThreadId () returned 0x1130 [0288.294] GetCurrentThreadId () returned 0x1130 [0288.294] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcache\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.294] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] malloc (_Size=0x64) returned 0x1d1338 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.298] GetCurrentThreadId () returned 0x1130 [0288.299] GetCurrentThreadId () returned 0x1130 [0288.299] GetCurrentThreadId () returned 0x1130 [0288.299] GetCurrentThreadId () returned 0x1130 [0288.299] GetCurrentThreadId () returned 0x1130 [0288.299] free (_Block=0x1d1338) [0288.299] malloc (_Size=0x60) returned 0x1d1338 [0288.299] free (_Block=0x1d1338) [0288.299] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.299] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.299] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.299] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.299] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.299] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.299] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0288.299] malloc (_Size=0x8c) returned 0x1d1338 [0288.299] malloc (_Size=0xfc) returned 0x31d77e0 [0288.299] malloc (_Size=0x40) returned 0x1d14e8 [0288.299] GetCurrentThreadId () returned 0x1130 [0288.299] GetCurrentThreadId () returned 0x1130 [0288.299] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.300] malloc (_Size=0x40) returned 0x1d7470 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] malloc (_Size=0xc) returned 0x31e1df0 [0288.300] malloc (_Size=0x40) returned 0x1d74b8 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.300] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] free (_Block=0x31e40b0) [0288.301] free (_Block=0x1d14e8) [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] GetCurrentThreadId () returned 0x1130 [0288.301] free (_Block=0x1d74b8) [0288.301] free (_Block=0x31e1df0) [0288.301] free (_Block=0x1d7470) [0288.301] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0288.303] free (_Block=0x31d77e0) [0288.303] free (_Block=0x1d1338) [0288.303] CloseHandle (hObject=0x2b4) returned 1 [0288.304] CloseHandle (hObject=0x404) returned 1 [0288.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0288.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0288.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0288.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0288.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0288.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0288.304] SetLastError (dwErrCode=0x0) [0288.304] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x66 [0288.304] GetLastError () returned 0x0 [0288.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0288.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0288.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0288.304] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0288.304] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcache")) returned 0x2016 [0288.304] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcache\\container.dat")) returned 1 [0288.305] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0x111)) [0288.306] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.306] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.306] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.306] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.306] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.306] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.306] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.306] CloseHandle (hObject=0x404) returned 1 [0288.306] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[A№nl9,b!sxYbZoU5$=5lZyoG<-2y&5al<]", cchWideChar=60, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 60 [0288.306] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[A№nl9,b!sxYbZoU5$=5lZyoG<-2y&5al<]", cchWideChar=60, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 60 [0288.306] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[A№nl9,b!sxYbZoU5$=5lZyoG<-2y&5al<]", cchWideChar=60, lpMultiByteStr=0x2516968, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[A?nl9,b!sxYbZoU5$=5lZyoG<-2y&5al<]pfQ\x02%@", lpUsedDefaultChar=0x0) returned 60 [0288.312] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.312] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e73c, cchWideChar=172 | out: lpWideCharStr="ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0=") returned 172 [0288.312] GetCurrentThreadId () returned 0x1130 [0288.312] GetCurrentThreadId () returned 0x1130 [0288.312] GetCurrentThreadId () returned 0x1130 [0288.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.312] SetLastError (dwErrCode=0x0) [0288.312] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320") returned 0xa5 [0288.312] GetLastError () returned 0x0 [0288.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.312] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.313] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.313] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcache")) returned 0x2016 [0288.313] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].wannacash ncov v310320")) returned 0x2020 [0288.313] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcache\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1137].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.313] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.313] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.313] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0288.313] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.313] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.313] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.313] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.313] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.313] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.313] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.314] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.314] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.314] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3") returned 197 [0288.314] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.314] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3") returned 197 [0288.314] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0288.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.314] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ehYaJIb02m1rKZakZEQJTeVCYTtRrJyKoURSjH35egUoUTroCerfsCFr9d1xoViAdvFBLHtKM5oLjueG0nFS+RzZsrkfu/Sl6iGmcQetd8UiSVXe07n4TalMMh2pKdwUiaL5BKapYQAEFtodbHEuoqcPKvOQQNi1ZXY0DVU7FQ0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.314] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.314] CloseHandle (hObject=0x404) returned 1 [0288.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0288.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0288.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0288.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0288.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0288.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0288.315] SetLastError (dwErrCode=0x0) [0288.315] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x66 [0288.315] GetLastError () returned 0x0 [0288.315] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0288.315] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0288.315] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=8) returned 1 [0288.315] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat", cchCount2=4) returned 1 [0288.315] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcache")) returned 0x2016 [0288.315] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcache\\container.dat")) returned 0 [0288.315] GetLastError () returned 0x2 [0288.315] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCache\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcache\\container.dat")) returned 0xffffffff [0288.315] SetLastError (dwErrCode=0x2) [0288.315] GetLastError () returned 0x2 [0288.315] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.315] LocalFree (hMem=0x92fe20) returned 0x0 [0288.315] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.316] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.316] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcookies\\container.dat")) returned 0x2026 [0288.316] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38322241817) returned 1 [0288.316] GetCurrentThreadId () returned 0x1130 [0288.316] GetCurrentThreadId () returned 0x1130 [0288.316] GetCurrentThreadId () returned 0x1130 [0288.316] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="t7:(Njw:Y&Mxj!GxaJDq6|nIc`pzbmX\"K>rdw", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0288.316] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="t7:(Njw:Y&Mxj!GxaJDq6|nIc`pzbmX\"K>rdw", cchWideChar=37, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0288.317] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="t7:(Njw:Y&Mxj!GxaJDq6|nIc`pzbmX\"K>rdw", cchWideChar=37, lpMultiByteStr=0x2524fd0, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="t7:(Njw:Y&Mxj!GxaJDq6|nIc`pzbmX\"K>rdw", lpUsedDefaultChar=0x0) returned 37 [0288.317] GetCurrentThreadId () returned 0x1130 [0288.317] GetCurrentThreadId () returned 0x1130 [0288.317] GetCurrentThreadId () returned 0x1130 [0288.317] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcookies\\container.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.317] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] malloc (_Size=0x64) returned 0x1d1338 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.320] GetCurrentThreadId () returned 0x1130 [0288.321] GetCurrentThreadId () returned 0x1130 [0288.321] free (_Block=0x1d1338) [0288.321] malloc (_Size=0x60) returned 0x1d1338 [0288.321] free (_Block=0x1d1338) [0288.321] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.321] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.321] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.321] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.321] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.321] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.321] ReadFile (in: hFile=0x404, lpBuffer=0x0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x0*, lpNumberOfBytesRead=0x19fbc8*=0x0, lpOverlapped=0x0) returned 1 [0288.321] malloc (_Size=0x8c) returned 0x1d1338 [0288.321] malloc (_Size=0xfc) returned 0x31d78e8 [0288.321] malloc (_Size=0x40) returned 0x1d14e8 [0288.321] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.322] malloc (_Size=0x40) returned 0x1d7470 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] GetCurrentThreadId () returned 0x1130 [0288.322] malloc (_Size=0xc) returned 0x31e1df0 [0288.322] malloc (_Size=0x40) returned 0x1d74b8 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] free (_Block=0x31e40b0) [0288.323] free (_Block=0x1d14e8) [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.323] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] GetCurrentThreadId () returned 0x1130 [0288.324] free (_Block=0x1d74b8) [0288.324] free (_Block=0x31e1df0) [0288.324] free (_Block=0x1d7470) [0288.324] WriteFile (in: hFile=0x2b4, lpBuffer=0x25337d8*, nNumberOfBytesToWrite=0x2d, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x25337d8*, lpNumberOfBytesWritten=0x19fbbc*=0x2d, lpOverlapped=0x0) returned 1 [0288.326] free (_Block=0x31d78e8) [0288.326] free (_Block=0x1d1338) [0288.326] CloseHandle (hObject=0x2b4) returned 1 [0288.326] CloseHandle (hObject=0x404) returned 1 [0288.326] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0288.326] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0288.326] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0288.326] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0288.327] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0288.327] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0288.327] SetLastError (dwErrCode=0x0) [0288.327] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", lpFilePart=0x19f9f8*="container.dat") returned 0x68 [0288.327] GetLastError () returned 0x0 [0288.327] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0288.327] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0288.327] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0288.327] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0288.327] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcookies")) returned 0x2016 [0288.327] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcookies\\container.dat")) returned 1 [0288.328] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0x120)) [0288.328] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.328] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.329] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.329] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.329] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.329] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.329] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.329] CloseHandle (hObject=0x404) returned 1 [0288.329] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[t7:(Njw:Y&Mxj!GxaJDq6|nIc`pzbmX\"K>rdw]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0288.329] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[t7:(Njw:Y&Mxj!GxaJDq6|nIc`pzbmX\"K>rdw]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0288.329] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[container.dat]omgp:[t7:(Njw:Y&Mxj!GxaJDq6|nIc`pzbmX\"K>rdw]", cchWideChar=64, lpMultiByteStr=0x2541d28, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[container.dat]omgp:[t7:(Njw:Y&Mxj!GxaJDq6|nIc`pzbmX\"K>rdw]X", lpUsedDefaultChar=0x0) returned 64 [0288.337] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.337] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o=") returned 172 [0288.337] GetCurrentThreadId () returned 0x1130 [0288.337] GetCurrentThreadId () returned 0x1130 [0288.337] GetCurrentThreadId () returned 0x1130 [0288.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.337] SetLastError (dwErrCode=0x0) [0288.337] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320") returned 0xa7 [0288.337] GetLastError () returned 0x0 [0288.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.337] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.337] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcookies")) returned 0x2016 [0288.338] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].wannacash ncov v310320")) returned 0x2020 [0288.338] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcookies\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1138].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.338] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.338] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.338] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d [0288.338] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.338] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.338] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.338] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.339] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.339] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.339] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3") returned 197 [0288.339] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.339] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3") returned 197 [0288.339] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d [0288.339] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.339] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.339] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:fQnh56tUPUcV1+zdCGpIDkIQMrxPqNMeG8lJkprtaHvB0h1Lnsm2fzxL+2MDI6DCr3vVhOAruRl+zQhHAd8ymNvcQvpNOWMJWj4N5NQf9ZusQhvQA0Uw+gFP3RdmBh/O2E/2S1dqVly6zY1wC+UbCFtNU3U6sSHvrAUDlhwi40o= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.339] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.339] CloseHandle (hObject=0x404) returned 1 [0288.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0288.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0288.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0288.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0288.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0288.339] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0288.340] SetLastError (dwErrCode=0x0) [0288.340] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", lpFilePart=0x19fa34*="container.dat") returned 0x68 [0288.340] GetLastError () returned 0x0 [0288.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0288.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0288.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=8) returned 1 [0288.340] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat", cchCount2=4) returned 1 [0288.340] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcookies")) returned 0x2016 [0288.340] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcookies\\container.dat")) returned 0 [0288.340] GetLastError () returned 0x2 [0288.340] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\AC\\INetCookies\\container.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\ac\\inetcookies\\container.dat")) returned 0xffffffff [0288.340] SetLastError (dwErrCode=0x2) [0288.340] GetLastError () returned 0x2 [0288.340] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.340] LocalFree (hMem=0x92fe20) returned 0x0 [0288.340] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.340] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.341] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0x20 [0288.342] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38324823872) returned 1 [0288.342] GetCurrentThreadId () returned 0x1130 [0288.342] GetCurrentThreadId () returned 0x1130 [0288.342] GetCurrentThreadId () returned 0x1130 [0288.342] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6kAd/i.}s$|Vrx?wvR=|`pxC~nwYcKY_", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0288.342] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6kAd/i.}s$|Vrx?wvR=|`pxC~nwYcKY_", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0288.342] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="6kAd/i.}s$|Vrx?wvR=|`pxC~nwYcKY_", cchWideChar=32, lpMultiByteStr=0x250f7e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="6kAd/i.}s$|Vrx?wvR=|`pxC~nwYcKY_", lpUsedDefaultChar=0x0) returned 32 [0288.342] GetCurrentThreadId () returned 0x1130 [0288.342] GetCurrentThreadId () returned 0x1130 [0288.342] GetCurrentThreadId () returned 0x1130 [0288.342] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.343] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] GetCurrentThreadId () returned 0x1130 [0288.344] malloc (_Size=0x64) returned 0x1d1338 [0288.345] GetCurrentThreadId () returned 0x1130 [0288.345] GetCurrentThreadId () returned 0x1130 [0288.345] GetCurrentThreadId () returned 0x1130 [0288.345] GetCurrentThreadId () returned 0x1130 [0288.345] GetCurrentThreadId () returned 0x1130 [0288.345] GetCurrentThreadId () returned 0x1130 [0288.345] free (_Block=0x1d1338) [0288.345] malloc (_Size=0x60) returned 0x1d1338 [0288.345] free (_Block=0x1d1338) [0288.345] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.345] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x4000 [0288.345] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.345] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.345] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x4000 [0288.345] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.345] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x4000, lpOverlapped=0x0) returned 1 [0288.347] malloc (_Size=0x8c) returned 0x1d1338 [0288.347] malloc (_Size=0xfc) returned 0x31d71b0 [0288.347] malloc (_Size=0x40) returned 0x1d14e8 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] GetCurrentThreadId () returned 0x1130 [0288.347] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.348] malloc (_Size=0x40) returned 0x1d7470 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] GetCurrentThreadId () returned 0x1130 [0288.348] malloc (_Size=0xc) returned 0x31e1dc0 [0288.348] malloc (_Size=0x720) returned 0x31d2860 [0288.348] malloc (_Size=0xe3c) returned 0x1d9aa8 [0288.349] free (_Block=0x31d2860) [0288.349] malloc (_Size=0x15ac) returned 0x1da8f0 [0288.349] free (_Block=0x1d9aa8) [0288.349] malloc (_Size=0x23e4) returned 0x1dbea8 [0288.349] free (_Block=0x1da8f0) [0288.349] malloc (_Size=0x3274) returned 0x3a60048 [0288.349] free (_Block=0x1dbea8) [0288.349] malloc (_Size=0x4820) returned 0x1d9aa8 [0288.349] free (_Block=0x3a60048) [0288.349] malloc (_Size=0x64e4) returned 0x3a60048 [0288.349] free (_Block=0x1d9aa8) [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] free (_Block=0x31e40b0) [0288.350] free (_Block=0x1d14e8) [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.350] GetCurrentThreadId () returned 0x1130 [0288.351] GetCurrentThreadId () returned 0x1130 [0288.351] GetCurrentThreadId () returned 0x1130 [0288.351] GetCurrentThreadId () returned 0x1130 [0288.351] free (_Block=0x3a60048) [0288.351] free (_Block=0x31e1dc0) [0288.351] free (_Block=0x1d7470) [0288.351] WriteFile (in: hFile=0x2b4, lpBuffer=0x39be808*, nNumberOfBytesToWrite=0x56d6, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39be808*, lpNumberOfBytesWritten=0x19fbbc*=0x56d6, lpOverlapped=0x0) returned 1 [0288.352] free (_Block=0x31d71b0) [0288.352] free (_Block=0x1d1338) [0288.352] CloseHandle (hObject=0x2b4) returned 1 [0288.353] CloseHandle (hObject=0x404) returned 1 [0288.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.353] SetLastError (dwErrCode=0x0) [0288.353] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x61 [0288.353] GetLastError () returned 0x0 [0288.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.353] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.353] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.353] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\settings.dat")) returned 1 [0288.355] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0x13f)) [0288.355] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.355] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.355] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.356] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.356] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.356] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.356] CloseHandle (hObject=0x404) returned 1 [0288.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[6kAd/i.}s$|Vrx?wvR=|`pxC~nwYcKY_]", cchWideChar=58, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 58 [0288.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[6kAd/i.}s$|Vrx?wvR=|`pxC~nwYcKY_]", cchWideChar=58, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 58 [0288.356] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[6kAd/i.}s$|Vrx?wvR=|`pxC~nwYcKY_]", cchWideChar=58, lpMultiByteStr=0x25169b0, cbMultiByte=58, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[6kAd/i.}s$|Vrx?wvR=|`pxC~nwYcKY_]", lpUsedDefaultChar=0x0) returned 58 [0288.362] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.362] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e73c, cchWideChar=172 | out: lpWideCharStr="t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE=") returned 172 [0288.362] GetCurrentThreadId () returned 0x1130 [0288.362] GetCurrentThreadId () returned 0x1130 [0288.362] GetCurrentThreadId () returned 0x1130 [0288.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.362] SetLastError (dwErrCode=0x0) [0288.362] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320") returned 0xa1 [0288.362] GetLastError () returned 0x0 [0288.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.362] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.362] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.363] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].wannacash ncov v310320")) returned 0x20 [0288.363] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1139].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.363] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.363] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.363] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x56d6 [0288.363] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.363] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.363] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.363] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.363] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.363] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.363] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.363] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3") returned 197 [0288.363] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.363] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3") returned 197 [0288.363] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x56d6 [0288.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.364] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:t0z6b+Ek2oUIzI6HS37NSFNpSOxFhX+p5WPg7LvLHjuVYVAR8az/BFuqOuftfGuv8DxHzVJfauT6BzpS3Cy/uo28eeoMvi09EVtHqQMB4P3oa6DEY58cb30/E9xJUmi8FLaCmzo9SxIXc5kKltd+nmzYsxNPLOFik+0JZvUliFE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.364] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.364] CloseHandle (hObject=0x404) returned 1 [0288.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.365] SetLastError (dwErrCode=0x0) [0288.365] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x61 [0288.365] GetLastError () returned 0x0 [0288.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.365] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.365] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.365] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0 [0288.365] GetLastError () returned 0x2 [0288.365] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0xffffffff [0288.365] SetLastError (dwErrCode=0x2) [0288.365] GetLastError () returned 0x2 [0288.365] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.365] LocalFree (hMem=0x92fe20) returned 0x0 [0288.365] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.366] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.366] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0x20 [0288.368] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38327424617) returned 1 [0288.368] GetCurrentThreadId () returned 0x1130 [0288.368] GetCurrentThreadId () returned 0x1130 [0288.368] GetCurrentThreadId () returned 0x1130 [0288.368] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="S:1U&T3XJQ@XnpNOzpIH№ctFi6/v~%|i7`oamo_@#U", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0288.368] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="S:1U&T3XJQ@XnpNOzpIH№ctFi6/v~%|i7`oamo_@#U", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0288.368] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="S:1U&T3XJQ@XnpNOzpIH№ctFi6/v~%|i7`oamo_@#U", cchWideChar=42, lpMultiByteStr=0x2524fd0, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="S:1U&T3XJQ@XnpNOzpIHâ\x84\x96ctFi6/v~%|i7`oamo_@#UqPR\x02\x01", lpUsedDefaultChar=0x0) returned 44 [0288.368] GetCurrentThreadId () returned 0x1130 [0288.368] GetCurrentThreadId () returned 0x1130 [0288.368] GetCurrentThreadId () returned 0x1130 [0288.368] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.369] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] malloc (_Size=0x64) returned 0x1d1338 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.370] GetCurrentThreadId () returned 0x1130 [0288.371] free (_Block=0x1d1338) [0288.371] malloc (_Size=0x60) returned 0x1d1338 [0288.371] free (_Block=0x1d1338) [0288.371] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.371] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.371] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.371] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.371] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.371] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.371] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0288.373] malloc (_Size=0x8c) returned 0x1d1338 [0288.373] malloc (_Size=0xfc) returned 0x31d7af8 [0288.373] malloc (_Size=0x40) returned 0x1d14e8 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.373] malloc (_Size=0x40) returned 0x1d7470 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.373] GetCurrentThreadId () returned 0x1130 [0288.374] GetCurrentThreadId () returned 0x1130 [0288.374] GetCurrentThreadId () returned 0x1130 [0288.374] GetCurrentThreadId () returned 0x1130 [0288.374] GetCurrentThreadId () returned 0x1130 [0288.374] GetCurrentThreadId () returned 0x1130 [0288.374] GetCurrentThreadId () returned 0x1130 [0288.374] GetCurrentThreadId () returned 0x1130 [0288.374] GetCurrentThreadId () returned 0x1130 [0288.374] GetCurrentThreadId () returned 0x1130 [0288.374] malloc (_Size=0xc) returned 0x31e1d18 [0288.374] malloc (_Size=0x720) returned 0x31d2860 [0288.374] malloc (_Size=0xe3c) returned 0x1d9aa8 [0288.374] free (_Block=0x31d2860) [0288.374] malloc (_Size=0x15ac) returned 0x1da8f0 [0288.374] free (_Block=0x1d9aa8) [0288.374] malloc (_Size=0x23e4) returned 0x1dbea8 [0288.375] free (_Block=0x1da8f0) [0288.375] malloc (_Size=0x3274) returned 0x3a60048 [0288.375] free (_Block=0x1dbea8) [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] free (_Block=0x31e40b0) [0288.375] free (_Block=0x1d14e8) [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.375] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] GetCurrentThreadId () returned 0x1130 [0288.376] free (_Block=0x3a60048) [0288.376] free (_Block=0x31e1d18) [0288.376] free (_Block=0x1d7470) [0288.376] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0288.377] free (_Block=0x31d7af8) [0288.377] free (_Block=0x1d1338) [0288.378] CloseHandle (hObject=0x2b4) returned 1 [0288.378] CloseHandle (hObject=0x404) returned 1 [0288.378] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.378] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.378] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.378] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.378] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.378] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.378] SetLastError (dwErrCode=0x0) [0288.378] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x5c [0288.378] GetLastError () returned 0x0 [0288.378] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.378] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.378] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.378] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.378] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.379] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings\\settings.dat")) returned 1 [0288.380] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0x15e)) [0288.381] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.381] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.381] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.381] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.381] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.381] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.381] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.381] CloseHandle (hObject=0x404) returned 1 [0288.381] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[S:1U&T3XJQ@XnpNOzpIH№ctFi6/v~%|i7`oamo_@#U]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0288.381] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[S:1U&T3XJQ@XnpNOzpIH№ctFi6/v~%|i7`oamo_@#U]", cchWideChar=68, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0288.381] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[S:1U&T3XJQ@XnpNOzpIH№ctFi6/v~%|i7`oamo_@#U]", cchWideChar=68, lpMultiByteStr=0x2541d28, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[S:1U&T3XJQ@XnpNOzpIH?ctFi6/v~%|i7`oamo_@#U]1\x1cT\x02\x01", lpUsedDefaultChar=0x0) returned 68 [0288.387] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.387] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE=") returned 172 [0288.387] GetCurrentThreadId () returned 0x1130 [0288.387] GetCurrentThreadId () returned 0x1130 [0288.387] GetCurrentThreadId () returned 0x1130 [0288.387] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.387] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.387] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.387] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.387] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.387] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.387] SetLastError (dwErrCode=0x0) [0288.387] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320") returned 0x9c [0288.388] GetLastError () returned 0x0 [0288.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.388] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.388] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.388] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].wannacash ncov v310320")) returned 0x20 [0288.388] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1140].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.388] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.388] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.388] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0288.388] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.388] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.388] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.388] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.389] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.389] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.389] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.389] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.389] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3") returned 197 [0288.389] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.389] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3") returned 197 [0288.389] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0288.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.389] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:FuwhrMNzrqzBIFt9RoxB4/TybG0Q06zPLxQBlaTqQpWyvoeNtTQAFMd5fUSfxo15vYbCasQniyQ3iyIMKJ3hlEPQNXFksVhhX111zQoxsgoZrWh7Xva7IL/0NvSA6urZdJXiZUVf9PFNDkHmlUMop4uCRFBHKNkgZBXW6jQhSDE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.389] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.389] CloseHandle (hObject=0x404) returned 1 [0288.389] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.389] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.389] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.389] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.389] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.389] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.389] SetLastError (dwErrCode=0x0) [0288.390] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x5c [0288.390] GetLastError () returned 0x0 [0288.390] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.390] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.390] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.390] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.390] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.390] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0 [0288.390] GetLastError () returned 0x2 [0288.390] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0xffffffff [0288.390] SetLastError (dwErrCode=0x2) [0288.390] GetLastError () returned 0x2 [0288.390] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.390] LocalFree (hMem=0x92fe20) returned 0x0 [0288.390] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.390] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.391] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings\\settings.dat")) returned 0x20 [0288.392] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38329818721) returned 1 [0288.392] GetCurrentThreadId () returned 0x1130 [0288.392] GetCurrentThreadId () returned 0x1130 [0288.392] GetCurrentThreadId () returned 0x1130 [0288.392] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"VSX9\"^p.d%%j@YJ}#2nmuwt.>:/Djbd_jEjx1?):*|J7", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0288.392] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"VSX9\"^p.d%%j@YJ}#2nmuwt.>:/Djbd_jEjx1?):*|J7", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0288.392] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"VSX9\"^p.d%%j@YJ}#2nmuwt.>:/Djbd_jEjx1?):*|J7", cchWideChar=45, lpMultiByteStr=0x25337d8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"VSX9\"^p.d%%j@YJ}#2nmuwt.>:/Djbd_jEjx1?):*|J7", lpUsedDefaultChar=0x0) returned 45 [0288.392] GetCurrentThreadId () returned 0x1130 [0288.392] GetCurrentThreadId () returned 0x1130 [0288.392] GetCurrentThreadId () returned 0x1130 [0288.392] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.393] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] malloc (_Size=0x64) returned 0x1d1338 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] GetCurrentThreadId () returned 0x1130 [0288.394] free (_Block=0x1d1338) [0288.394] malloc (_Size=0x60) returned 0x1d1338 [0288.395] free (_Block=0x1d1338) [0288.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.395] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.395] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0288.397] malloc (_Size=0x8c) returned 0x1d1338 [0288.397] malloc (_Size=0xfc) returned 0x31d7af8 [0288.397] malloc (_Size=0x40) returned 0x1d14e8 [0288.397] GetCurrentThreadId () returned 0x1130 [0288.397] GetCurrentThreadId () returned 0x1130 [0288.397] GetCurrentThreadId () returned 0x1130 [0288.397] GetCurrentThreadId () returned 0x1130 [0288.397] GetCurrentThreadId () returned 0x1130 [0288.397] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.398] malloc (_Size=0x40) returned 0x1d7470 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] GetCurrentThreadId () returned 0x1130 [0288.398] malloc (_Size=0xc) returned 0x31e1ca0 [0288.398] malloc (_Size=0x720) returned 0x31d2860 [0288.398] malloc (_Size=0xe3c) returned 0x1d9aa8 [0288.398] free (_Block=0x31d2860) [0288.398] malloc (_Size=0x15ac) returned 0x1da8f0 [0288.398] free (_Block=0x1d9aa8) [0288.398] malloc (_Size=0x23e4) returned 0x1dbea8 [0288.399] free (_Block=0x1da8f0) [0288.399] malloc (_Size=0x3274) returned 0x3a60048 [0288.399] free (_Block=0x1dbea8) [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] free (_Block=0x31e40b0) [0288.399] free (_Block=0x1d14e8) [0288.399] GetCurrentThreadId () returned 0x1130 [0288.399] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] GetCurrentThreadId () returned 0x1130 [0288.400] free (_Block=0x3a60048) [0288.401] free (_Block=0x31e1ca0) [0288.401] free (_Block=0x1d7470) [0288.401] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0288.402] free (_Block=0x31d7af8) [0288.402] free (_Block=0x1d1338) [0288.403] CloseHandle (hObject=0x2b4) returned 1 [0288.403] CloseHandle (hObject=0x404) returned 1 [0288.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.403] SetLastError (dwErrCode=0x0) [0288.403] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x67 [0288.403] GetLastError () returned 0x0 [0288.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.403] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.404] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings")) returned 0x10 [0288.404] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings\\settings.dat")) returned 1 [0288.406] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0x16e)) [0288.406] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.406] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.406] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.406] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.406] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.406] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.406] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.406] CloseHandle (hObject=0x404) returned 1 [0288.406] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[\"VSX9\"^p.d%%j@YJ}#2nmuwt.>:/Djbd_jEjx1?):*|J7]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0288.406] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[\"VSX9\"^p.d%%j@YJ}#2nmuwt.>:/Djbd_jEjx1?):*|J7]", cchWideChar=71, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0288.406] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[\"VSX9\"^p.d%%j@YJ}#2nmuwt.>:/Djbd_jEjx1?):*|J7]", cchWideChar=71, lpMultiByteStr=0x252c708, cbMultiByte=71, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[\"VSX9\"^p.d%%j@YJ}#2nmuwt.>:/Djbd_jEjx1?):*|J7]", lpUsedDefaultChar=0x0) returned 71 [0288.413] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.413] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e73c, cchWideChar=172 | out: lpWideCharStr="MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU=") returned 172 [0288.413] GetCurrentThreadId () returned 0x1130 [0288.413] GetCurrentThreadId () returned 0x1130 [0288.413] GetCurrentThreadId () returned 0x1130 [0288.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.413] SetLastError (dwErrCode=0x0) [0288.413] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320") returned 0xa7 [0288.413] GetLastError () returned 0x0 [0288.413] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.414] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.414] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings")) returned 0x10 [0288.414] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].wannacash ncov v310320")) returned 0x20 [0288.414] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1141].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.414] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.414] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.414] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0288.414] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.414] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.414] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.415] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.415] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.415] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3") returned 197 [0288.415] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.415] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3") returned 197 [0288.415] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0288.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.415] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:MGPvvn4BngpGfseoUD04dCcRyG/qUT93LIiLsMNku8LNu3YXJ+mV5p4ukwLfg4nxFdeM81pD7/oCYc6fX0N13OsGTCOf1FjgdajhnN9FZKG9sMxBrGGnpctQ96tJJQyIJGPAHAcNI2ud+BhhzpYfandHSKDDH57ARnQO1Du7rXU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.415] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.415] CloseHandle (hObject=0x404) returned 1 [0288.415] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.415] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.415] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.415] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.416] SetLastError (dwErrCode=0x0) [0288.416] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x67 [0288.416] GetLastError () returned 0x0 [0288.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.416] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings")) returned 0x10 [0288.416] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings\\settings.dat")) returned 0 [0288.416] GetLastError () returned 0x2 [0288.416] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings\\settings.dat")) returned 0xffffffff [0288.416] SetLastError (dwErrCode=0x2) [0288.416] GetLastError () returned 0x2 [0288.416] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.416] LocalFree (hMem=0x92fe20) returned 0x0 [0288.416] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.417] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.417] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgameoverlay_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0x20 [0288.417] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38332313424) returned 1 [0288.417] GetCurrentThreadId () returned 0x1130 [0288.417] GetCurrentThreadId () returned 0x1130 [0288.417] GetCurrentThreadId () returned 0x1130 [0288.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HVN=Vx#Iyh2PE\\>(r№ltuu_fEDG1d,FeM3Ytm)Pij*^c,rE/V", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0288.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HVN=Vx#Iyh2PE\\>(r№ltuu_fEDG1d,FeM3Ytm)Pij*^c,rE/V", cchWideChar=49, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0288.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="HVN=Vx#Iyh2PE\\>(r№ltuu_fEDG1d,FeM3Ytm)Pij*^c,rE/V", cchWideChar=49, lpMultiByteStr=0x25337d8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="HVN=Vx#Iyh2PE\\>(râ\x84\x96ltuu_fEDG1d,FeM3Ytm)Pij*^c,rE/V", lpUsedDefaultChar=0x0) returned 51 [0288.417] GetCurrentThreadId () returned 0x1130 [0288.417] GetCurrentThreadId () returned 0x1130 [0288.417] GetCurrentThreadId () returned 0x1130 [0288.417] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgameoverlay_8wekyb3d8bbwe\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.417] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgameoverlay_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] GetCurrentThreadId () returned 0x1130 [0288.420] malloc (_Size=0x64) returned 0x1d1338 [0288.421] GetCurrentThreadId () returned 0x1130 [0288.421] GetCurrentThreadId () returned 0x1130 [0288.421] GetCurrentThreadId () returned 0x1130 [0288.421] GetCurrentThreadId () returned 0x1130 [0288.421] GetCurrentThreadId () returned 0x1130 [0288.421] GetCurrentThreadId () returned 0x1130 [0288.421] free (_Block=0x1d1338) [0288.421] malloc (_Size=0x60) returned 0x1d1338 [0288.421] free (_Block=0x1d1338) [0288.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.421] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.421] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0288.423] malloc (_Size=0x8c) returned 0x1d1338 [0288.423] malloc (_Size=0xfc) returned 0x31d75d0 [0288.423] malloc (_Size=0x40) returned 0x1d14e8 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] GetCurrentThreadId () returned 0x1130 [0288.423] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.424] malloc (_Size=0x40) returned 0x1d7470 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] GetCurrentThreadId () returned 0x1130 [0288.424] malloc (_Size=0xc) returned 0x31e1ca0 [0288.424] malloc (_Size=0x720) returned 0x31d2860 [0288.424] malloc (_Size=0xe3c) returned 0x1d9aa8 [0288.424] free (_Block=0x31d2860) [0288.424] malloc (_Size=0x15ac) returned 0x1da8f0 [0288.425] free (_Block=0x1d9aa8) [0288.425] malloc (_Size=0x23e4) returned 0x1dbea8 [0288.425] free (_Block=0x1da8f0) [0288.425] malloc (_Size=0x3274) returned 0x3a60048 [0288.425] free (_Block=0x1dbea8) [0288.425] GetCurrentThreadId () returned 0x1130 [0288.425] GetCurrentThreadId () returned 0x1130 [0288.425] GetCurrentThreadId () returned 0x1130 [0288.425] GetCurrentThreadId () returned 0x1130 [0288.425] GetCurrentThreadId () returned 0x1130 [0288.425] GetCurrentThreadId () returned 0x1130 [0288.425] GetCurrentThreadId () returned 0x1130 [0288.425] GetCurrentThreadId () returned 0x1130 [0288.425] GetCurrentThreadId () returned 0x1130 [0288.425] GetCurrentThreadId () returned 0x1130 [0288.425] GetCurrentThreadId () returned 0x1130 [0288.425] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] free (_Block=0x31e40b0) [0288.426] free (_Block=0x1d14e8) [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.426] GetCurrentThreadId () returned 0x1130 [0288.427] free (_Block=0x3a60048) [0288.427] free (_Block=0x31e1ca0) [0288.427] free (_Block=0x1d7470) [0288.427] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0288.428] free (_Block=0x31d75d0) [0288.428] free (_Block=0x1d1338) [0288.428] CloseHandle (hObject=0x2b4) returned 1 [0288.429] CloseHandle (hObject=0x404) returned 1 [0288.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.429] SetLastError (dwErrCode=0x0) [0288.429] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x64 [0288.429] GetLastError () returned 0x0 [0288.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.429] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgameoverlay_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.429] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgameoverlay_8wekyb3d8bbwe\\settings\\settings.dat")) returned 1 [0288.431] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0x18d)) [0288.431] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.431] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.431] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.431] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.432] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.432] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.432] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.432] CloseHandle (hObject=0x404) returned 1 [0288.432] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[HVN=Vx#Iyh2PE\\>(r№ltuu_fEDG1d,FeM3Ytm)Pij*^c,rE/V]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0288.432] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[HVN=Vx#Iyh2PE\\>(r№ltuu_fEDG1d,FeM3Ytm)Pij*^c,rE/V]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0288.432] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[HVN=Vx#Iyh2PE\\>(r№ltuu_fEDG1d,FeM3Ytm)Pij*^c,rE/V]", cchWideChar=75, lpMultiByteStr=0x252c708, cbMultiByte=75, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[HVN=Vx#Iyh2PE\\>(r?ltuu_fEDG1d,FeM3Ytm)Pij*^c,rE/V]", lpUsedDefaultChar=0x0) returned 75 [0288.438] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.438] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8=") returned 172 [0288.438] GetCurrentThreadId () returned 0x1130 [0288.438] GetCurrentThreadId () returned 0x1130 [0288.438] GetCurrentThreadId () returned 0x1130 [0288.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.438] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.439] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.439] SetLastError (dwErrCode=0x0) [0288.439] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320") returned 0xa4 [0288.439] GetLastError () returned 0x0 [0288.439] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.439] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.439] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.439] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.439] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgameoverlay_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.439] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgameoverlay_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].wannacash ncov v310320")) returned 0x20 [0288.439] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgameoverlay_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1142].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.439] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.439] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.439] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0288.440] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.440] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.440] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.440] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.440] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.440] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.440] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3") returned 197 [0288.440] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.440] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3") returned 197 [0288.440] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0288.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.440] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Lh8BELSGKWxaz8caCjqvS0QSaBtyCm/NuNdMrrA1WeUSJMNGWweC0BODXtR7vWQYxsA6F676KSQDX/kdDibvLom1n9GtSfFOtQuJbJ1z/5tlcrsIx9bSDXYxE0GYjJSabQ0IYIqsqVgqScwDmAh67cOu2hB9Y3l+/4NWKJkj+T8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.440] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.440] CloseHandle (hObject=0x404) returned 1 [0288.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.440] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.441] SetLastError (dwErrCode=0x0) [0288.441] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x64 [0288.441] GetLastError () returned 0x0 [0288.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.441] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.441] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgameoverlay_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.441] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgameoverlay_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0 [0288.441] GetLastError () returned 0x2 [0288.441] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxgameoverlay_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0xffffffff [0288.441] SetLastError (dwErrCode=0x2) [0288.441] GetLastError () returned 0x2 [0288.441] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.441] LocalFree (hMem=0x92fe20) returned 0x0 [0288.441] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.442] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.442] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxidentityprovider_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0x20 [0288.442] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38334853165) returned 1 [0288.442] GetCurrentThreadId () returned 0x1130 [0288.442] GetCurrentThreadId () returned 0x1130 [0288.442] GetCurrentThreadId () returned 0x1130 [0288.443] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kfkce95f2+H*4WuA8k!WHGRbVO&n!aAM:", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0288.443] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kfkce95f2+H*4WuA8k!WHGRbVO&n!aAM:", cchWideChar=33, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0288.443] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kfkce95f2+H*4WuA8k!WHGRbVO&n!aAM:", cchWideChar=33, lpMultiByteStr=0x250f7e8, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kfkce95f2+H*4WuA8k!WHGRbVO&n!aAM:", lpUsedDefaultChar=0x0) returned 33 [0288.443] GetCurrentThreadId () returned 0x1130 [0288.443] GetCurrentThreadId () returned 0x1130 [0288.443] GetCurrentThreadId () returned 0x1130 [0288.443] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxidentityprovider_8wekyb3d8bbwe\\settings\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.443] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxidentityprovider_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] GetCurrentThreadId () returned 0x1130 [0288.445] malloc (_Size=0x64) returned 0x1d1338 [0288.446] GetCurrentThreadId () returned 0x1130 [0288.446] GetCurrentThreadId () returned 0x1130 [0288.446] GetCurrentThreadId () returned 0x1130 [0288.446] GetCurrentThreadId () returned 0x1130 [0288.446] GetCurrentThreadId () returned 0x1130 [0288.446] GetCurrentThreadId () returned 0x1130 [0288.446] free (_Block=0x1d1338) [0288.446] malloc (_Size=0x60) returned 0x1d1338 [0288.446] free (_Block=0x1d1338) [0288.446] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.446] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.446] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.446] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.446] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2000 [0288.446] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0288.446] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2000, lpOverlapped=0x0) returned 1 [0288.448] malloc (_Size=0x8c) returned 0x1d1338 [0288.448] malloc (_Size=0xfc) returned 0x31d75d0 [0288.448] malloc (_Size=0x40) returned 0x1d14e8 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.448] GetCurrentThreadId () returned 0x1130 [0288.449] malloc (_Size=0xa5c) returned 0x31e40b0 [0288.449] malloc (_Size=0x40) returned 0x1d7470 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] GetCurrentThreadId () returned 0x1130 [0288.449] malloc (_Size=0xc) returned 0x31e1eb0 [0288.449] malloc (_Size=0x720) returned 0x31d2860 [0288.449] malloc (_Size=0xe3c) returned 0x1d9aa8 [0288.450] free (_Block=0x31d2860) [0288.450] malloc (_Size=0x15ac) returned 0x1da8f0 [0288.450] free (_Block=0x1d9aa8) [0288.450] malloc (_Size=0x23e4) returned 0x1dbea8 [0288.450] free (_Block=0x1da8f0) [0288.450] malloc (_Size=0x3274) returned 0x3a60048 [0288.451] free (_Block=0x1dbea8) [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] free (_Block=0x31e40b0) [0288.451] free (_Block=0x1d14e8) [0288.451] GetCurrentThreadId () returned 0x1130 [0288.451] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] GetCurrentThreadId () returned 0x1130 [0288.452] free (_Block=0x3a60048) [0288.452] free (_Block=0x31e1eb0) [0288.452] free (_Block=0x1d7470) [0288.452] WriteFile (in: hFile=0x2b4, lpBuffer=0x39ba808*, nNumberOfBytesToWrite=0x2b84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39ba808*, lpNumberOfBytesWritten=0x19fbbc*=0x2b84, lpOverlapped=0x0) returned 1 [0288.454] free (_Block=0x31d75d0) [0288.454] free (_Block=0x1d1338) [0288.454] CloseHandle (hObject=0x2b4) returned 1 [0288.454] CloseHandle (hObject=0x404) returned 1 [0288.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.454] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.455] SetLastError (dwErrCode=0x0) [0288.455] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19f9f8*="settings.dat") returned 0x69 [0288.455] GetLastError () returned 0x0 [0288.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.455] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.455] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxidentityprovider_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.455] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxidentityprovider_8wekyb3d8bbwe\\settings\\settings.dat")) returned 1 [0288.457] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x4, wMilliseconds=0x19d)) [0288.457] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0288.457] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.458] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0288.458] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.458] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0288.458] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0288.458] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0288.458] CloseHandle (hObject=0x404) returned 1 [0288.458] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[kfkce95f2+H*4WuA8k!WHGRbVO&n!aAM:]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0288.458] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[kfkce95f2+H*4WuA8k!WHGRbVO&n!aAM:]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0288.458] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[settings.dat]omgp:[kfkce95f2+H*4WuA8k!WHGRbVO&n!aAM:]", cchWideChar=59, lpMultiByteStr=0x2516890, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[settings.dat]omgp:[kfkce95f2+H*4WuA8k!WHGRbVO&n!aAM:]", lpUsedDefaultChar=0x0) returned 59 [0288.466] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0288.466] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA=") returned 172 [0288.467] GetCurrentThreadId () returned 0x1130 [0288.467] GetCurrentThreadId () returned 0x1130 [0288.467] GetCurrentThreadId () returned 0x1130 [0288.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.467] SetLastError (dwErrCode=0x0) [0288.467] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320") returned 0xa9 [0288.467] GetLastError () returned 0x0 [0288.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0288.467] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0288.467] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxidentityprovider_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.467] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxidentityprovider_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].wannacash ncov v310320")) returned 0x20 [0288.468] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxidentityprovider_8wekyb3d8bbwe\\settings\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1143].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0288.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0288.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2b84 [0288.468] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0288.468] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0288.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.468] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.469] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.469] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.469] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3") returned 197 [0288.469] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0288.469] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3") returned 197 [0288.469] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2b84 [0288.469] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.469] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0288.469] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:hIleAWbBQHeqc+KPmR5p80Klp73OuHr6kYtQBB1A+u+EYcWqBiGi76pRUBMUZ2KkLvLPyQuB4/tDyMPD4qDKYCedbMkZFaR6DI4Bt/ctQN9EdjT2LabrdsoQQtMiEHsjBuwqPBL/e33PIfF1yvVcljq5VapE0Nsl5Z6q4GV0gwA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0288.469] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0288.469] CloseHandle (hObject=0x404) returned 1 [0288.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.469] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.470] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.470] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.470] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.470] SetLastError (dwErrCode=0x0) [0288.470] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", lpFilePart=0x19fa34*="settings.dat") returned 0x69 [0288.470] GetLastError () returned 0x0 [0288.470] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.470] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.470] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=8) returned 1 [0288.470] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat", cchCount2=4) returned 1 [0288.470] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxidentityprovider_8wekyb3d8bbwe\\settings")) returned 0x10 [0288.470] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxidentityprovider_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0 [0288.470] GetLastError () returned 0x2 [0288.470] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxidentityprovider_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0xffffffff [0288.470] SetLastError (dwErrCode=0x2) [0288.470] GetLastError () returned 0x2 [0288.470] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0288.471] LocalFree (hMem=0x92fe20) returned 0x0 [0288.471] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0288.471] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0288.472] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Packages\\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\\Settings\\settings.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\packages\\microsoft.xboxspeechtotextoverlay_8wekyb3d8bbwe\\settings\\settings.dat")) returned 0x20 [0288.472] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38337823526) returned 1 [0288.472] GetCurrentThreadId () returned 0x1130 [0288.472] GetCurrentThreadId () returned 0x1130 [0288.472] GetCurrentThreadId () returned 0x1130 [0288.472] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="1#_TE+aX;q-g;2a>|n%4&+{so~gJQu)LDBagMeJIDk", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0289.176] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="t~}Pu*t~-ZbkUu8\"r9!AJZQzU>gJQu)LDBagMeJIDk", cchWideChar=42, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0289.176] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="t~}Pu*t~-ZbkUu8\"r9!AJZQzU>gJQu)LDBagMeJIDk", cchWideChar=42, lpMultiByteStr=0x2524fd0, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="t~}Pu*t~-ZbkUu8\"r9!AJZQzU>gJQu)LDBagMeJIDk", lpUsedDefaultChar=0x0) returned 42 [0289.176] GetCurrentThreadId () returned 0x1130 [0289.176] GetCurrentThreadId () returned 0x1130 [0289.176] GetCurrentThreadId () returned 0x1130 [0289.176] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\bmft2nillyxx5l6xl-y.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0289.177] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0289.178] GetCurrentThreadId () returned 0x1130 [0289.178] GetCurrentThreadId () returned 0x1130 [0289.178] GetCurrentThreadId () returned 0x1130 [0289.178] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] malloc (_Size=0x64) returned 0x1d1338 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] GetCurrentThreadId () returned 0x1130 [0289.179] free (_Block=0x1d1338) [0289.179] malloc (_Size=0x60) returned 0x1d1338 [0289.179] free (_Block=0x1d1338) [0289.179] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0289.179] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x26b5 [0289.179] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0289.179] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0289.180] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x26b5 [0289.180] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0289.180] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x26b5, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x26b5, lpOverlapped=0x0) returned 1 [0289.180] malloc (_Size=0x8c) returned 0x1d1338 [0289.181] malloc (_Size=0xfc) returned 0x31d7c00 [0289.181] malloc (_Size=0x40) returned 0x1d14e8 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] malloc (_Size=0xa5c) returned 0x31e40b0 [0289.181] malloc (_Size=0x40) returned 0x1d7470 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] GetCurrentThreadId () returned 0x1130 [0289.181] malloc (_Size=0xc) returned 0x31e1ef8 [0289.182] malloc (_Size=0x720) returned 0x31d2860 [0289.182] malloc (_Size=0xe3c) returned 0x1d9aa8 [0289.182] free (_Block=0x31d2860) [0289.182] malloc (_Size=0x15ac) returned 0x1da8f0 [0289.182] free (_Block=0x1d9aa8) [0289.182] malloc (_Size=0x23e4) returned 0x1dbea8 [0289.182] free (_Block=0x1da8f0) [0289.182] malloc (_Size=0x3274) returned 0x3a60048 [0289.182] free (_Block=0x1dbea8) [0289.182] malloc (_Size=0x4618) returned 0x1d9aa8 [0289.183] free (_Block=0x3a60048) [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.183] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] free (_Block=0x31e40b0) [0289.184] free (_Block=0x1d14e8) [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] GetCurrentThreadId () returned 0x1130 [0289.184] free (_Block=0x1d9aa8) [0289.185] free (_Block=0x31e1ef8) [0289.185] free (_Block=0x1d7470) [0289.185] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bb608*, nNumberOfBytesToWrite=0x348f, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bb608*, lpNumberOfBytesWritten=0x19fbbc*=0x348f, lpOverlapped=0x0) returned 1 [0289.186] free (_Block=0x31d7c00) [0289.187] free (_Block=0x1d1338) [0289.187] CloseHandle (hObject=0x2b4) returned 1 [0289.187] CloseHandle (hObject=0x404) returned 1 [0289.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=8) returned 1 [0289.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=4) returned 1 [0289.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=8) returned 1 [0289.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=4) returned 1 [0289.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=8) returned 1 [0289.187] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=4) returned 1 [0289.187] SetLastError (dwErrCode=0x0) [0289.187] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", lpFilePart=0x19f9f8*="BMft2NilLyXx5L6xl-y.flv") returned 0x3a [0289.187] GetLastError () returned 0x0 [0289.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=8) returned 1 [0289.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=4) returned 1 [0289.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=8) returned 1 [0289.188] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=4) returned 1 [0289.188] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp")) returned 0x10 [0289.188] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\bmft2nillyxx5l6xl-y.flv")) returned 1 [0289.189] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x5, wMilliseconds=0x93)) [0289.190] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0289.190] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0289.190] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0289.190] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0289.190] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0289.190] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0289.190] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0289.190] CloseHandle (hObject=0x404) returned 1 [0289.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[BMft2NilLyXx5L6xl-y.flv]omgp:[t~}Pu*t~-ZbkUu8\"r9!AJZQzU>gJQu)LDBagMeJIDk]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0289.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[BMft2NilLyXx5L6xl-y.flv]omgp:[t~}Pu*t~-ZbkUu8\"r9!AJZQzU>gJQu)LDBagMeJIDk]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0289.190] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[BMft2NilLyXx5L6xl-y.flv]omgp:[t~}Pu*t~-ZbkUu8\"r9!AJZQzU>gJQu)LDBagMeJIDk]", cchWideChar=79, lpMultiByteStr=0x251e148, cbMultiByte=79, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[BMft2NilLyXx5L6xl-y.flv]omgp:[t~}Pu*t~-ZbkUu8\"r9!AJZQzU>gJQu)LDBagMeJIDk]", lpUsedDefaultChar=0x0) returned 79 [0289.200] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0289.200] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg=") returned 172 [0289.200] GetCurrentThreadId () returned 0x1130 [0289.200] GetCurrentThreadId () returned 0x1130 [0289.200] GetCurrentThreadId () returned 0x1130 [0289.200] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0289.200] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0289.200] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0289.200] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0289.200] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0289.200] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0289.200] SetLastError (dwErrCode=0x0) [0289.200] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320") returned 0x6f [0289.200] GetLastError () returned 0x0 [0289.200] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0289.200] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0289.200] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0289.200] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0289.200] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp")) returned 0x10 [0289.201] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].wannacash ncov v310320")) returned 0x20 [0289.201] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1158].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0289.201] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0289.201] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0289.201] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x348f [0289.201] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0289.201] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0289.201] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.201] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.201] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0289.201] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.202] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.202] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0289.202] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0289.202] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3") returned 197 [0289.202] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0289.202] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3") returned 197 [0289.202] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x348f [0289.202] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.202] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.202] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:DueO7jdrIefl+vLrQ7E5su4rvSOr6fmNgQ7BCCA/kDKhSGO2OhS8huoCEA8+0nYYxcWMNngPf7rp3LQ9hF0Hxxdhe7ef+Hb1RzCv2dloapq5/2akLV8An7t8Eh9fM/SeqYmrFfu4y5NqG3dWxXD1bPDriI9r05YHXjNpeiH4uDg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0289.202] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0289.202] CloseHandle (hObject=0x404) returned 1 [0289.202] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=8) returned 1 [0289.202] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=4) returned 1 [0289.202] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=8) returned 1 [0289.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=4) returned 1 [0289.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=8) returned 1 [0289.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=4) returned 1 [0289.203] SetLastError (dwErrCode=0x0) [0289.203] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", lpFilePart=0x19fa34*="BMft2NilLyXx5L6xl-y.flv") returned 0x3a [0289.203] GetLastError () returned 0x0 [0289.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=8) returned 1 [0289.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=4) returned 1 [0289.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=8) returned 1 [0289.203] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv", cchCount2=4) returned 1 [0289.203] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp")) returned 0x10 [0289.203] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\bmft2nillyxx5l6xl-y.flv")) returned 0 [0289.203] GetLastError () returned 0x2 [0289.203] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BMft2NilLyXx5L6xl-y.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\bmft2nillyxx5l6xl-y.flv")) returned 0xffffffff [0289.203] SetLastError (dwErrCode=0x2) [0289.203] GetLastError () returned 0x2 [0289.203] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0289.203] LocalFree (hMem=0x92fe20) returned 0x0 [0289.203] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0289.204] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0289.204] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\bsteqqpbbrddnc0s.jpg")) returned 0x20 [0289.204] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38411026512) returned 1 [0289.204] GetCurrentThreadId () returned 0x1130 [0289.204] GetCurrentThreadId () returned 0x1130 [0289.204] GetCurrentThreadId () returned 0x1130 [0289.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YmwH%pW%),-br.YFnf\"nt;3+w3okFgeCx/y-&9№)G", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0289.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YmwH%pW%),-br.YFnf\"nt;3+w3okFgeCx/y-&9№)G", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0289.204] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="YmwH%pW%),-br.YFnf\"nt;3+w3okFgeCx/y-&9№)G", cchWideChar=41, lpMultiByteStr=0x2525040, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="YmwH%pW%),-br.YFnf\"nt;3+w3okFgeCx/y-&9â\x84\x96)G", lpUsedDefaultChar=0x0) returned 43 [0289.204] GetCurrentThreadId () returned 0x1130 [0289.204] GetCurrentThreadId () returned 0x1130 [0289.204] GetCurrentThreadId () returned 0x1130 [0289.205] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\bsteqqpbbrddnc0s.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0289.205] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0289.207] GetCurrentThreadId () returned 0x1130 [0289.207] GetCurrentThreadId () returned 0x1130 [0289.207] GetCurrentThreadId () returned 0x1130 [0289.207] GetCurrentThreadId () returned 0x1130 [0289.207] GetCurrentThreadId () returned 0x1130 [0289.207] GetCurrentThreadId () returned 0x1130 [0289.207] GetCurrentThreadId () returned 0x1130 [0289.207] GetCurrentThreadId () returned 0x1130 [0289.207] GetCurrentThreadId () returned 0x1130 [0289.207] GetCurrentThreadId () returned 0x1130 [0289.208] GetCurrentThreadId () returned 0x1130 [0289.208] GetCurrentThreadId () returned 0x1130 [0289.208] GetCurrentThreadId () returned 0x1130 [0289.208] malloc (_Size=0x64) returned 0x1d1338 [0289.208] GetCurrentThreadId () returned 0x1130 [0289.208] GetCurrentThreadId () returned 0x1130 [0289.208] GetCurrentThreadId () returned 0x1130 [0289.208] GetCurrentThreadId () returned 0x1130 [0289.208] GetCurrentThreadId () returned 0x1130 [0289.208] GetCurrentThreadId () returned 0x1130 [0289.208] free (_Block=0x1d1338) [0289.208] malloc (_Size=0x60) returned 0x1d1338 [0289.208] free (_Block=0x1d1338) [0289.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0289.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x119ed [0289.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0289.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0289.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x119ed [0289.209] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0289.209] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x119ed, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x119ed, lpOverlapped=0x0) returned 1 [0289.210] malloc (_Size=0x8c) returned 0x1d1338 [0289.210] malloc (_Size=0xfc) returned 0x31d77e0 [0289.211] malloc (_Size=0x40) returned 0x1d14e8 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] malloc (_Size=0xa5c) returned 0x31e40b0 [0289.211] malloc (_Size=0x40) returned 0x1d7470 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] GetCurrentThreadId () returned 0x1130 [0289.211] malloc (_Size=0xc) returned 0x31e1dc0 [0289.211] malloc (_Size=0x720) returned 0x31d2860 [0289.211] malloc (_Size=0xe3c) returned 0x1d9aa8 [0289.212] free (_Block=0x31d2860) [0289.212] malloc (_Size=0x15ac) returned 0x1da8f0 [0289.212] free (_Block=0x1d9aa8) [0289.212] malloc (_Size=0x23e4) returned 0x1dbea8 [0289.212] free (_Block=0x1da8f0) [0289.212] malloc (_Size=0x3274) returned 0x3a60048 [0289.213] free (_Block=0x1dbea8) [0289.213] malloc (_Size=0x4820) returned 0x1d9aa8 [0289.213] free (_Block=0x3a60048) [0289.213] malloc (_Size=0x64e4) returned 0x3a60048 [0289.213] free (_Block=0x1d9aa8) [0289.213] malloc (_Size=0x8920) returned 0x3a66538 [0289.214] free (_Block=0x3a60048) [0289.214] malloc (_Size=0xbb90) returned 0x3a6ee60 [0289.214] free (_Block=0x3a66538) [0289.214] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0289.215] free (_Block=0x3a6ee60) [0289.215] malloc (_Size=0x1533c) returned 0x3a60048 [0289.215] free (_Block=0x3a7a9f8) [0289.215] malloc (_Size=0x1c704) returned 0x3a75390 [0289.215] free (_Block=0x3a60048) [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] free (_Block=0x31e40b0) [0289.216] free (_Block=0x1d14e8) [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.216] GetCurrentThreadId () returned 0x1130 [0289.217] GetCurrentThreadId () returned 0x1130 [0289.217] GetCurrentThreadId () returned 0x1130 [0289.217] GetCurrentThreadId () returned 0x1130 [0289.217] free (_Block=0x3a75390) [0289.217] free (_Block=0x31e1dc0) [0289.217] free (_Block=0x1d7470) [0289.217] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d9c08*, nNumberOfBytesToWrite=0x17de0, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d9c08*, lpNumberOfBytesWritten=0x19fbbc*=0x17de0, lpOverlapped=0x0) returned 1 [0289.220] free (_Block=0x31d77e0) [0289.220] free (_Block=0x1d1338) [0289.220] CloseHandle (hObject=0x2b4) returned 1 [0289.220] CloseHandle (hObject=0x404) returned 1 [0289.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=8) returned 1 [0289.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=4) returned 1 [0289.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=8) returned 1 [0289.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=4) returned 1 [0289.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=8) returned 1 [0289.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=4) returned 1 [0289.221] SetLastError (dwErrCode=0x0) [0289.221] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", lpFilePart=0x19f9f8*="BsteqQpBbrdDNc0s.jpg") returned 0x37 [0289.221] GetLastError () returned 0x0 [0289.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=8) returned 1 [0289.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=4) returned 1 [0289.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=8) returned 1 [0289.221] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=4) returned 1 [0289.221] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp")) returned 0x10 [0289.221] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\bsteqqpbbrddnc0s.jpg")) returned 1 [0289.224] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x5, wMilliseconds=0xc2)) [0289.224] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0289.225] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0289.225] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0289.225] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0289.225] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0289.225] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0289.225] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0289.225] CloseHandle (hObject=0x404) returned 1 [0289.225] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[BsteqQpBbrdDNc0s.jpg]omgp:[YmwH%pW%),-br.YFnf\"nt;3+w3okFgeCx/y-&9№)G]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0289.225] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[BsteqQpBbrdDNc0s.jpg]omgp:[YmwH%pW%),-br.YFnf\"nt;3+w3okFgeCx/y-&9№)G]", cchWideChar=75, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0289.225] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[BsteqQpBbrdDNc0s.jpg]omgp:[YmwH%pW%),-br.YFnf\"nt;3+w3okFgeCx/y-&9№)G]", cchWideChar=75, lpMultiByteStr=0x252c708, cbMultiByte=75, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[BsteqQpBbrdDNc0s.jpg]omgp:[YmwH%pW%),-br.YFnf\"nt;3+w3okFgeCx/y-&9?)G]", lpUsedDefaultChar=0x0) returned 75 [0289.233] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0289.233] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0=") returned 172 [0289.233] GetCurrentThreadId () returned 0x1130 [0289.233] GetCurrentThreadId () returned 0x1130 [0289.233] GetCurrentThreadId () returned 0x1130 [0289.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0289.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0289.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0289.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0289.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0289.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0289.233] SetLastError (dwErrCode=0x0) [0289.233] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320") returned 0x6f [0289.233] GetLastError () returned 0x0 [0289.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0289.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0289.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0289.233] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0289.233] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp")) returned 0x10 [0289.233] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].wannacash ncov v310320")) returned 0x20 [0289.233] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1159].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0289.234] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0289.234] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0289.234] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x17de0 [0289.234] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0289.234] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0289.234] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.234] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.234] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0289.234] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.234] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.234] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0289.234] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0289.234] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3") returned 197 [0289.234] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0289.234] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3") returned 197 [0289.234] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x17de0 [0289.234] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.234] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0289.234] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:AZNzf0k+hYr77xfJX9dj3kKAa864r6sOjQ/p3nIaQR+/dU5z2un+G5VJk/Vm5bdvLr/haPGaqYAEfoyvv5tqoO5+ExSdKWreajYQfCV9dZUxLMej4VHN6DNBfsmksTlNFjYqYM69OyUTyoG1z0l32v33fE54GbC5xzciwORIuA0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0289.234] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0289.234] CloseHandle (hObject=0x404) returned 1 [0289.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=8) returned 1 [0289.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=4) returned 1 [0289.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=8) returned 1 [0289.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=4) returned 1 [0289.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=8) returned 1 [0289.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=4) returned 1 [0289.235] SetLastError (dwErrCode=0x0) [0289.235] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", lpFilePart=0x19fa34*="BsteqQpBbrdDNc0s.jpg") returned 0x37 [0289.235] GetLastError () returned 0x0 [0289.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=8) returned 1 [0289.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=4) returned 1 [0289.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=8) returned 1 [0289.235] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg", cchCount2=4) returned 1 [0289.235] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp")) returned 0x10 [0289.235] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\bsteqqpbbrddnc0s.jpg")) returned 0 [0289.235] GetLastError () returned 0x2 [0289.235] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\BsteqQpBbrdDNc0s.jpg" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\bsteqqpbbrddnc0s.jpg")) returned 0xffffffff [0289.235] SetLastError (dwErrCode=0x2) [0289.235] GetLastError () returned 0x2 [0289.235] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0289.235] LocalFree (hMem=0x92fe20) returned 0x0 [0289.235] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0289.236] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0289.236] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\C_qlngNZSQ4.mp4" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\c_qlngnzsq4.mp4")) returned 0x20 [0289.236] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38414209238) returned 1 [0289.236] GetCurrentThreadId () returned 0x1130 [0289.236] GetCurrentThreadId () returned 0x1130 [0289.236] GetCurrentThreadId () returned 0x1130 [0289.236] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="r54z)X!~i$y.1#z_)\\QqO*NVCpdPufB>6zo3Q+_=ab;?A", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0290.600] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="u-9xP2h3@\">QqO*NVCpdPufB>6zo3Q+_=ab;?A", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0290.600] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="u-9xP2h3@\">QqO*NVCpdPufB>6zo3Q+_=ab;?A", cchWideChar=38, lpMultiByteStr=0x2524fd0, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="u-9xP2h3@\">QqO*NVCpdPufB>6zo3Q+_=ab;?A", lpUsedDefaultChar=0x0) returned 38 [0290.600] GetCurrentThreadId () returned 0x1130 [0290.600] GetCurrentThreadId () returned 0x1130 [0290.600] GetCurrentThreadId () returned 0x1130 [0290.600] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\fcgwybsfl.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.600] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0290.601] GetCurrentThreadId () returned 0x1130 [0290.601] GetCurrentThreadId () returned 0x1130 [0290.601] GetCurrentThreadId () returned 0x1130 [0290.601] GetCurrentThreadId () returned 0x1130 [0290.601] GetCurrentThreadId () returned 0x1130 [0290.601] GetCurrentThreadId () returned 0x1130 [0290.601] GetCurrentThreadId () returned 0x1130 [0290.601] GetCurrentThreadId () returned 0x1130 [0290.601] GetCurrentThreadId () returned 0x1130 [0290.602] GetCurrentThreadId () returned 0x1130 [0290.602] GetCurrentThreadId () returned 0x1130 [0290.602] GetCurrentThreadId () returned 0x1130 [0290.602] GetCurrentThreadId () returned 0x1130 [0290.602] malloc (_Size=0x64) returned 0x1d1338 [0290.602] GetCurrentThreadId () returned 0x1130 [0290.602] GetCurrentThreadId () returned 0x1130 [0290.602] GetCurrentThreadId () returned 0x1130 [0290.602] GetCurrentThreadId () returned 0x1130 [0290.602] GetCurrentThreadId () returned 0x1130 [0290.602] GetCurrentThreadId () returned 0x1130 [0290.602] free (_Block=0x1d1338) [0290.602] malloc (_Size=0x60) returned 0x1d1338 [0290.602] free (_Block=0x1d1338) [0290.602] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.602] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10fa7 [0290.603] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.603] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.603] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x10fa7 [0290.603] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.603] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x10fa7, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x10fa7, lpOverlapped=0x0) returned 1 [0290.604] malloc (_Size=0x8c) returned 0x1d1338 [0290.605] malloc (_Size=0xfc) returned 0x31d78e8 [0290.605] malloc (_Size=0x40) returned 0x1d14e8 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] malloc (_Size=0xa5c) returned 0x31e40b0 [0290.605] malloc (_Size=0x40) returned 0x1d7470 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.605] GetCurrentThreadId () returned 0x1130 [0290.606] GetCurrentThreadId () returned 0x1130 [0290.606] GetCurrentThreadId () returned 0x1130 [0290.606] GetCurrentThreadId () returned 0x1130 [0290.606] GetCurrentThreadId () returned 0x1130 [0290.606] GetCurrentThreadId () returned 0x1130 [0290.606] GetCurrentThreadId () returned 0x1130 [0290.606] GetCurrentThreadId () returned 0x1130 [0290.606] malloc (_Size=0xc) returned 0x31e1dc0 [0290.606] malloc (_Size=0x720) returned 0x31d2860 [0290.606] malloc (_Size=0xe3c) returned 0x1d9aa8 [0290.606] free (_Block=0x31d2860) [0290.606] malloc (_Size=0x15ac) returned 0x1da8f0 [0290.606] free (_Block=0x1d9aa8) [0290.606] malloc (_Size=0x23e4) returned 0x1dbea8 [0290.606] free (_Block=0x1da8f0) [0290.606] malloc (_Size=0x3274) returned 0x3a60048 [0290.607] free (_Block=0x1dbea8) [0290.607] malloc (_Size=0x4820) returned 0x1d9aa8 [0290.607] free (_Block=0x3a60048) [0290.607] malloc (_Size=0x64e4) returned 0x3a60048 [0290.607] free (_Block=0x1d9aa8) [0290.607] malloc (_Size=0x8920) returned 0x3a66538 [0290.607] free (_Block=0x3a60048) [0290.607] malloc (_Size=0xbb90) returned 0x3a6ee60 [0290.607] free (_Block=0x3a66538) [0290.607] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0290.607] free (_Block=0x3a6ee60) [0290.607] malloc (_Size=0x1533c) returned 0x3a60048 [0290.607] free (_Block=0x3a7a9f8) [0290.608] malloc (_Size=0x1c704) returned 0x3a75390 [0290.608] free (_Block=0x3a60048) [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] GetCurrentThreadId () returned 0x1130 [0290.608] free (_Block=0x31e40b0) [0290.608] free (_Block=0x1d14e8) [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] GetCurrentThreadId () returned 0x1130 [0290.609] free (_Block=0x3a75390) [0290.609] free (_Block=0x31e1dc0) [0290.609] free (_Block=0x1d7470) [0290.609] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d8808*, nNumberOfBytesToWrite=0x17002, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d8808*, lpNumberOfBytesWritten=0x19fbbc*=0x17002, lpOverlapped=0x0) returned 1 [0290.612] free (_Block=0x31d78e8) [0290.613] free (_Block=0x1d1338) [0290.613] CloseHandle (hObject=0x2b4) returned 1 [0290.613] CloseHandle (hObject=0x404) returned 1 [0290.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=8) returned 1 [0290.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=4) returned 1 [0290.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=8) returned 1 [0290.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=4) returned 1 [0290.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=8) returned 1 [0290.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=4) returned 1 [0290.613] SetLastError (dwErrCode=0x0) [0290.613] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", lpFilePart=0x19f9f8*="FcgWybsFl.gif") returned 0x2d [0290.613] GetLastError () returned 0x0 [0290.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=8) returned 1 [0290.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=4) returned 1 [0290.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=8) returned 1 [0290.613] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=4) returned 1 [0290.614] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.617] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\fcgwybsfl.gif")) returned 1 [0290.621] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x6, wMilliseconds=0x249)) [0290.621] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0290.621] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.621] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0290.621] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0290.621] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0290.622] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0290.622] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0290.622] CloseHandle (hObject=0x404) returned 1 [0290.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[FcgWybsFl.gif]omgp:[u-9xP2h3@\">QqO*NVCpdPufB>6zo3Q+_=ab;?A]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0290.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[FcgWybsFl.gif]omgp:[u-9xP2h3@\">QqO*NVCpdPufB>6zo3Q+_=ab;?A]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0290.622] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[FcgWybsFl.gif]omgp:[u-9xP2h3@\">QqO*NVCpdPufB>6zo3Q+_=ab;?A]", cchWideChar=65, lpMultiByteStr=0x2541d28, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[FcgWybsFl.gif]omgp:[u-9xP2h3@\">QqO*NVCpdPufB>6zo3Q+_=ab;?A]", lpUsedDefaultChar=0x0) returned 65 [0290.631] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0290.631] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I=") returned 172 [0290.631] GetCurrentThreadId () returned 0x1130 [0290.631] GetCurrentThreadId () returned 0x1130 [0290.631] GetCurrentThreadId () returned 0x1130 [0290.631] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.631] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.631] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.631] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.631] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.631] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.631] SetLastError (dwErrCode=0x0) [0290.631] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320") returned 0x6c [0290.631] GetLastError () returned 0x0 [0290.631] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.632] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.632] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.632] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.632] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.632] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].wannacash ncov v310320")) returned 0x20 [0290.632] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1191].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.632] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0290.632] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0290.632] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x17002 [0290.632] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0290.632] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0290.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.633] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.633] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.633] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.633] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0290.633] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3") returned 197 [0290.633] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0290.633] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3") returned 197 [0290.633] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x17002 [0290.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.633] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:+trp1f69x7HJ/VuF+pJXCyfaSA0d2cP0btNDbrNPV1YNFejrJMWBbpOj/l3q9D7VSvSHH8/OwpGKzqfUGTXsDHxOijW4EMt9GkMrfMIl+op2m2JNEGsIEXEKkhY53LzQmUxp8xvfa8zKL379Xp7tSBKlCsRX7Mdj081SFSc5E2I= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.633] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0290.633] CloseHandle (hObject=0x404) returned 1 [0290.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=8) returned 1 [0290.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=4) returned 1 [0290.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=8) returned 1 [0290.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=4) returned 1 [0290.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=8) returned 1 [0290.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=4) returned 1 [0290.634] SetLastError (dwErrCode=0x0) [0290.634] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", lpFilePart=0x19fa34*="FcgWybsFl.gif") returned 0x2d [0290.634] GetLastError () returned 0x0 [0290.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=8) returned 1 [0290.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=4) returned 1 [0290.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=8) returned 1 [0290.634] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif", cchCount2=4) returned 1 [0290.634] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.634] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\fcgwybsfl.gif")) returned 0 [0290.634] GetLastError () returned 0x2 [0290.634] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\FcgWybsFl.gif" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\fcgwybsfl.gif")) returned 0xffffffff [0290.634] SetLastError (dwErrCode=0x2) [0290.634] GetLastError () returned 0x2 [0290.634] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0290.634] LocalFree (hMem=0x92fe20) returned 0x0 [0290.635] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0290.635] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0290.635] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\gofu8 yfk9ulqajlmxx0.png")) returned 0x20 [0290.635] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38554116047) returned 1 [0290.635] GetCurrentThreadId () returned 0x1130 [0290.635] GetCurrentThreadId () returned 0x1130 [0290.635] GetCurrentThreadId () returned 0x1130 [0290.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="b^(+TUbAKH&n((GK1!ngMTW~9(c&3ZfTyG8ah/UGq+;OLG,", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0290.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="b^(+TUbAKH&n((GK1!ngMTW~9(c&3ZfTyG8ah/UGq+;OLG,", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0290.635] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="b^(+TUbAKH&n((GK1!ngMTW~9(c&3ZfTyG8ah/UGq+;OLG,", cchWideChar=47, lpMultiByteStr=0x2533798, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="b^(+TUbAKH&n((GK1!ngMTW~9(c&3ZfTyG8ah/UGq+;OLG,", lpUsedDefaultChar=0x0) returned 47 [0290.635] GetCurrentThreadId () returned 0x1130 [0290.635] GetCurrentThreadId () returned 0x1130 [0290.635] GetCurrentThreadId () returned 0x1130 [0290.635] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\gofu8 yfk9ulqajlmxx0.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.635] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] GetCurrentThreadId () returned 0x1130 [0290.636] malloc (_Size=0x64) returned 0x1d1338 [0290.637] GetCurrentThreadId () returned 0x1130 [0290.637] GetCurrentThreadId () returned 0x1130 [0290.637] GetCurrentThreadId () returned 0x1130 [0290.637] GetCurrentThreadId () returned 0x1130 [0290.637] GetCurrentThreadId () returned 0x1130 [0290.637] GetCurrentThreadId () returned 0x1130 [0290.637] free (_Block=0x1d1338) [0290.637] malloc (_Size=0x60) returned 0x1d1338 [0290.637] free (_Block=0x1d1338) [0290.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3630 [0290.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3630 [0290.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.637] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x3630, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x3630, lpOverlapped=0x0) returned 1 [0290.638] malloc (_Size=0x8c) returned 0x1d1338 [0290.638] malloc (_Size=0xfc) returned 0x31d79f0 [0290.638] malloc (_Size=0x40) returned 0x1d14e8 [0290.638] GetCurrentThreadId () returned 0x1130 [0290.638] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] malloc (_Size=0xa5c) returned 0x31e40b0 [0290.639] malloc (_Size=0x40) returned 0x1d7470 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] GetCurrentThreadId () returned 0x1130 [0290.639] malloc (_Size=0xc) returned 0x31e1d18 [0290.639] malloc (_Size=0x720) returned 0x31d2860 [0290.639] malloc (_Size=0xe3c) returned 0x1d9aa8 [0290.639] free (_Block=0x31d2860) [0290.639] malloc (_Size=0x15ac) returned 0x1da8f0 [0290.639] free (_Block=0x1d9aa8) [0290.640] malloc (_Size=0x23e4) returned 0x1dbea8 [0290.640] free (_Block=0x1da8f0) [0290.640] malloc (_Size=0x3274) returned 0x3a60048 [0290.640] free (_Block=0x1dbea8) [0290.640] malloc (_Size=0x4820) returned 0x1d9aa8 [0290.640] free (_Block=0x3a60048) [0290.640] malloc (_Size=0x61d8) returned 0x3a60048 [0290.640] free (_Block=0x1d9aa8) [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] GetCurrentThreadId () returned 0x1130 [0290.640] free (_Block=0x31e40b0) [0290.640] free (_Block=0x1d14e8) [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] GetCurrentThreadId () returned 0x1130 [0290.641] free (_Block=0x3a60048) [0290.641] free (_Block=0x31e1d18) [0290.641] free (_Block=0x1d7470) [0290.641] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bd608*, nNumberOfBytesToWrite=0x498e, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bd608*, lpNumberOfBytesWritten=0x19fbbc*=0x498e, lpOverlapped=0x0) returned 1 [0290.643] free (_Block=0x31d79f0) [0290.643] free (_Block=0x1d1338) [0290.643] CloseHandle (hObject=0x2b4) returned 1 [0290.643] CloseHandle (hObject=0x404) returned 1 [0290.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=8) returned 1 [0290.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=4) returned 1 [0290.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=8) returned 1 [0290.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=4) returned 1 [0290.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=8) returned 1 [0290.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=4) returned 1 [0290.643] SetLastError (dwErrCode=0x0) [0290.643] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", lpFilePart=0x19f9f8*="gOfU8 yfK9ULqaJLMXx0.png") returned 0x38 [0290.643] GetLastError () returned 0x0 [0290.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=8) returned 1 [0290.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=4) returned 1 [0290.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=8) returned 1 [0290.643] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=4) returned 1 [0290.643] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.643] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\gofu8 yfk9ulqajlmxx0.png")) returned 1 [0290.646] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x6, wMilliseconds=0x268)) [0290.646] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0290.646] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.647] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0290.647] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0290.647] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0290.647] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0290.647] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0290.647] CloseHandle (hObject=0x404) returned 1 [0290.647] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[gOfU8 yfK9ULqaJLMXx0.png]omgp:[b^(+TUbAKH&n((GK1!ngMTW~9(c&3ZfTyG8ah/UGq+;OLG,]", cchWideChar=85, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 85 [0290.647] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[gOfU8 yfK9ULqaJLMXx0.png]omgp:[b^(+TUbAKH&n((GK1!ngMTW~9(c&3ZfTyG8ah/UGq+;OLG,]", cchWideChar=85, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 85 [0290.647] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[gOfU8 yfK9ULqaJLMXx0.png]omgp:[b^(+TUbAKH&n((GK1!ngMTW~9(c&3ZfTyG8ah/UGq+;OLG,]", cchWideChar=85, lpMultiByteStr=0x253b0b0, cbMultiByte=85, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[gOfU8 yfK9ULqaJLMXx0.png]omgp:[b^(+TUbAKH&n((GK1!ngMTW~9(c&3ZfTyG8ah/UGq+;OLG,]", lpUsedDefaultChar=0x0) returned 85 [0290.653] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0290.653] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g=") returned 172 [0290.653] GetCurrentThreadId () returned 0x1130 [0290.653] GetCurrentThreadId () returned 0x1130 [0290.653] GetCurrentThreadId () returned 0x1130 [0290.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.654] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.654] SetLastError (dwErrCode=0x0) [0290.654] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320") returned 0x6c [0290.654] GetLastError () returned 0x0 [0290.654] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.654] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.654] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.654] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.654] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.654] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].wannacash ncov v310320")) returned 0x20 [0290.654] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1192].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.654] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0290.654] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0290.654] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x498e [0290.654] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0290.654] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0290.655] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.655] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.655] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.655] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.655] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.655] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.655] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0290.655] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3") returned 197 [0290.655] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0290.655] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3") returned 197 [0290.655] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x498e [0290.655] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.655] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.655] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:YpzKzMucvo8ldUkh2F1k4A7LvslFUgKAZJ9oQvF+Sl7prdDkAHGuWqwukCCGziDHP1253nWoy/PwpGhhNagjaXq7wD3F5fVYyUDV9ION2q+pfSJImovFHTM4JNCj8C+NDOsjqpGR2kKTIJQmRchkvmSoEO8MjBfMEV7ryRo1t3g= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.655] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0290.655] CloseHandle (hObject=0x404) returned 1 [0290.655] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=8) returned 1 [0290.655] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=4) returned 1 [0290.655] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=8) returned 1 [0290.655] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=4) returned 1 [0290.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=8) returned 1 [0290.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=4) returned 1 [0290.656] SetLastError (dwErrCode=0x0) [0290.656] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", lpFilePart=0x19fa34*="gOfU8 yfK9ULqaJLMXx0.png") returned 0x38 [0290.656] GetLastError () returned 0x0 [0290.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=8) returned 1 [0290.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=4) returned 1 [0290.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=8) returned 1 [0290.656] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png", cchCount2=4) returned 1 [0290.656] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.656] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\gofu8 yfk9ulqajlmxx0.png")) returned 0 [0290.656] GetLastError () returned 0x2 [0290.656] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\gOfU8 yfK9ULqaJLMXx0.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\gofu8 yfk9ulqajlmxx0.png")) returned 0xffffffff [0290.656] SetLastError (dwErrCode=0x2) [0290.656] GetLastError () returned 0x2 [0290.656] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0290.656] LocalFree (hMem=0x92fe20) returned 0x0 [0290.656] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0290.656] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0290.657] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\j6-_ frd1eh8o4 srzn.mp4")) returned 0x20 [0290.657] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38556290038) returned 1 [0290.657] GetCurrentThreadId () returned 0x1130 [0290.657] GetCurrentThreadId () returned 0x1130 [0290.657] GetCurrentThreadId () returned 0x1130 [0290.657] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="t1p^Y^LAEr@ke6s-CR+gD4}LoVf.M`\\R~-PbS!eLlzI#W№<4", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0290.657] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="t1p^Y^LAEr@ke6s-CR+gD4}LoVf.M`\\R~-PbS!eLlzI#W№<4", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0290.657] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="t1p^Y^LAEr@ke6s-CR+gD4}LoVf.M`\\R~-PbS!eLlzI#W№<4", cchWideChar=48, lpMultiByteStr=0x2533798, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="t1p^Y^LAEr@ke6s-CR+gD4}LoVf.M`\\R~-PbS!eLlzI#Wâ\x84\x96<4", lpUsedDefaultChar=0x0) returned 50 [0290.657] GetCurrentThreadId () returned 0x1130 [0290.657] GetCurrentThreadId () returned 0x1130 [0290.657] GetCurrentThreadId () returned 0x1130 [0290.657] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\j6-_ frd1eh8o4 srzn.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.657] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] malloc (_Size=0x64) returned 0x1d1338 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.659] GetCurrentThreadId () returned 0x1130 [0290.660] GetCurrentThreadId () returned 0x1130 [0290.660] GetCurrentThreadId () returned 0x1130 [0290.660] GetCurrentThreadId () returned 0x1130 [0290.660] free (_Block=0x1d1338) [0290.660] malloc (_Size=0x60) returned 0x1d1338 [0290.660] free (_Block=0x1d1338) [0290.660] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.660] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x17030 [0290.660] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.660] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.660] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x17030 [0290.660] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.660] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x17030, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x17030, lpOverlapped=0x0) returned 1 [0290.662] malloc (_Size=0x8c) returned 0x1d1338 [0290.663] malloc (_Size=0xfc) returned 0x31d75d0 [0290.663] malloc (_Size=0x40) returned 0x1d14e8 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] malloc (_Size=0xa5c) returned 0x31e40b0 [0290.663] malloc (_Size=0x40) returned 0x1d7470 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.663] GetCurrentThreadId () returned 0x1130 [0290.664] GetCurrentThreadId () returned 0x1130 [0290.664] malloc (_Size=0xc) returned 0x31e1ca0 [0290.664] malloc (_Size=0x720) returned 0x31d2860 [0290.664] malloc (_Size=0xe3c) returned 0x1d9aa8 [0290.664] free (_Block=0x31d2860) [0290.664] malloc (_Size=0x15ac) returned 0x1da8f0 [0290.664] free (_Block=0x1d9aa8) [0290.664] malloc (_Size=0x23e4) returned 0x1dbea8 [0290.664] free (_Block=0x1da8f0) [0290.664] malloc (_Size=0x3274) returned 0x3a60048 [0290.664] free (_Block=0x1dbea8) [0290.664] malloc (_Size=0x4820) returned 0x1d9aa8 [0290.664] free (_Block=0x3a60048) [0290.664] malloc (_Size=0x64e4) returned 0x3a60048 [0290.664] free (_Block=0x1d9aa8) [0290.664] malloc (_Size=0x8920) returned 0x3a66538 [0290.664] free (_Block=0x3a60048) [0290.665] malloc (_Size=0xbb90) returned 0x3a6ee60 [0290.665] free (_Block=0x3a66538) [0290.665] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0290.665] free (_Block=0x3a6ee60) [0290.665] malloc (_Size=0x1533c) returned 0x3a60048 [0290.665] free (_Block=0x3a7a9f8) [0290.665] malloc (_Size=0x1c704) returned 0x3a75390 [0290.665] free (_Block=0x3a60048) [0290.665] malloc (_Size=0x265c8) returned 0x3a91aa0 [0290.666] free (_Block=0x3a75390) [0290.666] GetCurrentThreadId () returned 0x1130 [0290.666] GetCurrentThreadId () returned 0x1130 [0290.666] GetCurrentThreadId () returned 0x1130 [0290.666] GetCurrentThreadId () returned 0x1130 [0290.666] GetCurrentThreadId () returned 0x1130 [0290.666] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] free (_Block=0x31e40b0) [0290.667] free (_Block=0x1d14e8) [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.667] GetCurrentThreadId () returned 0x1130 [0290.668] free (_Block=0x3a91aa0) [0290.668] free (_Block=0x31e1ca0) [0290.668] free (_Block=0x1d7470) [0290.668] WriteFile (in: hFile=0x2b4, lpBuffer=0x39e4a08*, nNumberOfBytesToWrite=0x1f2c5, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39e4a08*, lpNumberOfBytesWritten=0x19fbbc*=0x1f2c5, lpOverlapped=0x0) returned 1 [0290.671] free (_Block=0x31d75d0) [0290.671] free (_Block=0x1d1338) [0290.671] CloseHandle (hObject=0x2b4) returned 1 [0290.671] CloseHandle (hObject=0x404) returned 1 [0290.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=8) returned 1 [0290.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=4) returned 1 [0290.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=8) returned 1 [0290.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=4) returned 1 [0290.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=8) returned 1 [0290.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=4) returned 1 [0290.671] SetLastError (dwErrCode=0x0) [0290.671] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", lpFilePart=0x19f9f8*="j6-_ frd1eh8o4 sRZN.mp4") returned 0x37 [0290.671] GetLastError () returned 0x0 [0290.671] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=8) returned 1 [0290.672] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=4) returned 1 [0290.672] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=8) returned 1 [0290.672] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=4) returned 1 [0290.672] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.675] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\j6-_ frd1eh8o4 srzn.mp4")) returned 1 [0290.677] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x6, wMilliseconds=0x287)) [0290.677] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0290.677] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0290.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0290.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0290.678] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0290.678] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0290.678] CloseHandle (hObject=0x404) returned 1 [0290.678] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[j6-_ frd1eh8o4 sRZN.mp4]omgp:[t1p^Y^LAEr@ke6s-CR+gD4}LoVf.M`\\R~-PbS!eLlzI#W№<4]", cchWideChar=85, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 85 [0290.678] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[j6-_ frd1eh8o4 sRZN.mp4]omgp:[t1p^Y^LAEr@ke6s-CR+gD4}LoVf.M`\\R~-PbS!eLlzI#W№<4]", cchWideChar=85, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 85 [0290.678] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[j6-_ frd1eh8o4 sRZN.mp4]omgp:[t1p^Y^LAEr@ke6s-CR+gD4}LoVf.M`\\R~-PbS!eLlzI#W№<4]", cchWideChar=85, lpMultiByteStr=0x253b0b0, cbMultiByte=85, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[j6-_ frd1eh8o4 sRZN.mp4]omgp:[t1p^Y^LAEr@ke6s-CR+gD4}LoVf.M`\\R~-PbS!eLlzI#W?<4]", lpUsedDefaultChar=0x0) returned 85 [0290.684] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0290.684] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg=") returned 172 [0290.684] GetCurrentThreadId () returned 0x1130 [0290.684] GetCurrentThreadId () returned 0x1130 [0290.684] GetCurrentThreadId () returned 0x1130 [0290.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.684] SetLastError (dwErrCode=0x0) [0290.684] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320") returned 0x6c [0290.684] GetLastError () returned 0x0 [0290.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.684] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.684] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.684] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].wannacash ncov v310320")) returned 0x20 [0290.684] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1193].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.685] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0290.685] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0290.685] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1f2c5 [0290.685] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0290.685] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0290.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.685] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0290.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3") returned 197 [0290.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0290.685] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3") returned 197 [0290.685] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1f2c5 [0290.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.685] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:b7qpJh4qUsBUa0+M014tpDfgPMCnQ8t1y6IbrHv1Rucc2e3psZe5TbRvegi/5YHteTtfVRCK0xyCFwhFZhKcj0P/z1b35TEvAjfNcYkgon0IhylltYQTzjVvo5+n5XRjwhXH1OPAGru1e+Pe71v/ctIN/pc8BT08EIz0Q9p/Mgg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.685] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0290.685] CloseHandle (hObject=0x404) returned 1 [0290.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=8) returned 1 [0290.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=4) returned 1 [0290.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=8) returned 1 [0290.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=4) returned 1 [0290.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=8) returned 1 [0290.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=4) returned 1 [0290.686] SetLastError (dwErrCode=0x0) [0290.686] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", lpFilePart=0x19fa34*="j6-_ frd1eh8o4 sRZN.mp4") returned 0x37 [0290.686] GetLastError () returned 0x0 [0290.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=8) returned 1 [0290.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=4) returned 1 [0290.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=8) returned 1 [0290.686] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4", cchCount2=4) returned 1 [0290.686] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.686] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\j6-_ frd1eh8o4 srzn.mp4")) returned 0 [0290.686] GetLastError () returned 0x2 [0290.686] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\j6-_ frd1eh8o4 sRZN.mp4" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\j6-_ frd1eh8o4 srzn.mp4")) returned 0xffffffff [0290.686] SetLastError (dwErrCode=0x2) [0290.686] GetLastError () returned 0x2 [0290.686] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0290.686] LocalFree (hMem=0x92fe20) returned 0x0 [0290.686] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0290.688] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0290.688] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\jaawwqgch.pptx")) returned 0x20 [0290.688] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38559414328) returned 1 [0290.688] GetCurrentThreadId () returned 0x1130 [0290.688] GetCurrentThreadId () returned 0x1130 [0290.688] GetCurrentThreadId () returned 0x1130 [0290.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i=m7|;Gg>>Q/№cw@2(l/@uyFH@n)~Tm8H=IaTK", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0290.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i=m7|;Gg>>Q/№cw@2(l/@uyFH@n)~Tm8H=IaTK", cchWideChar=38, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0290.688] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="i=m7|;Gg>>Q/№cw@2(l/@uyFH@n)~Tm8H=IaTK", cchWideChar=38, lpMultiByteStr=0x2524fd0, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="i=m7|;Gg>>Q/â\x84\x96cw@2(l/@uyFH@n)~Tm8H=IaTK", lpUsedDefaultChar=0x0) returned 40 [0290.688] GetCurrentThreadId () returned 0x1130 [0290.688] GetCurrentThreadId () returned 0x1130 [0290.688] GetCurrentThreadId () returned 0x1130 [0290.688] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\jaawwqgch.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.688] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0290.689] GetCurrentThreadId () returned 0x1130 [0290.689] GetCurrentThreadId () returned 0x1130 [0290.689] GetCurrentThreadId () returned 0x1130 [0290.689] GetCurrentThreadId () returned 0x1130 [0290.689] GetCurrentThreadId () returned 0x1130 [0290.689] GetCurrentThreadId () returned 0x1130 [0290.689] GetCurrentThreadId () returned 0x1130 [0290.689] GetCurrentThreadId () returned 0x1130 [0290.689] GetCurrentThreadId () returned 0x1130 [0290.689] GetCurrentThreadId () returned 0x1130 [0290.690] GetCurrentThreadId () returned 0x1130 [0290.690] GetCurrentThreadId () returned 0x1130 [0290.690] GetCurrentThreadId () returned 0x1130 [0290.690] malloc (_Size=0x64) returned 0x1d1338 [0290.690] GetCurrentThreadId () returned 0x1130 [0290.690] GetCurrentThreadId () returned 0x1130 [0290.690] GetCurrentThreadId () returned 0x1130 [0290.690] GetCurrentThreadId () returned 0x1130 [0290.690] GetCurrentThreadId () returned 0x1130 [0290.690] GetCurrentThreadId () returned 0x1130 [0290.690] free (_Block=0x1d1338) [0290.690] malloc (_Size=0x60) returned 0x1d1338 [0290.690] free (_Block=0x1d1338) [0290.690] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.690] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc7e3 [0290.690] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.691] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.691] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xc7e3 [0290.691] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0290.691] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0xc7e3, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0xc7e3, lpOverlapped=0x0) returned 1 [0290.742] malloc (_Size=0x8c) returned 0x1d1338 [0290.742] malloc (_Size=0xfc) returned 0x31d79f0 [0290.742] malloc (_Size=0x40) returned 0x1d14e8 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.742] GetCurrentThreadId () returned 0x1130 [0290.743] malloc (_Size=0xa5c) returned 0x31e40b0 [0290.743] malloc (_Size=0x40) returned 0x1d7470 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] GetCurrentThreadId () returned 0x1130 [0290.743] malloc (_Size=0xc) returned 0x31e1e68 [0290.743] malloc (_Size=0x720) returned 0x31d2860 [0290.743] malloc (_Size=0xe3c) returned 0x1d9aa8 [0290.744] free (_Block=0x31d2860) [0290.744] malloc (_Size=0x15ac) returned 0x1da8f0 [0290.744] free (_Block=0x1d9aa8) [0290.744] malloc (_Size=0x23e4) returned 0x1dbea8 [0290.744] free (_Block=0x1da8f0) [0290.744] malloc (_Size=0x3274) returned 0x3a60048 [0290.745] free (_Block=0x1dbea8) [0290.745] malloc (_Size=0x4820) returned 0x1d9aa8 [0290.745] free (_Block=0x3a60048) [0290.745] malloc (_Size=0x64e4) returned 0x3a60048 [0290.745] free (_Block=0x1d9aa8) [0290.745] malloc (_Size=0x8920) returned 0x3a66538 [0290.745] free (_Block=0x3a60048) [0290.746] malloc (_Size=0xbb90) returned 0x3a6ee60 [0290.746] free (_Block=0x3a66538) [0290.746] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0290.747] free (_Block=0x3a6ee60) [0290.747] malloc (_Size=0x1533c) returned 0x3a60048 [0290.747] free (_Block=0x3a7a9f8) [0290.747] GetCurrentThreadId () returned 0x1130 [0290.747] GetCurrentThreadId () returned 0x1130 [0290.747] GetCurrentThreadId () returned 0x1130 [0290.747] GetCurrentThreadId () returned 0x1130 [0290.747] GetCurrentThreadId () returned 0x1130 [0290.747] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] free (_Block=0x31e40b0) [0290.748] free (_Block=0x1d14e8) [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.748] GetCurrentThreadId () returned 0x1130 [0290.749] GetCurrentThreadId () returned 0x1130 [0290.749] GetCurrentThreadId () returned 0x1130 [0290.749] GetCurrentThreadId () returned 0x1130 [0290.749] GetCurrentThreadId () returned 0x1130 [0290.749] GetCurrentThreadId () returned 0x1130 [0290.749] free (_Block=0x3a60048) [0290.749] free (_Block=0x31e1e68) [0290.749] free (_Block=0x1d7470) [0290.749] WriteFile (in: hFile=0x2b4, lpBuffer=0x39cf808*, nNumberOfBytesToWrite=0x10ed7, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39cf808*, lpNumberOfBytesWritten=0x19fbbc*=0x10ed7, lpOverlapped=0x0) returned 1 [0290.751] free (_Block=0x31d79f0) [0290.751] free (_Block=0x1d1338) [0290.751] CloseHandle (hObject=0x2b4) returned 1 [0290.752] CloseHandle (hObject=0x404) returned 1 [0290.752] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=8) returned 1 [0290.752] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=4) returned 1 [0290.752] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=8) returned 1 [0290.752] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=4) returned 1 [0290.752] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=8) returned 1 [0290.752] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=4) returned 1 [0290.752] SetLastError (dwErrCode=0x0) [0290.752] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", lpFilePart=0x19f9f8*="jaAWWqGch.pptx") returned 0x2e [0290.752] GetLastError () returned 0x0 [0290.752] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=8) returned 1 [0290.752] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=4) returned 1 [0290.752] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=8) returned 1 [0290.752] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=4) returned 1 [0290.752] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.752] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\jaawwqgch.pptx")) returned 1 [0290.757] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x6, wMilliseconds=0x2d5)) [0290.757] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0290.757] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0290.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0290.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0290.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0290.757] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0290.757] CloseHandle (hObject=0x404) returned 1 [0290.757] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[jaAWWqGch.pptx]omgp:[i=m7|;Gg>>Q/№cw@2(l/@uyFH@n)~Tm8H=IaTK]", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0290.757] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[jaAWWqGch.pptx]omgp:[i=m7|;Gg>>Q/№cw@2(l/@uyFH@n)~Tm8H=IaTK]", cchWideChar=66, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0290.757] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[jaAWWqGch.pptx]omgp:[i=m7|;Gg>>Q/№cw@2(l/@uyFH@n)~Tm8H=IaTK]", cchWideChar=66, lpMultiByteStr=0x2541d28, cbMultiByte=66, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[jaAWWqGch.pptx]omgp:[i=m7|;Gg>>Q/?cw@2(l/@uyFH@n)~Tm8H=IaTK]", lpUsedDefaultChar=0x0) returned 66 [0290.765] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0290.765] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w=") returned 172 [0290.765] GetCurrentThreadId () returned 0x1130 [0290.765] GetCurrentThreadId () returned 0x1130 [0290.765] GetCurrentThreadId () returned 0x1130 [0290.765] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.765] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.765] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.765] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.765] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.765] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.765] SetLastError (dwErrCode=0x0) [0290.765] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320") returned 0x6c [0290.765] GetLastError () returned 0x0 [0290.766] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.766] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.766] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0290.766] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0290.766] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.766] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].wannacash ncov v310320")) returned 0x20 [0290.766] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1194].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0290.766] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0290.766] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0290.766] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x10ed7 [0290.767] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0290.767] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0290.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.767] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.767] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.767] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.767] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0290.767] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3") returned 197 [0290.767] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0290.767] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3") returned 197 [0290.767] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x10ed7 [0290.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0290.767] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:JMyW+gjW1W/kqBtme6q21u+IkhM4vRfQhYkukuDfuqZY1V5+0f6pS62UcAQGNMNO0VQIka3MPaAVtEt7TacTb6Esws5k7aUEA+js2JvO9nJ9c71IEWDFO474eqzC4bAsFxQOMA6WUuMA79YLvnFoTAh+w4wUjb4zNvCedwipL1w= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0290.767] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0290.768] CloseHandle (hObject=0x404) returned 1 [0290.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=8) returned 1 [0290.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=4) returned 1 [0290.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=8) returned 1 [0290.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=4) returned 1 [0290.768] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=8) returned 1 [0290.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=4) returned 1 [0290.769] SetLastError (dwErrCode=0x0) [0290.769] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", lpFilePart=0x19fa34*="jaAWWqGch.pptx") returned 0x2e [0290.769] GetLastError () returned 0x0 [0290.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=8) returned 1 [0290.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=4) returned 1 [0290.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=8) returned 1 [0290.769] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx", cchCount2=4) returned 1 [0290.769] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0290.769] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\jaawwqgch.pptx")) returned 0 [0290.769] GetLastError () returned 0x2 [0290.769] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\jaAWWqGch.pptx" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\jaawwqgch.pptx")) returned 0xffffffff [0290.769] SetLastError (dwErrCode=0x2) [0290.769] GetLastError () returned 0x2 [0290.769] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0290.769] LocalFree (hMem=0x92fe20) returned 0x0 [0290.769] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0290.770] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0290.770] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\jlZj.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\jlzj.png")) returned 0x20 [0290.771] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38567683675) returned 1 [0290.771] GetCurrentThreadId () returned 0x1130 [0290.771] GetCurrentThreadId () returned 0x1130 [0290.771] GetCurrentThreadId () returned 0x1130 [0290.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="O<#Qndo\"$№SH-=\"B|o", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0293.317] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kHM+&pm|2wIa&}!aAQk№W%C\"=Jp><#Qndo\"$№SH-=\"B|o", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0293.317] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kHM+&pm|2wIa&}!aAQk№W%C\"=Jp><#Qndo\"$№SH-=\"B|o", cchWideChar=45, lpMultiByteStr=0x2533798, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kHM+&pm|2wIa&}!aAQkâ\x84\x96W%C\"=Jp><#Qndo\"$â\x84\x96SH-=\"B|o", lpUsedDefaultChar=0x0) returned 49 [0293.317] GetCurrentThreadId () returned 0x1130 [0293.317] GetCurrentThreadId () returned 0x1130 [0293.317] GetCurrentThreadId () returned 0x1130 [0293.317] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite-shm"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0293.317] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] malloc (_Size=0x64) returned 0x1d1338 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] GetCurrentThreadId () returned 0x1130 [0293.318] free (_Block=0x1d1338) [0293.318] malloc (_Size=0x60) returned 0x1d1338 [0293.318] free (_Block=0x1d1338) [0293.318] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0293.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8000 [0293.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0293.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0293.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8000 [0293.319] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0293.319] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x8000, lpOverlapped=0x0) returned 1 [0293.653] malloc (_Size=0x8c) returned 0x1d1338 [0293.654] malloc (_Size=0xfc) returned 0x31d79f0 [0293.654] malloc (_Size=0x40) returned 0x1d14e8 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] malloc (_Size=0xa5c) returned 0x31e40b0 [0293.654] malloc (_Size=0x40) returned 0x1d7470 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.654] GetCurrentThreadId () returned 0x1130 [0293.655] GetCurrentThreadId () returned 0x1130 [0293.655] GetCurrentThreadId () returned 0x1130 [0293.655] GetCurrentThreadId () returned 0x1130 [0293.655] GetCurrentThreadId () returned 0x1130 [0293.655] GetCurrentThreadId () returned 0x1130 [0293.655] GetCurrentThreadId () returned 0x1130 [0293.655] malloc (_Size=0xc) returned 0x31e1ca0 [0293.655] malloc (_Size=0x720) returned 0x31d2860 [0293.655] malloc (_Size=0xe3c) returned 0x1d9aa8 [0293.655] free (_Block=0x31d2860) [0293.655] malloc (_Size=0x15ac) returned 0x1da8f0 [0293.655] free (_Block=0x1d9aa8) [0293.655] malloc (_Size=0x23e4) returned 0x1dbea8 [0293.655] free (_Block=0x1da8f0) [0293.655] malloc (_Size=0x3274) returned 0x3a60048 [0293.655] free (_Block=0x1dbea8) [0293.656] malloc (_Size=0x4820) returned 0x1d9aa8 [0293.656] free (_Block=0x3a60048) [0293.656] malloc (_Size=0x64e4) returned 0x3a60048 [0293.656] free (_Block=0x1d9aa8) [0293.656] malloc (_Size=0x8920) returned 0x3a66538 [0293.656] free (_Block=0x3a60048) [0293.656] malloc (_Size=0xbb90) returned 0x3a6ee60 [0293.656] free (_Block=0x3a66538) [0293.656] GetCurrentThreadId () returned 0x1130 [0293.656] GetCurrentThreadId () returned 0x1130 [0293.656] GetCurrentThreadId () returned 0x1130 [0293.656] GetCurrentThreadId () returned 0x1130 [0293.656] GetCurrentThreadId () returned 0x1130 [0293.656] GetCurrentThreadId () returned 0x1130 [0293.656] GetCurrentThreadId () returned 0x1130 [0293.656] GetCurrentThreadId () returned 0x1130 [0293.656] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] free (_Block=0x31e40b0) [0293.657] free (_Block=0x1d14e8) [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.657] GetCurrentThreadId () returned 0x1130 [0293.658] GetCurrentThreadId () returned 0x1130 [0293.658] GetCurrentThreadId () returned 0x1130 [0293.658] GetCurrentThreadId () returned 0x1130 [0293.658] GetCurrentThreadId () returned 0x1130 [0293.658] free (_Block=0x3a6ee60) [0293.658] free (_Block=0x31e1ca0) [0293.658] free (_Block=0x1d7470) [0293.658] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c6808*, nNumberOfBytesToWrite=0xad84, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c6808*, lpNumberOfBytesWritten=0x19fbbc*=0xad84, lpOverlapped=0x0) returned 1 [0293.660] free (_Block=0x31d79f0) [0293.660] free (_Block=0x1d1338) [0293.660] CloseHandle (hObject=0x2b4) returned 1 [0293.660] CloseHandle (hObject=0x404) returned 1 [0293.661] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=8) returned 1 [0293.661] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=4) returned 1 [0293.664] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=8) returned 1 [0293.664] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=4) returned 1 [0293.664] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=8) returned 1 [0293.664] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=4) returned 1 [0293.664] SetLastError (dwErrCode=0x0) [0293.664] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", lpFilePart=0x19f9f8*="favicons.sqlite-shm") returned 0x5d [0293.664] GetLastError () returned 0x0 [0293.664] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=8) returned 1 [0293.664] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=4) returned 1 [0293.664] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=8) returned 1 [0293.664] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=4) returned 1 [0293.664] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0293.665] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite-shm")) returned 1 [0293.667] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x9, wMilliseconds=0x26f)) [0293.667] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0293.667] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0293.667] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0293.667] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0293.667] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0293.667] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0293.667] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0293.667] CloseHandle (hObject=0x404) returned 1 [0293.667] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[favicons.sqlite-shm]omgp:[kHM+&pm|2wIa&}!aAQk№W%C\"=Jp><#Qndo\"$№SH-=\"B|o]", cchWideChar=78, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 78 [0293.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[favicons.sqlite-shm]omgp:[kHM+&pm|2wIa&}!aAQk№W%C\"=Jp><#Qndo\"$№SH-=\"B|o]", cchWideChar=78, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 78 [0293.668] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[favicons.sqlite-shm]omgp:[kHM+&pm|2wIa&}!aAQk№W%C\"=Jp><#Qndo\"$№SH-=\"B|o]", cchWideChar=78, lpMultiByteStr=0x251e0e8, cbMultiByte=78, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[favicons.sqlite-shm]omgp:[kHM+&pm|2wIa&}!aAQk?W%C\"=Jp><#Qndo\"$?SH-=\"B|o]3", lpUsedDefaultChar=0x0) returned 78 [0293.675] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0293.675] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw=") returned 172 [0293.675] GetCurrentThreadId () returned 0x1130 [0293.675] GetCurrentThreadId () returned 0x1130 [0293.675] GetCurrentThreadId () returned 0x1130 [0293.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0293.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0293.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0293.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0293.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0293.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0293.676] SetLastError (dwErrCode=0x0) [0293.676] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320") returned 0x96 [0293.676] GetLastError () returned 0x0 [0293.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0293.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0293.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0293.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0293.676] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0293.676] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].wannacash ncov v310320")) returned 0x20 [0293.676] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1209].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0293.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0293.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0293.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xad84 [0293.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0293.677] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0293.677] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0293.677] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0293.677] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0293.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0293.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0293.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0293.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0293.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3") returned 197 [0293.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0293.678] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3") returned 197 [0293.678] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xad84 [0293.678] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0293.678] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0293.678] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:XmkDvLUpn47XlRk4CjQ0uC1VNO6ZsmJGKt3iQLYbtNCMkHnQhrctR+zk7HsWeFN7GAguMEgBrOp7RqZWMyxY3ilxx9J7OFJ9kAvfne5/V8J9hXDm1+84/PQrYxq9fYIGBkpYLCLVuh9Ke1eCpd2/XeWcAPfwlNQmcwvn07mXGRw= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0293.678] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0293.678] CloseHandle (hObject=0x404) returned 1 [0293.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=8) returned 1 [0293.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=4) returned 1 [0293.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=8) returned 1 [0293.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=4) returned 1 [0293.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=8) returned 1 [0293.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=4) returned 1 [0293.678] SetLastError (dwErrCode=0x0) [0293.678] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", lpFilePart=0x19fa34*="favicons.sqlite-shm") returned 0x5d [0293.678] GetLastError () returned 0x0 [0293.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=8) returned 1 [0293.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=4) returned 1 [0293.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=8) returned 1 [0293.679] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm", cchCount2=4) returned 1 [0293.679] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0293.679] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite-shm")) returned 0 [0293.679] GetLastError () returned 0x2 [0293.679] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-shm" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite-shm")) returned 0xffffffff [0293.679] SetLastError (dwErrCode=0x2) [0293.679] GetLastError () returned 0x2 [0293.679] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0293.679] LocalFree (hMem=0x92fe20) returned 0x0 [0293.679] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0293.680] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0293.680] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite-wal")) returned 0x20 [0293.680] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38858620386) returned 1 [0293.680] GetCurrentThreadId () returned 0x1130 [0293.680] GetCurrentThreadId () returned 0x1130 [0293.680] GetCurrentThreadId () returned 0x1130 [0293.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/g-t{QyFoC47<~Rd&a{)v№a|FnO5SX%1V№W~", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0293.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/g-t{QyFoC47<~Rd&a{)v№a|FnO5SX%1V№W~", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0293.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="/g-t{QyFoC47<~Rd&a{)v№a|FnO5SX%1V№W~", cchWideChar=36, lpMultiByteStr=0x2525040, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="/g-t{QyFoC47<~Rd&a{)vâ\x84\x96a|FnO5SX%1Vâ\x84\x96W~", lpUsedDefaultChar=0x0) returned 40 [0293.680] GetCurrentThreadId () returned 0x1130 [0293.680] GetCurrentThreadId () returned 0x1130 [0293.680] GetCurrentThreadId () returned 0x1130 [0293.680] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite-wal"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0293.681] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0293.681] GetCurrentThreadId () returned 0x1130 [0293.681] GetCurrentThreadId () returned 0x1130 [0293.682] GetCurrentThreadId () returned 0x1130 [0293.682] GetCurrentThreadId () returned 0x1130 [0293.682] GetCurrentThreadId () returned 0x1130 [0293.682] GetCurrentThreadId () returned 0x1130 [0293.682] GetCurrentThreadId () returned 0x1130 [0293.682] GetCurrentThreadId () returned 0x1130 [0293.682] GetCurrentThreadId () returned 0x1130 [0293.682] GetCurrentThreadId () returned 0x1130 [0293.682] GetCurrentThreadId () returned 0x1130 [0293.682] GetCurrentThreadId () returned 0x1130 [0293.682] GetCurrentThreadId () returned 0x1130 [0293.682] malloc (_Size=0x64) returned 0x1d1338 [0293.684] GetCurrentThreadId () returned 0x1130 [0293.690] GetCurrentThreadId () returned 0x1130 [0293.690] GetCurrentThreadId () returned 0x1130 [0293.692] GetCurrentThreadId () returned 0x1130 [0293.692] GetCurrentThreadId () returned 0x1130 [0293.692] GetCurrentThreadId () returned 0x1130 [0293.692] free (_Block=0x1d1338) [0293.692] malloc (_Size=0x60) returned 0x1d1338 [0293.692] free (_Block=0x1d1338) [0293.692] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0293.692] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x901d0 [0293.692] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0293.692] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fe10000 [0293.708] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0293.708] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x901d0 [0293.708] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0293.708] ReadFile (in: hFile=0x404, lpBuffer=0x7fe10018, nNumberOfBytesToRead=0x901d0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x7fe10018*, lpNumberOfBytesRead=0x19fbc8*=0x901d0, lpOverlapped=0x0) returned 1 [0293.826] malloc (_Size=0x8c) returned 0x1d1338 [0293.826] malloc (_Size=0xfc) returned 0x31d75d0 [0293.826] VirtualAlloc (lpAddress=0x0, dwSize=0xa0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fd70000 [0293.837] malloc (_Size=0x40) returned 0x1d14e8 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] malloc (_Size=0xa5c) returned 0x31e40b0 [0293.838] malloc (_Size=0x40) returned 0x1d7470 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] GetCurrentThreadId () returned 0x1130 [0293.838] malloc (_Size=0xc) returned 0x31e1df0 [0293.838] malloc (_Size=0x720) returned 0x31d2860 [0293.838] malloc (_Size=0xe3c) returned 0x1d9aa8 [0293.838] free (_Block=0x31d2860) [0293.839] malloc (_Size=0x15ac) returned 0x1da8f0 [0293.839] free (_Block=0x1d9aa8) [0293.839] malloc (_Size=0x23e4) returned 0x1dbea8 [0293.839] free (_Block=0x1da8f0) [0293.839] malloc (_Size=0x3274) returned 0x3a60048 [0293.839] free (_Block=0x1dbea8) [0293.839] malloc (_Size=0x4820) returned 0x1d9aa8 [0293.839] free (_Block=0x3a60048) [0293.839] malloc (_Size=0x64e4) returned 0x3a60048 [0293.839] free (_Block=0x1d9aa8) [0293.839] malloc (_Size=0x8920) returned 0x3a66538 [0293.839] free (_Block=0x3a60048) [0293.839] malloc (_Size=0xbb90) returned 0x3a6ee60 [0293.839] free (_Block=0x3a66538) [0293.839] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0293.839] free (_Block=0x3a6ee60) [0293.839] malloc (_Size=0x1533c) returned 0x3a60048 [0293.840] free (_Block=0x3a7a9f8) [0293.840] malloc (_Size=0x1c704) returned 0x3a75390 [0293.840] free (_Block=0x3a60048) [0293.840] malloc (_Size=0x265c8) returned 0x3a91aa0 [0293.840] free (_Block=0x3a75390) [0293.840] malloc (_Size=0x33758) returned 0x31e4b18 [0293.854] free (_Block=0x3a91aa0) [0293.856] malloc (_Size=0x45104) returned 0x3a60048 [0293.858] free (_Block=0x31e4b18) [0293.859] malloc (_Size=0x5c874) returned 0x31e4b18 [0293.861] free (_Block=0x3a60048) [0293.862] malloc (_Size=0x7bac8) returned 0x3a60048 [0293.863] free (_Block=0x31e4b18) [0293.867] malloc (_Size=0xa5358) returned 0xa05020 [0293.879] free (_Block=0x3a60048) [0293.881] malloc (_Size=0xdcbac) returned 0x2d1f020 [0293.937] free (_Block=0xa05020) [0293.942] VirtualAlloc (lpAddress=0x0, dwSize=0xd0000, flAllocationType=0x101000, flProtect=0x4) returned 0x7fca0000 [0293.957] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] free (_Block=0x31e40b0) [0293.958] free (_Block=0x1d14e8) [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.958] GetCurrentThreadId () returned 0x1130 [0293.959] GetCurrentThreadId () returned 0x1130 [0293.959] GetCurrentThreadId () returned 0x1130 [0293.959] GetCurrentThreadId () returned 0x1130 [0293.960] free (_Block=0x2d1f020) [0293.964] free (_Block=0x31e1df0) [0293.964] free (_Block=0x1d7470) [0293.964] WriteFile (in: hFile=0x2b4, lpBuffer=0x7fca0018*, nNumberOfBytesToWrite=0xc32a3, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x7fca0018*, lpNumberOfBytesWritten=0x19fbbc*=0xc32a3, lpOverlapped=0x0) returned 1 [0293.975] free (_Block=0x31d75d0) [0293.975] free (_Block=0x1d1338) [0293.976] VirtualFree (lpAddress=0x7fca0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0293.979] VirtualFree (lpAddress=0x7fd70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0293.983] VirtualFree (lpAddress=0x7fe10000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0293.984] CloseHandle (hObject=0x2b4) returned 1 [0293.984] CloseHandle (hObject=0x404) returned 1 [0293.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=8) returned 1 [0293.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=4) returned 1 [0293.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=8) returned 1 [0293.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=4) returned 1 [0293.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=8) returned 1 [0293.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=4) returned 1 [0293.984] SetLastError (dwErrCode=0x0) [0293.984] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", lpFilePart=0x19f9f8*="favicons.sqlite-wal") returned 0x5d [0293.984] GetLastError () returned 0x0 [0293.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=8) returned 1 [0293.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=4) returned 1 [0293.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=8) returned 1 [0293.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=4) returned 1 [0293.984] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0293.984] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite-wal")) returned 1 [0293.991] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0x9, wMilliseconds=0x3b8)) [0293.991] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0293.991] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0293.991] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0293.991] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0293.991] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0293.991] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0293.991] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0293.992] CloseHandle (hObject=0x404) returned 1 [0293.992] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[favicons.sqlite-wal]omgp:[/g-t{QyFoC47<~Rd&a{)v№a|FnO5SX%1V№W~]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0293.992] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[favicons.sqlite-wal]omgp:[/g-t{QyFoC47<~Rd&a{)v№a|FnO5SX%1V№W~]", cchWideChar=69, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 69 [0293.992] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[favicons.sqlite-wal]omgp:[/g-t{QyFoC47<~Rd&a{)v№a|FnO5SX%1V№W~]", cchWideChar=69, lpMultiByteStr=0x252c708, cbMultiByte=69, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[favicons.sqlite-wal]omgp:[/g-t{QyFoC47<~Rd&a{)v?a|FnO5SX%1V?W~]", lpUsedDefaultChar=0x0) returned 69 [0294.010] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0294.010] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA=") returned 172 [0294.010] GetCurrentThreadId () returned 0x1130 [0294.010] GetCurrentThreadId () returned 0x1130 [0294.010] GetCurrentThreadId () returned 0x1130 [0294.010] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0294.010] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0294.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0294.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0294.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0294.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0294.011] SetLastError (dwErrCode=0x0) [0294.011] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320") returned 0x96 [0294.011] GetLastError () returned 0x0 [0294.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0294.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0294.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0294.011] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0294.011] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0294.011] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].wannacash ncov v310320")) returned 0x20 [0294.011] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1210].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0294.011] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0294.011] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0294.011] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xc32a3 [0294.012] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0294.012] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0294.012] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0294.012] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0294.012] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0294.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0294.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0294.012] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0294.012] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0294.012] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3") returned 197 [0294.012] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0294.012] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3") returned 197 [0294.012] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xc32a3 [0294.014] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0294.014] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0294.014] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:IZbYWGusL8B1Ip2okgiRdA5tAXsMahhjaxbl1YzGruNjIF+WxeQESgLc5lSd1IPqTBR2tKzDxAEaXMtYIf0MWvsFfxFUfRKx/wsLhLu3RrAzBn7XDptuM6sJo8ca2nblmeFaWNrlJZepMlIcEV3n/lOsy0KRcP+V7N+/MXoO4zA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0294.014] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0294.014] CloseHandle (hObject=0x404) returned 1 [0294.014] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=8) returned 1 [0294.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=4) returned 1 [0294.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=8) returned 1 [0294.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=4) returned 1 [0294.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=8) returned 1 [0294.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=4) returned 1 [0294.015] SetLastError (dwErrCode=0x0) [0294.015] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", lpFilePart=0x19fa34*="favicons.sqlite-wal") returned 0x5d [0294.015] GetLastError () returned 0x0 [0294.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=8) returned 1 [0294.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=4) returned 1 [0294.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=8) returned 1 [0294.015] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal", cchCount2=4) returned 1 [0294.015] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0294.015] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite-wal")) returned 0 [0294.015] GetLastError () returned 0x2 [0294.015] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\favicons.sqlite-wal" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\favicons.sqlite-wal")) returned 0xffffffff [0294.015] SetLastError (dwErrCode=0x2) [0294.015] GetLastError () returned 0x2 [0294.015] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0294.015] LocalFree (hMem=0x92fe20) returned 0x0 [0294.015] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0294.016] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0294.016] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\gmp-widevinecdm\\1.4.8.903\\LICENSE.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\gmp-widevinecdm\\1.4.8.903\\license.txt")) returned 0x20 [0294.017] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38892283040) returned 1 [0294.017] GetCurrentThreadId () returned 0x1130 [0294.017] GetCurrentThreadId () returned 0x1130 [0294.017] GetCurrentThreadId () returned 0x1130 [0294.017] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="aPG`.rw№8aq3A?v`", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0294.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№yr$}Z\"D=)\\(@,J>aPG`.rw№8aq3A?v`", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0294.037] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="№yr$}Z\"D=)\\(@,J>aPG`.rw№8aq3A?v`", cchWideChar=32, lpMultiByteStr=0x250f7b8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="â\x84\x96yr$}Z\"D=)\\(@,J>aPG`.rwâ\x84\x968aq3A?v`\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 36 [0294.037] GetCurrentThreadId () returned 0x1130 [0294.037] GetCurrentThreadId () returned 0x1130 [0294.037] GetCurrentThreadId () returned 0x1130 [0294.037] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\pluginreg.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0294.037] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] GetCurrentThreadId () returned 0x1130 [0294.038] malloc (_Size=0x64) returned 0x1d1338 [0294.039] GetCurrentThreadId () returned 0x1130 [0294.039] GetCurrentThreadId () returned 0x1130 [0294.039] GetCurrentThreadId () returned 0x1130 [0294.039] GetCurrentThreadId () returned 0x1130 [0294.039] GetCurrentThreadId () returned 0x1130 [0294.039] GetCurrentThreadId () returned 0x1130 [0294.039] free (_Block=0x1d1338) [0294.039] malloc (_Size=0x60) returned 0x1d1338 [0294.039] free (_Block=0x1d1338) [0294.039] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0294.039] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x260 [0294.039] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0294.039] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0294.039] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x260 [0294.039] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0294.039] ReadFile (in: hFile=0x404, lpBuffer=0x2413fd8, nNumberOfBytesToRead=0x260, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x2413fd8*, lpNumberOfBytesRead=0x19fbc8*=0x260, lpOverlapped=0x0) returned 1 [0295.036] malloc (_Size=0x8c) returned 0x1d1338 [0295.037] malloc (_Size=0xfc) returned 0x31d74c8 [0295.037] malloc (_Size=0x40) returned 0x1d14e8 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.037] malloc (_Size=0x40) returned 0x1d7470 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.037] GetCurrentThreadId () returned 0x1130 [0295.038] malloc (_Size=0xc) returned 0x31e1ca0 [0295.038] malloc (_Size=0x468) returned 0x31e4b18 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] free (_Block=0x31e40b0) [0295.038] free (_Block=0x1d14e8) [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.038] GetCurrentThreadId () returned 0x1130 [0295.039] GetCurrentThreadId () returned 0x1130 [0295.039] GetCurrentThreadId () returned 0x1130 [0295.039] GetCurrentThreadId () returned 0x1130 [0295.039] GetCurrentThreadId () returned 0x1130 [0295.039] GetCurrentThreadId () returned 0x1130 [0295.039] GetCurrentThreadId () returned 0x1130 [0295.039] GetCurrentThreadId () returned 0x1130 [0295.039] GetCurrentThreadId () returned 0x1130 [0295.039] free (_Block=0x31e4b18) [0295.039] free (_Block=0x31e1ca0) [0295.039] free (_Block=0x1d7470) [0295.039] WriteFile (in: hFile=0x2b4, lpBuffer=0x39be5f8*, nNumberOfBytesToWrite=0x366, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39be5f8*, lpNumberOfBytesWritten=0x19fbbc*=0x366, lpOverlapped=0x0) returned 1 [0295.040] free (_Block=0x31d74c8) [0295.040] free (_Block=0x1d1338) [0295.040] CloseHandle (hObject=0x2b4) returned 1 [0295.040] CloseHandle (hObject=0x404) returned 1 [0295.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=8) returned 1 [0295.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=4) returned 1 [0295.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=8) returned 1 [0295.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=4) returned 1 [0295.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=8) returned 1 [0295.040] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=4) returned 1 [0295.041] SetLastError (dwErrCode=0x0) [0295.041] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", lpFilePart=0x19f9f8*="pluginreg.dat") returned 0x57 [0295.041] GetLastError () returned 0x0 [0295.041] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=8) returned 1 [0295.041] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=4) returned 1 [0295.041] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=8) returned 1 [0295.041] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=4) returned 1 [0295.041] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0295.041] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\pluginreg.dat")) returned 1 [0295.043] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xa, wMilliseconds=0x3e7)) [0295.043] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.043] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.043] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.043] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.043] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.043] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.043] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.043] CloseHandle (hObject=0x404) returned 1 [0295.043] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[pluginreg.dat]omgp:[№yr$}Z\"D=)\\(@,J>aPG`.rw№8aq3A?v`]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0295.043] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[pluginreg.dat]omgp:[№yr$}Z\"D=)\\(@,J>aPG`.rw№8aq3A?v`]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0295.043] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[pluginreg.dat]omgp:[№yr$}Z\"D=)\\(@,J>aPG`.rw№8aq3A?v`]", cchWideChar=59, lpMultiByteStr=0x2516968, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[pluginreg.dat]omgp:[?yr$}Z\"D=)\\(@,J>aPG`.rw?8aq3A?v`]", lpUsedDefaultChar=0x0) returned 59 [0295.060] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.061] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs=") returned 172 [0295.061] GetCurrentThreadId () returned 0x1130 [0295.061] GetCurrentThreadId () returned 0x1130 [0295.061] GetCurrentThreadId () returned 0x1130 [0295.061] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.061] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.061] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.061] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.061] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.061] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.061] SetLastError (dwErrCode=0x0) [0295.061] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320") returned 0x96 [0295.061] GetLastError () returned 0x0 [0295.061] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.061] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.061] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.061] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.061] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0295.061] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].wannacash ncov v310320")) returned 0x20 [0295.061] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1212].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.062] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.062] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.062] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x366 [0295.062] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.062] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.062] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.062] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.062] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.062] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.062] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3") returned 197 [0295.062] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.062] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3") returned 197 [0295.062] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x366 [0295.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.062] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:iuF9Ea6nO4ytE7MhOtBdzc752oIZ/QCt48BqSy5Sel7fx5yMHUF121MxCkVEjg5py/ub626wZ8j9D0hsAABE+728bQ2DXTjS0m5VcVi+nphiJdi2EmWopkB6CFthDJ5JOLCMcwNiAE40yIs09/nJxAC0VpsMyXVSLV4L2DAA6gs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.062] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.062] CloseHandle (hObject=0x404) returned 1 [0295.063] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=8) returned 1 [0295.063] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=4) returned 1 [0295.063] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=8) returned 1 [0295.063] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=4) returned 1 [0295.063] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=8) returned 1 [0295.063] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=4) returned 1 [0295.063] SetLastError (dwErrCode=0x0) [0295.063] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", lpFilePart=0x19fa34*="pluginreg.dat") returned 0x57 [0295.063] GetLastError () returned 0x0 [0295.063] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=8) returned 1 [0295.063] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=4) returned 1 [0295.063] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=8) returned 1 [0295.063] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat", cchCount2=4) returned 1 [0295.063] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0295.063] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\pluginreg.dat")) returned 0 [0295.063] GetLastError () returned 0x2 [0295.063] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\pluginreg.dat" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\pluginreg.dat")) returned 0xffffffff [0295.063] SetLastError (dwErrCode=0x2) [0295.063] GetLastError () returned 0x2 [0295.063] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.063] LocalFree (hMem=0x92fe20) returned 0x0 [0295.063] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.064] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.064] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\prefs.js")) returned 0x20 [0295.064] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=38997041954) returned 1 [0295.064] GetCurrentThreadId () returned 0x1130 [0295.064] GetCurrentThreadId () returned 0x1130 [0295.064] GetCurrentThreadId () returned 0x1130 [0295.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9!HM}wP#;!7(4№IDIG~jkqt#?1№<", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0295.064] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9!HM}wP#;!7(4№IDIG~jkqt#?1№<", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0295.065] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="9!HM}wP#;!7(4№IDIG~jkqt#?1№<", cchWideChar=28, lpMultiByteStr=0x250f7e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="9!HM}wP#;!7(4â\x84\x96IDIG~jkqt#?1â\x84\x96<", lpUsedDefaultChar=0x0) returned 32 [0295.065] GetCurrentThreadId () returned 0x1130 [0295.065] GetCurrentThreadId () returned 0x1130 [0295.065] GetCurrentThreadId () returned 0x1130 [0295.065] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\prefs.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.065] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] malloc (_Size=0x64) returned 0x1d1338 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.066] GetCurrentThreadId () returned 0x1130 [0295.067] GetCurrentThreadId () returned 0x1130 [0295.067] GetCurrentThreadId () returned 0x1130 [0295.067] GetCurrentThreadId () returned 0x1130 [0295.067] free (_Block=0x1d1338) [0295.067] malloc (_Size=0x60) returned 0x1d1338 [0295.067] free (_Block=0x1d1338) [0295.067] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.067] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2120 [0295.067] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.067] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.067] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x2120 [0295.067] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.067] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x2120, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x2120, lpOverlapped=0x0) returned 1 [0295.125] malloc (_Size=0x8c) returned 0x1d1338 [0295.125] malloc (_Size=0xfc) returned 0x31d7e10 [0295.125] malloc (_Size=0x40) returned 0x1d14e8 [0295.125] GetCurrentThreadId () returned 0x1130 [0295.125] GetCurrentThreadId () returned 0x1130 [0295.125] GetCurrentThreadId () returned 0x1130 [0295.125] GetCurrentThreadId () returned 0x1130 [0295.125] GetCurrentThreadId () returned 0x1130 [0295.125] GetCurrentThreadId () returned 0x1130 [0295.125] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.126] malloc (_Size=0x40) returned 0x1d7470 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] GetCurrentThreadId () returned 0x1130 [0295.126] malloc (_Size=0xc) returned 0x31e1e80 [0295.126] malloc (_Size=0x720) returned 0x31d2860 [0295.126] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.127] free (_Block=0x31d2860) [0295.127] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.127] free (_Block=0x1d9aa8) [0295.127] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.127] free (_Block=0x1da8f0) [0295.127] malloc (_Size=0x3274) returned 0x3a60048 [0295.127] free (_Block=0x1dbea8) [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.128] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] free (_Block=0x31e40b0) [0295.129] free (_Block=0x1d14e8) [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] GetCurrentThreadId () returned 0x1130 [0295.129] free (_Block=0x3a60048) [0295.130] free (_Block=0x31e1e80) [0295.130] free (_Block=0x1d7470) [0295.130] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bab08*, nNumberOfBytesToWrite=0x2d0a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bab08*, lpNumberOfBytesWritten=0x19fbbc*=0x2d0a, lpOverlapped=0x0) returned 1 [0295.131] free (_Block=0x31d7e10) [0295.131] free (_Block=0x1d1338) [0295.131] CloseHandle (hObject=0x2b4) returned 1 [0295.132] CloseHandle (hObject=0x404) returned 1 [0295.132] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=8) returned 1 [0295.132] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=4) returned 1 [0295.132] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=8) returned 1 [0295.132] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=4) returned 1 [0295.132] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=8) returned 1 [0295.132] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=4) returned 1 [0295.132] SetLastError (dwErrCode=0x0) [0295.132] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", lpFilePart=0x19f9f8*="prefs.js") returned 0x52 [0295.132] GetLastError () returned 0x0 [0295.132] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=8) returned 1 [0295.132] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=4) returned 1 [0295.132] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=8) returned 1 [0295.132] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=4) returned 1 [0295.132] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0295.132] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\prefs.js")) returned 1 [0295.134] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x5c)) [0295.134] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.134] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.135] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.135] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.135] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.135] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.135] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.136] CloseHandle (hObject=0x404) returned 1 [0295.136] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[prefs.js]omgp:[9!HM}wP#;!7(4№IDIG~jkqt#?1№<]", cchWideChar=50, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0295.136] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[prefs.js]omgp:[9!HM}wP#;!7(4№IDIG~jkqt#?1№<]", cchWideChar=50, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0295.136] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[prefs.js]omgp:[9!HM}wP#;!7(4№IDIG~jkqt#?1№<]", cchWideChar=50, lpMultiByteStr=0x2533798, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[prefs.js]omgp:[9!HM}wP#;!7(4?IDIG~jkqt#?1?<]", lpUsedDefaultChar=0x0) returned 50 [0295.145] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.145] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e73c, cchWideChar=172 | out: lpWideCharStr="924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU=") returned 172 [0295.145] GetCurrentThreadId () returned 0x1130 [0295.145] GetCurrentThreadId () returned 0x1130 [0295.145] GetCurrentThreadId () returned 0x1130 [0295.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.145] SetLastError (dwErrCode=0x0) [0295.145] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320") returned 0x96 [0295.145] GetLastError () returned 0x0 [0295.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.145] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.145] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0295.146] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].wannacash ncov v310320")) returned 0x20 [0295.146] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1213].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.146] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.146] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.146] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2d0a [0295.146] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.146] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.146] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.146] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.147] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.147] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.147] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.147] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.147] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.147] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3") returned 197 [0295.147] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.147] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3") returned 197 [0295.147] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2d0a [0295.147] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.147] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.147] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:924cVgEv6Ma2p8YCIm6hkRmATDeCw6/0zenZFuyv6WAPPw3wqrY1sPVVpL7alceYvsae3wTGhKR/cXVp75AjW/nyptNJpQdJlARerN2fLpGawWo3PxN5CHpHCcfpH5jq1pHahd6qcj80Hb+vRB7iWnXAGAP8gfCHaHDASOxM+WU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.147] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.147] CloseHandle (hObject=0x404) returned 1 [0295.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=8) returned 1 [0295.147] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=4) returned 1 [0295.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=8) returned 1 [0295.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=4) returned 1 [0295.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=8) returned 1 [0295.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=4) returned 1 [0295.148] SetLastError (dwErrCode=0x0) [0295.148] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", lpFilePart=0x19fa34*="prefs.js") returned 0x52 [0295.148] GetLastError () returned 0x0 [0295.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=8) returned 1 [0295.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=4) returned 1 [0295.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=8) returned 1 [0295.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js", cchCount2=4) returned 1 [0295.148] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0295.148] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\prefs.js")) returned 0 [0295.148] GetLastError () returned 0x2 [0295.148] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\prefs.js" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\prefs.js")) returned 0xffffffff [0295.148] SetLastError (dwErrCode=0x2) [0295.148] GetLastError () returned 0x2 [0295.148] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.149] LocalFree (hMem=0x92fe20) returned 0x0 [0295.149] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.149] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.149] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\revocations.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\revocations.txt")) returned 0x20 [0295.150] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39005611034) returned 1 [0295.150] GetCurrentThreadId () returned 0x1130 [0295.150] GetCurrentThreadId () returned 0x1130 [0295.150] GetCurrentThreadId () returned 0x1130 [0295.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="?Y:№N9eAw$a>_Q9_J6wX!`9$sW2u\"au78J>pFpFpFpFpFpFpFpFNL\\", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0295.291] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"sr)ZLJ|wLWL1\\9*ZxEd2IO.=o`)H~\";s,s72$\\U/yu>NL\\", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0295.291] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"sr)ZLJ|wLWL1\\9*ZxEd2IO.=o`)H~\";s,s72$\\U/yu>NL\\", cchWideChar=47, lpMultiByteStr=0x2533798, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"sr)ZLJ|wLWL1\\9*ZxEd2IO.=o`)H~\";s,s72$\\U/yu>NL\\", lpUsedDefaultChar=0x0) returned 47 [0295.291] GetCurrentThreadId () returned 0x1130 [0295.291] GetCurrentThreadId () returned 0x1130 [0295.291] GetCurrentThreadId () returned 0x1130 [0295.291] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\sessionstore.js"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.291] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.292] GetCurrentThreadId () returned 0x1130 [0295.293] malloc (_Size=0x64) returned 0x1d1338 [0295.293] GetCurrentThreadId () returned 0x1130 [0295.293] GetCurrentThreadId () returned 0x1130 [0295.293] GetCurrentThreadId () returned 0x1130 [0295.293] GetCurrentThreadId () returned 0x1130 [0295.293] GetCurrentThreadId () returned 0x1130 [0295.293] GetCurrentThreadId () returned 0x1130 [0295.293] free (_Block=0x1d1338) [0295.293] malloc (_Size=0x60) returned 0x1d1338 [0295.293] free (_Block=0x1d1338) [0295.293] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.293] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x408 [0295.294] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.294] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.294] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x408 [0295.294] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.294] ReadFile (in: hFile=0x404, lpBuffer=0x39b67c8, nNumberOfBytesToRead=0x408, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67c8*, lpNumberOfBytesRead=0x19fbc8*=0x408, lpOverlapped=0x0) returned 1 [0295.296] malloc (_Size=0x8c) returned 0x1d1338 [0295.296] malloc (_Size=0xfc) returned 0x31d73c0 [0295.296] malloc (_Size=0x40) returned 0x1d14e8 [0295.296] GetCurrentThreadId () returned 0x1130 [0295.296] GetCurrentThreadId () returned 0x1130 [0295.296] GetCurrentThreadId () returned 0x1130 [0295.296] GetCurrentThreadId () returned 0x1130 [0295.296] GetCurrentThreadId () returned 0x1130 [0295.296] GetCurrentThreadId () returned 0x1130 [0295.296] GetCurrentThreadId () returned 0x1130 [0295.296] GetCurrentThreadId () returned 0x1130 [0295.296] GetCurrentThreadId () returned 0x1130 [0295.296] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.297] malloc (_Size=0x40) returned 0x1d7470 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] malloc (_Size=0xc) returned 0x31e1ec8 [0295.297] malloc (_Size=0x720) returned 0x31d2860 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.297] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] free (_Block=0x31e40b0) [0295.298] free (_Block=0x1d14e8) [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.298] GetCurrentThreadId () returned 0x1130 [0295.299] GetCurrentThreadId () returned 0x1130 [0295.299] GetCurrentThreadId () returned 0x1130 [0295.299] GetCurrentThreadId () returned 0x1130 [0295.299] GetCurrentThreadId () returned 0x1130 [0295.299] free (_Block=0x31d2860) [0295.299] free (_Block=0x31e1ec8) [0295.299] free (_Block=0x1d7470) [0295.299] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d0628*, nNumberOfBytesToWrite=0x596, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d0628*, lpNumberOfBytesWritten=0x19fbbc*=0x596, lpOverlapped=0x0) returned 1 [0295.300] free (_Block=0x31d73c0) [0295.300] free (_Block=0x1d1338) [0295.300] CloseHandle (hObject=0x2b4) returned 1 [0295.301] CloseHandle (hObject=0x404) returned 1 [0295.301] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=8) returned 1 [0295.301] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=4) returned 1 [0295.301] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=8) returned 1 [0295.301] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=4) returned 1 [0295.301] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=8) returned 1 [0295.301] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=4) returned 1 [0295.301] SetLastError (dwErrCode=0x0) [0295.301] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", lpFilePart=0x19f9f8*="sessionstore.js") returned 0x59 [0295.301] GetLastError () returned 0x0 [0295.301] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=8) returned 1 [0295.301] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=4) returned 1 [0295.301] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=8) returned 1 [0295.301] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=4) returned 1 [0295.301] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0295.302] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\sessionstore.js")) returned 1 [0295.303] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x108)) [0295.303] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.303] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.304] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.304] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.304] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.304] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.304] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.304] CloseHandle (hObject=0x404) returned 1 [0295.304] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[sessionstore.js]omgp:[\"sr)ZLJ|wLWL1\\9*ZxEd2IO.=o`)H~\";s,s72$\\U/yu>NL\\]", cchWideChar=76, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 76 [0295.304] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[sessionstore.js]omgp:[\"sr)ZLJ|wLWL1\\9*ZxEd2IO.=o`)H~\";s,s72$\\U/yu>NL\\]", cchWideChar=76, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 76 [0295.304] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[sessionstore.js]omgp:[\"sr)ZLJ|wLWL1\\9*ZxEd2IO.=o`)H~\";s,s72$\\U/yu>NL\\]", cchWideChar=76, lpMultiByteStr=0x252c708, cbMultiByte=76, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[sessionstore.js]omgp:[\"sr)ZLJ|wLWL1\\9*ZxEd2IO.=o`)H~\";s,s72$\\U/yu>NL\\]±ÇR\x02\x01", lpUsedDefaultChar=0x0) returned 76 [0295.313] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.313] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo=") returned 172 [0295.313] GetCurrentThreadId () returned 0x1130 [0295.314] GetCurrentThreadId () returned 0x1130 [0295.314] GetCurrentThreadId () returned 0x1130 [0295.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.314] SetLastError (dwErrCode=0x0) [0295.314] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320") returned 0x96 [0295.314] GetLastError () returned 0x0 [0295.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.314] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.314] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0295.314] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].wannacash ncov v310320")) returned 0x20 [0295.315] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1217].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x596 [0295.315] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.315] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.315] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.315] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.315] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.315] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.315] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.315] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.315] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.315] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3") returned 197 [0295.316] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.316] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3") returned 197 [0295.316] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x596 [0295.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.316] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Puqm4cB+UOOAlj/7dH5j/XlYB9jHhDnLHQI1OyoJHz2YqtdU+IK+eVb6bxMbSPgArpshVTSIzbGBLhmQpd58qFPkYk/Dx+casTHjFb8xOn7hLOPiqFM7Hk9buUhn9zbKf1ifA7WSe6CI6Axsun3cK13MMUvrt2i0do217sY5pzo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.316] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.316] CloseHandle (hObject=0x404) returned 1 [0295.316] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=8) returned 1 [0295.316] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=4) returned 1 [0295.316] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=8) returned 1 [0295.316] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=4) returned 1 [0295.316] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=8) returned 1 [0295.316] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=4) returned 1 [0295.316] SetLastError (dwErrCode=0x0) [0295.316] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", lpFilePart=0x19fa34*="sessionstore.js") returned 0x59 [0295.317] GetLastError () returned 0x0 [0295.317] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=8) returned 1 [0295.317] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=4) returned 1 [0295.317] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=8) returned 1 [0295.317] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js", cchCount2=4) returned 1 [0295.317] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default")) returned 0x10 [0295.317] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\sessionstore.js")) returned 0 [0295.317] GetLastError () returned 0x2 [0295.317] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\sessionstore.js" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\sessionstore.js")) returned 0xffffffff [0295.317] SetLastError (dwErrCode=0x2) [0295.317] GetLastError () returned 0x2 [0295.317] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.317] LocalFree (hMem=0x92fe20) returned 0x0 [0295.317] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.318] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.318] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w7cr0hor.default\\SiteSecurityServiceState.txt" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\mozilla\\firefox\\profiles\\w7cr0hor.default\\sitesecurityservicestate.txt")) returned 0x20 [0295.318] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39022430292) returned 1 [0295.318] GetCurrentThreadId () returned 0x1130 [0295.318] GetCurrentThreadId () returned 0x1130 [0295.318] GetCurrentThreadId () returned 0x1130 [0295.318] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="UUJ8rzMv>4l`Fr)Xe>PVH6%B$&SC5{xYm8Xu41$dWe8(TK", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0295.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@*9m1H>4l`Fr)Xe>PVH6%B$&SC5{xYm8Xu41$dWe8(TK", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0295.480] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="@*9m1H>4l`Fr)Xe>PVH6%B$&SC5{xYm8Xu41$dWe8(TK", cchWideChar=44, lpMultiByteStr=0x2524fd0, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="@*9m1H>4l`Fr)Xe>PVH6%B$&SC5{xYm8Xu41$dWe8(TKqPR\x02\x01", lpUsedDefaultChar=0x0) returned 44 [0295.480] GetCurrentThreadId () returned 0x1130 [0295.480] GetCurrentThreadId () returned 0x1130 [0295.480] GetCurrentThreadId () returned 0x1130 [0295.480] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\pnfe_guarjwm1f-.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.481] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] GetCurrentThreadId () returned 0x1130 [0295.509] malloc (_Size=0x64) returned 0x1d1338 [0295.510] GetCurrentThreadId () returned 0x1130 [0295.510] GetCurrentThreadId () returned 0x1130 [0295.510] GetCurrentThreadId () returned 0x1130 [0295.510] GetCurrentThreadId () returned 0x1130 [0295.510] GetCurrentThreadId () returned 0x1130 [0295.510] GetCurrentThreadId () returned 0x1130 [0295.510] free (_Block=0x1d1338) [0295.510] malloc (_Size=0x60) returned 0x1d1338 [0295.510] free (_Block=0x1d1338) [0295.510] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.510] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xd843 [0295.510] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.510] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.511] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xd843 [0295.511] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.511] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0xd843, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0xd843, lpOverlapped=0x0) returned 1 [0295.512] malloc (_Size=0x8c) returned 0x1d1338 [0295.512] malloc (_Size=0xfc) returned 0x31d7af8 [0295.512] malloc (_Size=0x40) returned 0x1d14e8 [0295.512] GetCurrentThreadId () returned 0x1130 [0295.512] GetCurrentThreadId () returned 0x1130 [0295.512] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.513] malloc (_Size=0x40) returned 0x1d7470 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] GetCurrentThreadId () returned 0x1130 [0295.513] malloc (_Size=0xc) returned 0x31e1e20 [0295.514] malloc (_Size=0x720) returned 0x31d2860 [0295.514] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.514] free (_Block=0x31d2860) [0295.514] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.514] free (_Block=0x1d9aa8) [0295.514] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.514] free (_Block=0x1da8f0) [0295.514] malloc (_Size=0x3274) returned 0x3a60048 [0295.514] free (_Block=0x1dbea8) [0295.515] malloc (_Size=0x4820) returned 0x1d9aa8 [0295.515] free (_Block=0x3a60048) [0295.515] malloc (_Size=0x64e4) returned 0x3a60048 [0295.515] free (_Block=0x1d9aa8) [0295.515] malloc (_Size=0x8920) returned 0x3a66538 [0295.515] free (_Block=0x3a60048) [0295.515] malloc (_Size=0xbb90) returned 0x3a6ee60 [0295.516] free (_Block=0x3a66538) [0295.516] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0295.517] free (_Block=0x3a6ee60) [0295.517] malloc (_Size=0x1533c) returned 0x3a60048 [0295.519] free (_Block=0x3a7a9f8) [0295.519] GetCurrentThreadId () returned 0x1130 [0295.519] GetCurrentThreadId () returned 0x1130 [0295.519] GetCurrentThreadId () returned 0x1130 [0295.519] GetCurrentThreadId () returned 0x1130 [0295.519] GetCurrentThreadId () returned 0x1130 [0295.519] GetCurrentThreadId () returned 0x1130 [0295.519] GetCurrentThreadId () returned 0x1130 [0295.519] GetCurrentThreadId () returned 0x1130 [0295.519] GetCurrentThreadId () returned 0x1130 [0295.519] GetCurrentThreadId () returned 0x1130 [0295.519] GetCurrentThreadId () returned 0x1130 [0295.519] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] free (_Block=0x31e40b0) [0295.520] free (_Block=0x1d14e8) [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.520] GetCurrentThreadId () returned 0x1130 [0295.521] free (_Block=0x3a60048) [0295.521] free (_Block=0x31e1e20) [0295.521] free (_Block=0x1d7470) [0295.521] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d1a08*, nNumberOfBytesToWrite=0x12502, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d1a08*, lpNumberOfBytesWritten=0x19fbbc*=0x12502, lpOverlapped=0x0) returned 1 [0295.523] free (_Block=0x31d7af8) [0295.523] free (_Block=0x1d1338) [0295.523] CloseHandle (hObject=0x2b4) returned 1 [0295.524] CloseHandle (hObject=0x404) returned 1 [0295.524] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=8) returned 1 [0295.524] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=4) returned 1 [0295.524] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=8) returned 1 [0295.524] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=4) returned 1 [0295.524] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=8) returned 1 [0295.524] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=4) returned 1 [0295.524] SetLastError (dwErrCode=0x0) [0295.524] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", lpFilePart=0x19f9f8*="PNfE_guArjwm1f-.flv") returned 0x33 [0295.524] GetLastError () returned 0x0 [0295.524] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=8) returned 1 [0295.524] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=4) returned 1 [0295.524] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=8) returned 1 [0295.524] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=4) returned 1 [0295.524] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.524] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\pnfe_guarjwm1f-.flv")) returned 1 [0295.529] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x1f2)) [0295.529] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.529] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.529] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.530] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.530] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.530] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.530] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.530] CloseHandle (hObject=0x404) returned 1 [0295.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[PNfE_guArjwm1f-.flv]omgp:[@*9m1H>4l`Fr)Xe>PVH6%B$&SC5{xYm8Xu41$dWe8(TK]", cchWideChar=77, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0295.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[PNfE_guArjwm1f-.flv]omgp:[@*9m1H>4l`Fr)Xe>PVH6%B$&SC5{xYm8Xu41$dWe8(TK]", cchWideChar=77, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0295.530] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[PNfE_guArjwm1f-.flv]omgp:[@*9m1H>4l`Fr)Xe>PVH6%B$&SC5{xYm8Xu41$dWe8(TK]", cchWideChar=77, lpMultiByteStr=0x251e1a8, cbMultiByte=77, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[PNfE_guArjwm1f-.flv]omgp:[@*9m1H>4l`Fr)Xe>PVH6%B$&SC5{xYm8Xu41$dWe8(TK]", lpUsedDefaultChar=0x0) returned 77 [0295.538] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.538] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc=") returned 172 [0295.538] GetCurrentThreadId () returned 0x1130 [0295.538] GetCurrentThreadId () returned 0x1130 [0295.538] GetCurrentThreadId () returned 0x1130 [0295.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.538] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.538] SetLastError (dwErrCode=0x0) [0295.538] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320") returned 0x6c [0295.538] GetLastError () returned 0x0 [0295.539] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.539] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.539] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.539] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.539] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.539] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].wannacash ncov v310320")) returned 0x20 [0295.539] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1222].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.539] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.539] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.539] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x12502 [0295.540] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.540] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.540] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.540] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.540] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.540] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.540] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.540] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3") returned 197 [0295.540] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.540] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3") returned 197 [0295.540] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x12502 [0295.540] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.540] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.540] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:zekqfTYZ1y5++cDJisz02SZ6kHdjT2C4DJKy/Lmq73/B6KFCBMegJHiac4ypXcO42RUym1MLanjK5T2W+kiXSN7IpquH9ap57QJzEurJiqBEAlCFQrTQqr91e54uMbwVoxTyO22R0qPU/x0af08OToyHi9+TufbEz/RUoZCUQmc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.540] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.541] CloseHandle (hObject=0x404) returned 1 [0295.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=8) returned 1 [0295.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=4) returned 1 [0295.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=8) returned 1 [0295.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=4) returned 1 [0295.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=8) returned 1 [0295.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=4) returned 1 [0295.541] SetLastError (dwErrCode=0x0) [0295.541] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", lpFilePart=0x19fa34*="PNfE_guArjwm1f-.flv") returned 0x33 [0295.541] GetLastError () returned 0x0 [0295.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=8) returned 1 [0295.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=4) returned 1 [0295.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=8) returned 1 [0295.541] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv", cchCount2=4) returned 1 [0295.541] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.541] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\pnfe_guarjwm1f-.flv")) returned 0 [0295.542] GetLastError () returned 0x2 [0295.542] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PNfE_guArjwm1f-.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\pnfe_guarjwm1f-.flv")) returned 0xffffffff [0295.542] SetLastError (dwErrCode=0x2) [0295.542] GetLastError () returned 0x2 [0295.542] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.542] LocalFree (hMem=0x92fe20) returned 0x0 [0295.542] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.542] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.542] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\pqzybeoh06_pjwfxkj.flv")) returned 0x20 [0295.542] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39044867155) returned 1 [0295.543] GetCurrentThreadId () returned 0x1130 [0295.543] GetCurrentThreadId () returned 0x1130 [0295.543] GetCurrentThreadId () returned 0x1130 [0295.543] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MW\"X#eriW(\\jt%U4I~%R>`YG5/ca@E№s+6I=Y3ItnL=y", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0295.543] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MW\"X#eriW(\\jt%U4I~%R>`YG5/ca@E№s+6I=Y3ItnL=y", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0295.543] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="MW\"X#eriW(\\jt%U4I~%R>`YG5/ca@E№s+6I=Y3ItnL=y", cchWideChar=44, lpMultiByteStr=0x2533798, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MW\"X#eriW(\\jt%U4I~%R>`YG5/ca@Eâ\x84\x96s+6I=Y3ItnL=y", lpUsedDefaultChar=0x0) returned 46 [0295.543] GetCurrentThreadId () returned 0x1130 [0295.543] GetCurrentThreadId () returned 0x1130 [0295.543] GetCurrentThreadId () returned 0x1130 [0295.543] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\pqzybeoh06_pjwfxkj.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.543] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.545] GetCurrentThreadId () returned 0x1130 [0295.545] GetCurrentThreadId () returned 0x1130 [0295.545] GetCurrentThreadId () returned 0x1130 [0295.545] GetCurrentThreadId () returned 0x1130 [0295.545] GetCurrentThreadId () returned 0x1130 [0295.545] GetCurrentThreadId () returned 0x1130 [0295.545] GetCurrentThreadId () returned 0x1130 [0295.545] GetCurrentThreadId () returned 0x1130 [0295.545] GetCurrentThreadId () returned 0x1130 [0295.546] GetCurrentThreadId () returned 0x1130 [0295.546] GetCurrentThreadId () returned 0x1130 [0295.546] GetCurrentThreadId () returned 0x1130 [0295.546] GetCurrentThreadId () returned 0x1130 [0295.546] malloc (_Size=0x64) returned 0x1d1338 [0295.546] GetCurrentThreadId () returned 0x1130 [0295.546] GetCurrentThreadId () returned 0x1130 [0295.546] GetCurrentThreadId () returned 0x1130 [0295.546] GetCurrentThreadId () returned 0x1130 [0295.546] GetCurrentThreadId () returned 0x1130 [0295.546] GetCurrentThreadId () returned 0x1130 [0295.546] free (_Block=0x1d1338) [0295.546] malloc (_Size=0x60) returned 0x1d1338 [0295.546] free (_Block=0x1d1338) [0295.546] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x4139 [0295.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x4139 [0295.547] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.547] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x4139, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x4139, lpOverlapped=0x0) returned 1 [0295.548] malloc (_Size=0x8c) returned 0x1d1338 [0295.548] malloc (_Size=0xfc) returned 0x31d77e0 [0295.548] malloc (_Size=0x40) returned 0x1d14e8 [0295.548] GetCurrentThreadId () returned 0x1130 [0295.548] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.549] malloc (_Size=0x40) returned 0x1d7470 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.549] GetCurrentThreadId () returned 0x1130 [0295.550] malloc (_Size=0xc) returned 0x31e1d18 [0295.550] malloc (_Size=0x720) returned 0x31d2860 [0295.550] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.550] free (_Block=0x31d2860) [0295.550] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.550] free (_Block=0x1d9aa8) [0295.551] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.551] free (_Block=0x1da8f0) [0295.551] malloc (_Size=0x3274) returned 0x3a60048 [0295.551] free (_Block=0x1dbea8) [0295.551] malloc (_Size=0x4820) returned 0x1d9aa8 [0295.551] free (_Block=0x3a60048) [0295.551] malloc (_Size=0x64e4) returned 0x3a60048 [0295.552] free (_Block=0x1d9aa8) [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.552] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] free (_Block=0x31e40b0) [0295.553] free (_Block=0x1d14e8) [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] GetCurrentThreadId () returned 0x1130 [0295.553] free (_Block=0x3a60048) [0295.554] free (_Block=0x31e1d18) [0295.554] free (_Block=0x1d7470) [0295.554] WriteFile (in: hFile=0x2b4, lpBuffer=0x39bec08*, nNumberOfBytesToWrite=0x5875, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39bec08*, lpNumberOfBytesWritten=0x19fbbc*=0x5875, lpOverlapped=0x0) returned 1 [0295.555] free (_Block=0x31d77e0) [0295.555] free (_Block=0x1d1338) [0295.555] CloseHandle (hObject=0x2b4) returned 1 [0295.555] CloseHandle (hObject=0x404) returned 1 [0295.555] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=8) returned 1 [0295.556] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=4) returned 1 [0295.556] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=8) returned 1 [0295.556] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=4) returned 1 [0295.556] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=8) returned 1 [0295.556] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=4) returned 1 [0295.556] SetLastError (dwErrCode=0x0) [0295.556] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", lpFilePart=0x19f9f8*="PQZyBeOH06_PjWFxKj.flv") returned 0x36 [0295.556] GetLastError () returned 0x0 [0295.556] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=8) returned 1 [0295.556] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=4) returned 1 [0295.556] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=8) returned 1 [0295.556] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=4) returned 1 [0295.556] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.556] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\pqzybeoh06_pjwfxkj.flv")) returned 1 [0295.562] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x212)) [0295.562] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.562] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.562] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.562] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.562] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.562] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.563] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.563] CloseHandle (hObject=0x404) returned 1 [0295.563] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[PQZyBeOH06_PjWFxKj.flv]omgp:[MW\"X#eriW(\\jt%U4I~%R>`YG5/ca@E№s+6I=Y3ItnL=y]", cchWideChar=80, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 80 [0295.563] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[PQZyBeOH06_PjWFxKj.flv]omgp:[MW\"X#eriW(\\jt%U4I~%R>`YG5/ca@E№s+6I=Y3ItnL=y]", cchWideChar=80, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 80 [0295.563] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[PQZyBeOH06_PjWFxKj.flv]omgp:[MW\"X#eriW(\\jt%U4I~%R>`YG5/ca@E№s+6I=Y3ItnL=y]", cchWideChar=80, lpMultiByteStr=0x251e0e8, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[PQZyBeOH06_PjWFxKj.flv]omgp:[MW\"X#eriW(\\jt%U4I~%R>`YG5/ca@E?s+6I=Y3ItnL=y]", lpUsedDefaultChar=0x0) returned 80 [0295.571] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.571] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho=") returned 172 [0295.571] GetCurrentThreadId () returned 0x1130 [0295.571] GetCurrentThreadId () returned 0x1130 [0295.571] GetCurrentThreadId () returned 0x1130 [0295.571] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.571] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.575] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.576] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.577] SetLastError (dwErrCode=0x0) [0295.577] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320") returned 0x6c [0295.577] GetLastError () returned 0x0 [0295.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.577] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.577] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.577] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].wannacash ncov v310320")) returned 0x20 [0295.577] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1223].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.577] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.578] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.578] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x5875 [0295.578] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.578] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.578] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.578] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.578] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.578] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.578] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3") returned 197 [0295.578] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.578] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3") returned 197 [0295.578] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x5875 [0295.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:2vRdhi+Dn8Yx8/EKanqTlCglEEQz9HZhOgGaK8toz9z2PFdAmtH4VWRXGOrqTWwJktBwu7tq57oiS6+afAxNcmvFVaxLm+5iZvNwB/6XXLB33DjpITTv00cp7Xm/TgKA22PMRALg4FmcIdWmGlikW3EfBci9DMNoTGdBkhLLYho= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.578] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.579] CloseHandle (hObject=0x404) returned 1 [0295.579] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=8) returned 1 [0295.579] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=4) returned 1 [0295.579] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=8) returned 1 [0295.579] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=4) returned 1 [0295.579] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=8) returned 1 [0295.579] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=4) returned 1 [0295.579] SetLastError (dwErrCode=0x0) [0295.579] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", lpFilePart=0x19fa34*="PQZyBeOH06_PjWFxKj.flv") returned 0x36 [0295.579] GetLastError () returned 0x0 [0295.579] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=8) returned 1 [0295.579] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=4) returned 1 [0295.579] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=8) returned 1 [0295.579] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv", cchCount2=4) returned 1 [0295.579] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.579] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\pqzybeoh06_pjwfxkj.flv")) returned 0 [0295.580] GetLastError () returned 0x2 [0295.580] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\PQZyBeOH06_PjWFxKj.flv" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\pqzybeoh06_pjwfxkj.flv")) returned 0xffffffff [0295.580] SetLastError (dwErrCode=0x2) [0295.580] GetLastError () returned 0x2 [0295.580] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.580] LocalFree (hMem=0x92fe20) returned 0x0 [0295.580] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.580] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.580] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\qf5v9_y6a7mcs83dow m.rtf")) returned 0x20 [0295.580] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39048664941) returned 1 [0295.581] GetCurrentThreadId () returned 0x1130 [0295.581] GetCurrentThreadId () returned 0x1130 [0295.581] GetCurrentThreadId () returned 0x1130 [0295.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".8_3.|%hYB{~J=p*i~qB3W\\}h", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0295.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".8_3.|%hYB{~J=p*i~qB3W\\}h", cchWideChar=25, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0295.581] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".8_3.|%hYB{~J=p*i~qB3W\\}h", cchWideChar=25, lpMultiByteStr=0x2508ee8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".8_3.|%hYB{~J=p*i~qB3W\\}h", lpUsedDefaultChar=0x0) returned 25 [0295.581] GetCurrentThreadId () returned 0x1130 [0295.581] GetCurrentThreadId () returned 0x1130 [0295.581] GetCurrentThreadId () returned 0x1130 [0295.581] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\qf5v9_y6a7mcs83dow m.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.581] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.586] GetCurrentThreadId () returned 0x1130 [0295.586] GetCurrentThreadId () returned 0x1130 [0295.586] GetCurrentThreadId () returned 0x1130 [0295.586] GetCurrentThreadId () returned 0x1130 [0295.586] GetCurrentThreadId () returned 0x1130 [0295.586] GetCurrentThreadId () returned 0x1130 [0295.586] GetCurrentThreadId () returned 0x1130 [0295.586] GetCurrentThreadId () returned 0x1130 [0295.586] GetCurrentThreadId () returned 0x1130 [0295.586] GetCurrentThreadId () returned 0x1130 [0295.587] GetCurrentThreadId () returned 0x1130 [0295.587] GetCurrentThreadId () returned 0x1130 [0295.587] GetCurrentThreadId () returned 0x1130 [0295.587] malloc (_Size=0x64) returned 0x1d1338 [0295.587] GetCurrentThreadId () returned 0x1130 [0295.587] GetCurrentThreadId () returned 0x1130 [0295.587] GetCurrentThreadId () returned 0x1130 [0295.587] GetCurrentThreadId () returned 0x1130 [0295.587] GetCurrentThreadId () returned 0x1130 [0295.587] GetCurrentThreadId () returned 0x1130 [0295.587] free (_Block=0x1d1338) [0295.587] malloc (_Size=0x60) returned 0x1d1338 [0295.587] free (_Block=0x1d1338) [0295.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1254d [0295.588] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.588] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.588] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x1254d [0295.588] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.588] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x1254d, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x1254d, lpOverlapped=0x0) returned 1 [0295.589] malloc (_Size=0x8c) returned 0x1d1338 [0295.589] malloc (_Size=0xfc) returned 0x31d71b0 [0295.590] malloc (_Size=0x40) returned 0x1d14e8 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.590] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.590] malloc (_Size=0x40) returned 0x1d7470 [0295.590] GetCurrentThreadId () returned 0x1130 [0295.591] GetCurrentThreadId () returned 0x1130 [0295.591] GetCurrentThreadId () returned 0x1130 [0295.592] GetCurrentThreadId () returned 0x1130 [0295.592] GetCurrentThreadId () returned 0x1130 [0295.592] GetCurrentThreadId () returned 0x1130 [0295.592] GetCurrentThreadId () returned 0x1130 [0295.592] GetCurrentThreadId () returned 0x1130 [0295.592] GetCurrentThreadId () returned 0x1130 [0295.592] GetCurrentThreadId () returned 0x1130 [0295.592] GetCurrentThreadId () returned 0x1130 [0295.592] GetCurrentThreadId () returned 0x1130 [0295.592] malloc (_Size=0xc) returned 0x31e1df0 [0295.592] malloc (_Size=0x720) returned 0x31d2860 [0295.592] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.593] free (_Block=0x31d2860) [0295.593] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.593] free (_Block=0x1d9aa8) [0295.593] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.594] free (_Block=0x1da8f0) [0295.594] malloc (_Size=0x3274) returned 0x3a60048 [0295.594] free (_Block=0x1dbea8) [0295.594] malloc (_Size=0x4820) returned 0x1d9aa8 [0295.594] free (_Block=0x3a60048) [0295.594] malloc (_Size=0x64e4) returned 0x3a60048 [0295.595] free (_Block=0x1d9aa8) [0295.595] malloc (_Size=0x8920) returned 0x3a66538 [0295.595] free (_Block=0x3a60048) [0295.595] malloc (_Size=0xbb90) returned 0x3a6ee60 [0295.596] free (_Block=0x3a66538) [0295.596] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0295.597] free (_Block=0x3a6ee60) [0295.597] malloc (_Size=0x1533c) returned 0x3a60048 [0295.597] free (_Block=0x3a7a9f8) [0295.597] malloc (_Size=0x1c704) returned 0x3a75390 [0295.597] free (_Block=0x3a60048) [0295.597] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] free (_Block=0x31e40b0) [0295.598] free (_Block=0x1d14e8) [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.598] GetCurrentThreadId () returned 0x1130 [0295.599] GetCurrentThreadId () returned 0x1130 [0295.599] GetCurrentThreadId () returned 0x1130 [0295.599] GetCurrentThreadId () returned 0x1130 [0295.599] GetCurrentThreadId () returned 0x1130 [0295.599] GetCurrentThreadId () returned 0x1130 [0295.599] GetCurrentThreadId () returned 0x1130 [0295.599] GetCurrentThreadId () returned 0x1130 [0295.599] GetCurrentThreadId () returned 0x1130 [0295.599] GetCurrentThreadId () returned 0x1130 [0295.599] free (_Block=0x3a75390) [0295.599] free (_Block=0x31e1df0) [0295.599] free (_Block=0x1d7470) [0295.599] WriteFile (in: hFile=0x2b4, lpBuffer=0x39db408*, nNumberOfBytesToWrite=0x18d49, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39db408*, lpNumberOfBytesWritten=0x19fbbc*=0x18d49, lpOverlapped=0x0) returned 1 [0295.602] free (_Block=0x31d71b0) [0295.602] free (_Block=0x1d1338) [0295.602] CloseHandle (hObject=0x2b4) returned 1 [0295.602] CloseHandle (hObject=0x404) returned 1 [0295.602] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=8) returned 1 [0295.602] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=4) returned 1 [0295.602] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=8) returned 1 [0295.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=4) returned 1 [0295.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=8) returned 1 [0295.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=4) returned 1 [0295.603] SetLastError (dwErrCode=0x0) [0295.603] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", lpFilePart=0x19f9f8*="qf5v9_y6a7mcS83DOw M.rtf") returned 0x38 [0295.603] GetLastError () returned 0x0 [0295.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=8) returned 1 [0295.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=4) returned 1 [0295.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=8) returned 1 [0295.603] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=4) returned 1 [0295.603] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.603] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\qf5v9_y6a7mcs83dow m.rtf")) returned 1 [0295.611] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x240)) [0295.611] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.611] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.612] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.612] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.612] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.612] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.612] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.612] CloseHandle (hObject=0x404) returned 1 [0295.612] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[qf5v9_y6a7mcS83DOw M.rtf]omgp:[.8_3.|%hYB{~J=p*i~qB3W\\}h]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0295.612] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[qf5v9_y6a7mcS83DOw M.rtf]omgp:[.8_3.|%hYB{~J=p*i~qB3W\\}h]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0295.612] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[qf5v9_y6a7mcS83DOw M.rtf]omgp:[.8_3.|%hYB{~J=p*i~qB3W\\}h]", cchWideChar=63, lpMultiByteStr=0x2541d28, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[qf5v9_y6a7mcS83DOw M.rtf]omgp:[.8_3.|%hYB{~J=p*i~qB3W\\}h]", lpUsedDefaultChar=0x0) returned 63 [0295.620] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.620] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE=") returned 172 [0295.620] GetCurrentThreadId () returned 0x1130 [0295.620] GetCurrentThreadId () returned 0x1130 [0295.620] GetCurrentThreadId () returned 0x1130 [0295.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.621] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.621] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.621] SetLastError (dwErrCode=0x0) [0295.621] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320") returned 0x6c [0295.621] GetLastError () returned 0x0 [0295.621] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.621] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.621] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.621] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.621] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.621] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].wannacash ncov v310320")) returned 0x20 [0295.621] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1224].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x18d49 [0295.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.623] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.623] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.623] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.623] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.623] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.623] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.623] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.623] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.623] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3") returned 197 [0295.623] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.623] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3") returned 197 [0295.623] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x18d49 [0295.624] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.624] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.624] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:W4vmkfQoHE1kId2tP8JBNn7m+DcMGPaOas7HdCyurGd1XEucvJP0FlCinloIy0tei4uiMt8PUs3mt2s+xBLY20JDKu72pnKZ8F5awsnxUAMTywmMKm37AJlsVDIQ/GnERdpA5FV7fC8ZJp7WEf5D07GgTaP4UaIqiF0iCaHIQgE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.624] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.624] CloseHandle (hObject=0x404) returned 1 [0295.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=8) returned 1 [0295.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=4) returned 1 [0295.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=8) returned 1 [0295.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=4) returned 1 [0295.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=8) returned 1 [0295.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=4) returned 1 [0295.624] SetLastError (dwErrCode=0x0) [0295.624] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", lpFilePart=0x19fa34*="qf5v9_y6a7mcS83DOw M.rtf") returned 0x38 [0295.624] GetLastError () returned 0x0 [0295.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=8) returned 1 [0295.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=4) returned 1 [0295.624] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=8) returned 1 [0295.625] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf", cchCount2=4) returned 1 [0295.625] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.625] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\qf5v9_y6a7mcs83dow m.rtf")) returned 0 [0295.625] GetLastError () returned 0x2 [0295.625] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\qf5v9_y6a7mcS83DOw M.rtf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\qf5v9_y6a7mcs83dow m.rtf")) returned 0xffffffff [0295.625] SetLastError (dwErrCode=0x2) [0295.625] GetLastError () returned 0x2 [0295.625] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.625] LocalFree (hMem=0x92fe20) returned 0x0 [0295.625] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.625] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.626] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\raj dy.swf")) returned 0x20 [0295.626] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39053182122) returned 1 [0295.626] GetCurrentThreadId () returned 0x1130 [0295.626] GetCurrentThreadId () returned 0x1130 [0295.626] GetCurrentThreadId () returned 0x1130 [0295.626] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"`H-6rl#8n\"6c9;t\"nB:oIR`IN767j3", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0295.626] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"`H-6rl#8n\"6c9;t\"nB:oIR`IN767j3", cchWideChar=31, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0295.626] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="\"`H-6rl#8n\"6c9;t\"nB:oIR`IN767j3", cchWideChar=31, lpMultiByteStr=0x250f7b8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"`H-6rl#8n\"6c9;t\"nB:oIR`IN767j3", lpUsedDefaultChar=0x0) returned 31 [0295.626] GetCurrentThreadId () returned 0x1130 [0295.626] GetCurrentThreadId () returned 0x1130 [0295.626] GetCurrentThreadId () returned 0x1130 [0295.626] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\raj dy.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.626] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.627] GetCurrentThreadId () returned 0x1130 [0295.628] malloc (_Size=0x64) returned 0x1d1338 [0295.628] GetCurrentThreadId () returned 0x1130 [0295.628] GetCurrentThreadId () returned 0x1130 [0295.628] GetCurrentThreadId () returned 0x1130 [0295.628] GetCurrentThreadId () returned 0x1130 [0295.628] GetCurrentThreadId () returned 0x1130 [0295.628] GetCurrentThreadId () returned 0x1130 [0295.628] free (_Block=0x1d1338) [0295.628] malloc (_Size=0x60) returned 0x1d1338 [0295.628] free (_Block=0x1d1338) [0295.628] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.628] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x86e8 [0295.628] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.628] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.628] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x86e8 [0295.629] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.629] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x86e8, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x86e8, lpOverlapped=0x0) returned 1 [0295.630] malloc (_Size=0x8c) returned 0x1d1338 [0295.630] malloc (_Size=0xfc) returned 0x31d71b0 [0295.630] malloc (_Size=0x40) returned 0x1d14e8 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.630] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.630] malloc (_Size=0x40) returned 0x1d7470 [0295.630] GetCurrentThreadId () returned 0x1130 [0295.631] GetCurrentThreadId () returned 0x1130 [0295.631] GetCurrentThreadId () returned 0x1130 [0295.631] GetCurrentThreadId () returned 0x1130 [0295.631] GetCurrentThreadId () returned 0x1130 [0295.631] GetCurrentThreadId () returned 0x1130 [0295.631] GetCurrentThreadId () returned 0x1130 [0295.631] GetCurrentThreadId () returned 0x1130 [0295.631] GetCurrentThreadId () returned 0x1130 [0295.631] GetCurrentThreadId () returned 0x1130 [0295.631] GetCurrentThreadId () returned 0x1130 [0295.631] GetCurrentThreadId () returned 0x1130 [0295.631] malloc (_Size=0xc) returned 0x31e1ca0 [0295.631] malloc (_Size=0x720) returned 0x31d2860 [0295.631] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.631] free (_Block=0x31d2860) [0295.631] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.631] free (_Block=0x1d9aa8) [0295.631] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.631] free (_Block=0x1da8f0) [0295.631] malloc (_Size=0x3274) returned 0x3a60048 [0295.632] free (_Block=0x1dbea8) [0295.632] malloc (_Size=0x4820) returned 0x1d9aa8 [0295.632] free (_Block=0x3a60048) [0295.632] malloc (_Size=0x64e4) returned 0x3a60048 [0295.632] free (_Block=0x1d9aa8) [0295.632] malloc (_Size=0x8920) returned 0x3a66538 [0295.632] free (_Block=0x3a60048) [0295.632] malloc (_Size=0xbb90) returned 0x3a6ee60 [0295.632] free (_Block=0x3a66538) [0295.632] GetCurrentThreadId () returned 0x1130 [0295.632] GetCurrentThreadId () returned 0x1130 [0295.632] GetCurrentThreadId () returned 0x1130 [0295.632] GetCurrentThreadId () returned 0x1130 [0295.632] GetCurrentThreadId () returned 0x1130 [0295.632] GetCurrentThreadId () returned 0x1130 [0295.632] GetCurrentThreadId () returned 0x1130 [0295.632] GetCurrentThreadId () returned 0x1130 [0295.632] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] free (_Block=0x31e40b0) [0295.633] free (_Block=0x1d14e8) [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.633] GetCurrentThreadId () returned 0x1130 [0295.634] GetCurrentThreadId () returned 0x1130 [0295.634] free (_Block=0x3a6ee60) [0295.634] free (_Block=0x31e1ca0) [0295.634] free (_Block=0x1d7470) [0295.634] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c7608*, nNumberOfBytesToWrite=0xb6d0, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c7608*, lpNumberOfBytesWritten=0x19fbbc*=0xb6d0, lpOverlapped=0x0) returned 1 [0295.636] free (_Block=0x31d71b0) [0295.636] free (_Block=0x1d1338) [0295.636] CloseHandle (hObject=0x2b4) returned 1 [0295.636] CloseHandle (hObject=0x404) returned 1 [0295.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=8) returned 1 [0295.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=4) returned 1 [0295.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=8) returned 1 [0295.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=4) returned 1 [0295.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=8) returned 1 [0295.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=4) returned 1 [0295.636] SetLastError (dwErrCode=0x0) [0295.637] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", lpFilePart=0x19f9f8*="RAJ DY.swf") returned 0x2a [0295.637] GetLastError () returned 0x0 [0295.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=8) returned 1 [0295.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=4) returned 1 [0295.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=8) returned 1 [0295.637] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=4) returned 1 [0295.637] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.637] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\raj dy.swf")) returned 1 [0295.640] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x260)) [0295.640] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.640] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.640] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.641] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.641] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.641] CloseHandle (hObject=0x404) returned 1 [0295.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RAJ DY.swf]omgp:[\"`H-6rl#8n\"6c9;t\"nB:oIR`IN767j3]", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0295.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RAJ DY.swf]omgp:[\"`H-6rl#8n\"6c9;t\"nB:oIR`IN767j3]", cchWideChar=55, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0295.641] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RAJ DY.swf]omgp:[\"`H-6rl#8n\"6c9;t\"nB:oIR`IN767j3]", cchWideChar=55, lpMultiByteStr=0x2516ad0, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[RAJ DY.swf]omgp:[\"`H-6rl#8n\"6c9;t\"nB:oIR`IN767j3]", lpUsedDefaultChar=0x0) returned 55 [0295.649] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.649] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA=") returned 172 [0295.649] GetCurrentThreadId () returned 0x1130 [0295.649] GetCurrentThreadId () returned 0x1130 [0295.650] GetCurrentThreadId () returned 0x1130 [0295.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.650] SetLastError (dwErrCode=0x0) [0295.650] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320") returned 0x6c [0295.650] GetLastError () returned 0x0 [0295.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.650] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.650] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.650] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].wannacash ncov v310320")) returned 0x20 [0295.650] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1225].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.651] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.651] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.651] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xb6d0 [0295.651] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.651] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.651] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.651] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.651] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.651] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.651] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.651] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3") returned 197 [0295.651] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.651] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3") returned 197 [0295.651] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xb6d0 [0295.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.652] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:5MYMN9rkDscuic7BwAxjANsZYdMiEQZGXoTFzWQPmtpg2qFDQIedeaU4kBG4oJMeBOHqpOUvwWFyiKK/UIn87nji2xraLyyoY2jwB7upvJNx8fKs98sh8AhWy59ALtoTcmedbd8mkt9jwTtyH6ts2Jg8sIcLmSnQqgDtQkrfwBA= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.652] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.652] CloseHandle (hObject=0x404) returned 1 [0295.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=8) returned 1 [0295.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=4) returned 1 [0295.652] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=8) returned 1 [0295.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=4) returned 1 [0295.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=8) returned 1 [0295.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=4) returned 1 [0295.653] SetLastError (dwErrCode=0x0) [0295.653] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", lpFilePart=0x19fa34*="RAJ DY.swf") returned 0x2a [0295.653] GetLastError () returned 0x0 [0295.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=8) returned 1 [0295.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=4) returned 1 [0295.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=8) returned 1 [0295.653] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf", cchCount2=4) returned 1 [0295.653] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.653] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\raj dy.swf")) returned 0 [0295.653] GetLastError () returned 0x2 [0295.653] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RAJ DY.swf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\raj dy.swf")) returned 0xffffffff [0295.653] SetLastError (dwErrCode=0x2) [0295.653] GetLastError () returned 0x2 [0295.653] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.654] LocalFree (hMem=0x92fe20) returned 0x0 [0295.654] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.654] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.654] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\ro93s.png")) returned 0x20 [0295.654] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39056037478) returned 1 [0295.654] GetCurrentThreadId () returned 0x1130 [0295.654] GetCurrentThreadId () returned 0x1130 [0295.654] GetCurrentThreadId () returned 0x1130 [0295.654] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pKihzGHF3^sjd??bK|^m^dx-<)bYLkH_(sP8Jy4(>", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0295.654] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pKihzGHF3^sjd??bK|^m^dx-<)bYLkH_(sP8Jy4(>", cchWideChar=41, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0295.654] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="pKihzGHF3^sjd??bK|^m^dx-<)bYLkH_(sP8Jy4(>", cchWideChar=41, lpMultiByteStr=0x2524fd0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pKihzGHF3^sjd??bK|^m^dx-<)bYLkH_(sP8Jy4(>", lpUsedDefaultChar=0x0) returned 41 [0295.655] GetCurrentThreadId () returned 0x1130 [0295.655] GetCurrentThreadId () returned 0x1130 [0295.655] GetCurrentThreadId () returned 0x1130 [0295.655] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\ro93s.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.655] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] malloc (_Size=0x64) returned 0x1d1338 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.656] GetCurrentThreadId () returned 0x1130 [0295.657] GetCurrentThreadId () returned 0x1130 [0295.657] GetCurrentThreadId () returned 0x1130 [0295.657] free (_Block=0x1d1338) [0295.657] malloc (_Size=0x60) returned 0x1d1338 [0295.657] free (_Block=0x1d1338) [0295.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x18c2c [0295.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x18c2c [0295.657] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.657] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x18c2c, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x18c2c, lpOverlapped=0x0) returned 1 [0295.659] malloc (_Size=0x8c) returned 0x1d1338 [0295.659] malloc (_Size=0xfc) returned 0x31d73c0 [0295.659] malloc (_Size=0x40) returned 0x1d14e8 [0295.659] GetCurrentThreadId () returned 0x1130 [0295.659] GetCurrentThreadId () returned 0x1130 [0295.659] GetCurrentThreadId () returned 0x1130 [0295.659] GetCurrentThreadId () returned 0x1130 [0295.659] GetCurrentThreadId () returned 0x1130 [0295.659] GetCurrentThreadId () returned 0x1130 [0295.659] GetCurrentThreadId () returned 0x1130 [0295.659] GetCurrentThreadId () returned 0x1130 [0295.659] GetCurrentThreadId () returned 0x1130 [0295.659] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.660] malloc (_Size=0x40) returned 0x1d7470 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] GetCurrentThreadId () returned 0x1130 [0295.660] malloc (_Size=0xc) returned 0x31e1eb0 [0295.660] malloc (_Size=0x720) returned 0x31d2860 [0295.660] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.660] free (_Block=0x31d2860) [0295.660] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.660] free (_Block=0x1d9aa8) [0295.661] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.661] free (_Block=0x1da8f0) [0295.661] malloc (_Size=0x3274) returned 0x3a60048 [0295.661] free (_Block=0x1dbea8) [0295.661] malloc (_Size=0x4820) returned 0x1d9aa8 [0295.662] free (_Block=0x3a60048) [0295.662] malloc (_Size=0x64e4) returned 0x3a60048 [0295.662] free (_Block=0x1d9aa8) [0295.662] malloc (_Size=0x8920) returned 0x3a66538 [0295.663] free (_Block=0x3a60048) [0295.663] malloc (_Size=0xbb90) returned 0x3a6ee60 [0295.663] free (_Block=0x3a66538) [0295.663] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0295.664] free (_Block=0x3a6ee60) [0295.664] malloc (_Size=0x1533c) returned 0x3a60048 [0295.664] free (_Block=0x3a7a9f8) [0295.664] malloc (_Size=0x1c704) returned 0x3a75390 [0295.664] free (_Block=0x3a60048) [0295.665] malloc (_Size=0x265c8) returned 0x3a91aa0 [0295.666] free (_Block=0x3a75390) [0295.666] GetCurrentThreadId () returned 0x1130 [0295.666] GetCurrentThreadId () returned 0x1130 [0295.666] GetCurrentThreadId () returned 0x1130 [0295.666] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] free (_Block=0x31e40b0) [0295.667] free (_Block=0x1d14e8) [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.667] GetCurrentThreadId () returned 0x1130 [0295.668] GetCurrentThreadId () returned 0x1130 [0295.668] GetCurrentThreadId () returned 0x1130 [0295.668] GetCurrentThreadId () returned 0x1130 [0295.668] GetCurrentThreadId () returned 0x1130 [0295.668] GetCurrentThreadId () returned 0x1130 [0295.668] GetCurrentThreadId () returned 0x1130 [0295.668] free (_Block=0x3a91aa0) [0295.668] free (_Block=0x31e1eb0) [0295.668] free (_Block=0x1d7470) [0295.668] WriteFile (in: hFile=0x2b4, lpBuffer=0x39e8208*, nNumberOfBytesToWrite=0x2189a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39e8208*, lpNumberOfBytesWritten=0x19fbbc*=0x2189a, lpOverlapped=0x0) returned 1 [0295.672] free (_Block=0x31d73c0) [0295.672] free (_Block=0x1d1338) [0295.672] CloseHandle (hObject=0x2b4) returned 1 [0295.672] CloseHandle (hObject=0x404) returned 1 [0295.672] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=8) returned 1 [0295.672] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=4) returned 1 [0295.672] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=8) returned 1 [0295.672] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=4) returned 1 [0295.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=8) returned 1 [0295.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=4) returned 1 [0295.673] SetLastError (dwErrCode=0x0) [0295.673] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", lpFilePart=0x19f9f8*="ro93S.png") returned 0x29 [0295.673] GetLastError () returned 0x0 [0295.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=8) returned 1 [0295.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=4) returned 1 [0295.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=8) returned 1 [0295.673] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=4) returned 1 [0295.673] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.673] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\ro93s.png")) returned 1 [0295.679] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x27f)) [0295.679] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.679] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.680] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.680] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.680] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.680] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.680] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.680] CloseHandle (hObject=0x404) returned 1 [0295.680] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ro93S.png]omgp:[pKihzGHF3^sjd??bK|^m^dx-<)bYLkH_(sP8Jy4(>]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0295.680] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ro93S.png]omgp:[pKihzGHF3^sjd??bK|^m^dx-<)bYLkH_(sP8Jy4(>]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0295.680] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ro93S.png]omgp:[pKihzGHF3^sjd??bK|^m^dx-<)bYLkH_(sP8Jy4(>]", cchWideChar=64, lpMultiByteStr=0x2541d28, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[ro93S.png]omgp:[pKihzGHF3^sjd??bK|^m^dx-<)bYLkH_(sP8Jy4(>]g", lpUsedDefaultChar=0x0) returned 64 [0295.689] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.689] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs=") returned 172 [0295.689] GetCurrentThreadId () returned 0x1130 [0295.689] GetCurrentThreadId () returned 0x1130 [0295.690] GetCurrentThreadId () returned 0x1130 [0295.690] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.690] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.690] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.690] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.690] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.690] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.690] SetLastError (dwErrCode=0x0) [0295.690] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320") returned 0x6c [0295.690] GetLastError () returned 0x0 [0295.690] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.690] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.690] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.690] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.690] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.690] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].wannacash ncov v310320")) returned 0x20 [0295.690] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1226].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.691] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.691] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.691] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x2189a [0295.691] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.691] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.691] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.691] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.691] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.691] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3") returned 197 [0295.691] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3") returned 197 [0295.692] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x2189a [0295.692] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.692] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.692] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:cEY+55/qCWbzBQoRCUgpgoa3qhwYPbwVDhxJcEKtKn2f+RO023z93bGKBteHGAc80dFU+Sd/TG04/nYk29RcGTUNJ+LAwaBeuaL19cdBP+Ff2b3ggF0zjEpkMlDkGsPO2oAC13ZzChsSyba3jMpeo0z/IJUQe8WIfuaSIvbtRBs= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.692] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.692] CloseHandle (hObject=0x404) returned 1 [0295.692] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=8) returned 1 [0295.692] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=4) returned 1 [0295.692] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=8) returned 1 [0295.692] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=4) returned 1 [0295.693] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=8) returned 1 [0295.693] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=4) returned 1 [0295.693] SetLastError (dwErrCode=0x0) [0295.693] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", lpFilePart=0x19fa34*="ro93S.png") returned 0x29 [0295.693] GetLastError () returned 0x0 [0295.693] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=8) returned 1 [0295.693] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=4) returned 1 [0295.693] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=8) returned 1 [0295.693] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png", cchCount2=4) returned 1 [0295.693] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.693] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\ro93s.png")) returned 0 [0295.693] GetLastError () returned 0x2 [0295.693] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ro93S.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\ro93s.png")) returned 0xffffffff [0295.693] SetLastError (dwErrCode=0x2) [0295.693] GetLastError () returned 0x2 [0295.693] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.693] LocalFree (hMem=0x92fe20) returned 0x0 [0295.693] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.694] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.694] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\rpu_zhno79dmogpf.swf")) returned 0x20 [0295.694] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39060029305) returned 1 [0295.694] GetCurrentThreadId () returned 0x1130 [0295.694] GetCurrentThreadId () returned 0x1130 [0295.694] GetCurrentThreadId () returned 0x1130 [0295.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="^№@|kL(`)#OwN5M}Y|S>?M39f_bSG1vU\\).J/jL:_KRoH", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0295.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="^№@|kL(`)#OwN5M}Y|S>?M39f_bSG1vU\\).J/jL:_KRoH", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0295.694] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="^№@|kL(`)#OwN5M}Y|S>?M39f_bSG1vU\\).J/jL:_KRoH", cchWideChar=45, lpMultiByteStr=0x2533798, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="^â\x84\x96@|kL(`)#OwN5M}Y|S>?M39f_bSG1vU\\).J/jL:_KRoH", lpUsedDefaultChar=0x0) returned 47 [0295.694] GetCurrentThreadId () returned 0x1130 [0295.694] GetCurrentThreadId () returned 0x1130 [0295.694] GetCurrentThreadId () returned 0x1130 [0295.695] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\rpu_zhno79dmogpf.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.695] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] malloc (_Size=0x64) returned 0x1d1338 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.696] GetCurrentThreadId () returned 0x1130 [0295.697] free (_Block=0x1d1338) [0295.697] malloc (_Size=0x60) returned 0x1d1338 [0295.697] free (_Block=0x1d1338) [0295.697] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.697] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xdec1 [0295.697] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.697] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.697] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xdec1 [0295.697] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.697] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0xdec1, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0xdec1, lpOverlapped=0x0) returned 1 [0295.698] malloc (_Size=0x8c) returned 0x1d1338 [0295.699] malloc (_Size=0xfc) returned 0x31d79f0 [0295.699] malloc (_Size=0x40) returned 0x1d14e8 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.699] malloc (_Size=0x40) returned 0x1d7470 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.699] GetCurrentThreadId () returned 0x1130 [0295.700] GetCurrentThreadId () returned 0x1130 [0295.700] GetCurrentThreadId () returned 0x1130 [0295.700] GetCurrentThreadId () returned 0x1130 [0295.700] GetCurrentThreadId () returned 0x1130 [0295.700] GetCurrentThreadId () returned 0x1130 [0295.700] GetCurrentThreadId () returned 0x1130 [0295.700] GetCurrentThreadId () returned 0x1130 [0295.700] GetCurrentThreadId () returned 0x1130 [0295.700] GetCurrentThreadId () returned 0x1130 [0295.700] malloc (_Size=0xc) returned 0x31e1dc0 [0295.700] malloc (_Size=0x720) returned 0x31d2860 [0295.700] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.701] free (_Block=0x31d2860) [0295.701] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.701] free (_Block=0x1d9aa8) [0295.701] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.701] free (_Block=0x1da8f0) [0295.701] malloc (_Size=0x3274) returned 0x3a60048 [0295.701] free (_Block=0x1dbea8) [0295.701] malloc (_Size=0x4820) returned 0x1d9aa8 [0295.701] free (_Block=0x3a60048) [0295.701] malloc (_Size=0x64e4) returned 0x3a60048 [0295.701] free (_Block=0x1d9aa8) [0295.701] malloc (_Size=0x8920) returned 0x3a66538 [0295.701] free (_Block=0x3a60048) [0295.701] malloc (_Size=0xbb90) returned 0x3a6ee60 [0295.702] free (_Block=0x3a66538) [0295.702] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0295.702] free (_Block=0x3a6ee60) [0295.703] malloc (_Size=0x1533c) returned 0x3a60048 [0295.704] free (_Block=0x3a7a9f8) [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.704] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] free (_Block=0x31e40b0) [0295.705] free (_Block=0x1d14e8) [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.705] GetCurrentThreadId () returned 0x1130 [0295.706] free (_Block=0x3a60048) [0295.706] free (_Block=0x31e1dc0) [0295.706] free (_Block=0x1d7470) [0295.706] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d2608*, nNumberOfBytesToWrite=0x12dd1, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d2608*, lpNumberOfBytesWritten=0x19fbbc*=0x12dd1, lpOverlapped=0x0) returned 1 [0295.708] free (_Block=0x31d79f0) [0295.708] free (_Block=0x1d1338) [0295.708] CloseHandle (hObject=0x2b4) returned 1 [0295.708] CloseHandle (hObject=0x404) returned 1 [0295.709] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=8) returned 1 [0295.709] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=4) returned 1 [0295.709] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=8) returned 1 [0295.709] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=4) returned 1 [0295.709] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=8) returned 1 [0295.709] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=4) returned 1 [0295.709] SetLastError (dwErrCode=0x0) [0295.709] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", lpFilePart=0x19f9f8*="RpU_zhnO79DmOGPf.swf") returned 0x34 [0295.709] GetLastError () returned 0x0 [0295.709] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=8) returned 1 [0295.709] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=4) returned 1 [0295.709] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=8) returned 1 [0295.709] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=4) returned 1 [0295.709] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.709] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\rpu_zhno79dmogpf.swf")) returned 1 [0295.711] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x29e)) [0295.711] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.711] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.712] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.712] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.712] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.712] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.712] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.712] CloseHandle (hObject=0x404) returned 1 [0295.712] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RpU_zhnO79DmOGPf.swf]omgp:[^№@|kL(`)#OwN5M}Y|S>?M39f_bSG1vU\\).J/jL:_KRoH]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0295.712] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RpU_zhnO79DmOGPf.swf]omgp:[^№@|kL(`)#OwN5M}Y|S>?M39f_bSG1vU\\).J/jL:_KRoH]", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0295.712] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[RpU_zhnO79DmOGPf.swf]omgp:[^№@|kL(`)#OwN5M}Y|S>?M39f_bSG1vU\\).J/jL:_KRoH]", cchWideChar=79, lpMultiByteStr=0x251e0e8, cbMultiByte=79, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[RpU_zhnO79DmOGPf.swf]omgp:[^?@|kL(`)#OwN5M}Y|S>?M39f_bSG1vU\\).J/jL:_KRoH]", lpUsedDefaultChar=0x0) returned 79 [0295.722] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.722] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo=") returned 172 [0295.722] GetCurrentThreadId () returned 0x1130 [0295.722] GetCurrentThreadId () returned 0x1130 [0295.722] GetCurrentThreadId () returned 0x1130 [0295.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.722] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.723] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.723] SetLastError (dwErrCode=0x0) [0295.723] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320") returned 0x6c [0295.723] GetLastError () returned 0x0 [0295.723] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.723] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.723] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.723] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.723] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.723] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].wannacash ncov v310320")) returned 0x20 [0295.723] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1227].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.723] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.723] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.724] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x12dd1 [0295.724] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.724] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.724] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.724] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.724] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3") returned 197 [0295.724] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.724] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3") returned 197 [0295.724] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x12dd1 [0295.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.724] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:+y6PN7SBw41qT9e0Kek24zaGv5OkeyX2/50QEs9xFtkjF1IN+KKKWkLp9J1SOysEgWCu4922i8HyW/EHLZhOLNmviMfuDbsICcGyvUB1mqvULQe8d5ewd9Je2oEcWBJRTcmJSrhb7cxj2WJeVGcboZu4dT2bjP1aziyT7OSQSzo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.724] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.725] CloseHandle (hObject=0x404) returned 1 [0295.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=8) returned 1 [0295.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=4) returned 1 [0295.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=8) returned 1 [0295.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=4) returned 1 [0295.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=8) returned 1 [0295.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=4) returned 1 [0295.725] SetLastError (dwErrCode=0x0) [0295.725] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", lpFilePart=0x19fa34*="RpU_zhnO79DmOGPf.swf") returned 0x34 [0295.725] GetLastError () returned 0x0 [0295.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=8) returned 1 [0295.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=4) returned 1 [0295.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=8) returned 1 [0295.725] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf", cchCount2=4) returned 1 [0295.725] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.726] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\rpu_zhno79dmogpf.swf")) returned 0 [0295.726] GetLastError () returned 0x2 [0295.726] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\RpU_zhnO79DmOGPf.swf" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\rpu_zhno79dmogpf.swf")) returned 0xffffffff [0295.726] SetLastError (dwErrCode=0x2) [0295.726] GetLastError () returned 0x2 [0295.726] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.726] LocalFree (hMem=0x92fe20) returned 0x0 [0295.726] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.726] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.726] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\tewhsfcdlyqeiu_.jpg")) returned 0x20 [0295.727] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39063268738) returned 1 [0295.727] GetCurrentThreadId () returned 0x1130 [0295.727] GetCurrentThreadId () returned 0x1130 [0295.727] GetCurrentThreadId () returned 0x1130 [0295.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="87(~v7{LER;85gdB&p\"o{d!W=<*JTE`e", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0295.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="87(~v7{LER;85gdB&p\"o{d!W=<*JTE`e", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0295.727] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="87(~v7{LER;85gdB&p\"o{d!W=<*JTE`e", cchWideChar=32, lpMultiByteStr=0x250f7b8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="87(~v7{LER;85gdB&p\"o{d!W=<*JTE`e", lpUsedDefaultChar=0x0) returned 32 [0295.727] GetCurrentThreadId () returned 0x1130 [0295.727] GetCurrentThreadId () returned 0x1130 [0295.727] GetCurrentThreadId () returned 0x1130 [0295.727] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\tewhsfcdlyqeiu_.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.727] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] GetCurrentThreadId () returned 0x1130 [0295.728] malloc (_Size=0x64) returned 0x1d1338 [0295.729] GetCurrentThreadId () returned 0x1130 [0295.729] GetCurrentThreadId () returned 0x1130 [0295.729] GetCurrentThreadId () returned 0x1130 [0295.729] GetCurrentThreadId () returned 0x1130 [0295.729] GetCurrentThreadId () returned 0x1130 [0295.729] GetCurrentThreadId () returned 0x1130 [0295.729] free (_Block=0x1d1338) [0295.729] malloc (_Size=0x60) returned 0x1d1338 [0295.729] free (_Block=0x1d1338) [0295.729] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.729] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xf846 [0295.729] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.729] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.729] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xf846 [0295.729] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.729] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0xf846, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0xf846, lpOverlapped=0x0) returned 1 [0295.732] malloc (_Size=0x8c) returned 0x1d1338 [0295.732] malloc (_Size=0xfc) returned 0x31d75d0 [0295.732] malloc (_Size=0x40) returned 0x1d14e8 [0295.732] GetCurrentThreadId () returned 0x1130 [0295.732] GetCurrentThreadId () returned 0x1130 [0295.732] GetCurrentThreadId () returned 0x1130 [0295.732] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.733] malloc (_Size=0x40) returned 0x1d7470 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] GetCurrentThreadId () returned 0x1130 [0295.733] malloc (_Size=0xc) returned 0x31e1ee0 [0295.733] malloc (_Size=0x720) returned 0x31d2860 [0295.734] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.734] free (_Block=0x31d2860) [0295.734] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.734] free (_Block=0x1d9aa8) [0295.734] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.734] free (_Block=0x1da8f0) [0295.734] malloc (_Size=0x3274) returned 0x3a60048 [0295.734] free (_Block=0x1dbea8) [0295.735] malloc (_Size=0x4820) returned 0x1d9aa8 [0295.735] free (_Block=0x3a60048) [0295.735] malloc (_Size=0x64e4) returned 0x3a60048 [0295.735] free (_Block=0x1d9aa8) [0295.735] malloc (_Size=0x8920) returned 0x3a66538 [0295.736] free (_Block=0x3a60048) [0295.736] malloc (_Size=0xbb90) returned 0x3a6ee60 [0295.736] free (_Block=0x3a66538) [0295.737] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0295.737] free (_Block=0x3a6ee60) [0295.737] malloc (_Size=0x1533c) returned 0x3a60048 [0295.737] free (_Block=0x3a7a9f8) [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] free (_Block=0x31e40b0) [0295.738] free (_Block=0x1d14e8) [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.738] GetCurrentThreadId () returned 0x1130 [0295.739] GetCurrentThreadId () returned 0x1130 [0295.739] GetCurrentThreadId () returned 0x1130 [0295.739] GetCurrentThreadId () returned 0x1130 [0295.739] GetCurrentThreadId () returned 0x1130 [0295.739] GetCurrentThreadId () returned 0x1130 [0295.739] GetCurrentThreadId () returned 0x1130 [0295.739] GetCurrentThreadId () returned 0x1130 [0295.739] GetCurrentThreadId () returned 0x1130 [0295.739] GetCurrentThreadId () returned 0x1130 [0295.739] GetCurrentThreadId () returned 0x1130 [0295.739] free (_Block=0x3a60048) [0295.739] free (_Block=0x31e1ee0) [0295.739] free (_Block=0x1d7470) [0295.739] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d5a08*, nNumberOfBytesToWrite=0x15059, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d5a08*, lpNumberOfBytesWritten=0x19fbbc*=0x15059, lpOverlapped=0x0) returned 1 [0295.742] free (_Block=0x31d75d0) [0295.742] free (_Block=0x1d1338) [0295.742] CloseHandle (hObject=0x2b4) returned 1 [0295.742] CloseHandle (hObject=0x404) returned 1 [0295.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=8) returned 1 [0295.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=4) returned 1 [0295.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=8) returned 1 [0295.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=4) returned 1 [0295.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=8) returned 1 [0295.742] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=4) returned 1 [0295.742] SetLastError (dwErrCode=0x0) [0295.743] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", lpFilePart=0x19f9f8*="tEwHsFCDLyQEiu_.jpg") returned 0x33 [0295.743] GetLastError () returned 0x0 [0295.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=8) returned 1 [0295.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=4) returned 1 [0295.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=8) returned 1 [0295.743] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=4) returned 1 [0295.743] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.743] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\tewhsfcdlyqeiu_.jpg")) returned 1 [0295.747] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x2cd)) [0295.747] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.747] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.747] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.747] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.747] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.747] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.747] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.748] CloseHandle (hObject=0x404) returned 1 [0295.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[tEwHsFCDLyQEiu_.jpg]omgp:[87(~v7{LER;85gdB&p\"o{d!W=<*JTE`e]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0295.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[tEwHsFCDLyQEiu_.jpg]omgp:[87(~v7{LER;85gdB&p\"o{d!W=<*JTE`e]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0295.748] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[tEwHsFCDLyQEiu_.jpg]omgp:[87(~v7{LER;85gdB&p\"o{d!W=<*JTE`e]", cchWideChar=65, lpMultiByteStr=0x2541d28, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[tEwHsFCDLyQEiu_.jpg]omgp:[87(~v7{LER;85gdB&p\"o{d!W=<*JTE`e]", lpUsedDefaultChar=0x0) returned 65 [0295.756] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.756] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o=") returned 172 [0295.756] GetCurrentThreadId () returned 0x1130 [0295.756] GetCurrentThreadId () returned 0x1130 [0295.756] GetCurrentThreadId () returned 0x1130 [0295.756] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.756] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.756] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.756] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.756] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.756] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.756] SetLastError (dwErrCode=0x0) [0295.756] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320") returned 0x6c [0295.757] GetLastError () returned 0x0 [0295.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.757] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.757] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.757] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].wannacash ncov v310320")) returned 0x20 [0295.757] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1228].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.757] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x15059 [0295.758] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.758] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.758] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.758] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.758] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3") returned 197 [0295.758] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.758] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3") returned 197 [0295.758] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x15059 [0295.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.758] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:jYyy6JAKwWo+kNeeSe6ZxLwlER+VKMZf0ML7SPRH7ETafr/HojC+xSKzevfWfrqJqNfx3rjzxcx5ixQHQUSU39nUnrdcATlU44EZxWNJKbf5BFQ3NRyYGUwri/yU6/ZLzIGBZfHXFLGOKHz0MHk7TLIyCfYwdGn49DHPLXr6W2o= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.758] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.759] CloseHandle (hObject=0x404) returned 1 [0295.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=8) returned 1 [0295.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=4) returned 1 [0295.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=8) returned 1 [0295.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=4) returned 1 [0295.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=8) returned 1 [0295.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=4) returned 1 [0295.759] SetLastError (dwErrCode=0x0) [0295.759] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", lpFilePart=0x19fa34*="tEwHsFCDLyQEiu_.jpg") returned 0x33 [0295.759] GetLastError () returned 0x0 [0295.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=8) returned 1 [0295.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=4) returned 1 [0295.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=8) returned 1 [0295.759] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg", cchCount2=4) returned 1 [0295.759] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.759] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\tewhsfcdlyqeiu_.jpg")) returned 0 [0295.760] GetLastError () returned 0x2 [0295.760] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\tEwHsFCDLyQEiu_.jpg" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\tewhsfcdlyqeiu_.jpg")) returned 0xffffffff [0295.760] SetLastError (dwErrCode=0x2) [0295.760] GetLastError () returned 0x2 [0295.760] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.760] LocalFree (hMem=0x92fe20) returned 0x0 [0295.760] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.760] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.760] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\uk03nphsg.xls")) returned 0x20 [0295.760] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39066659741) returned 1 [0295.761] GetCurrentThreadId () returned 0x1130 [0295.761] GetCurrentThreadId () returned 0x1130 [0295.761] GetCurrentThreadId () returned 0x1130 [0295.761] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".MY6Fw!(g_:#J>wK)h42d)>fFY`l+OS3", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0295.761] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".MY6Fw!(g_:#J>wK)h42d)>fFY`l+OS3", cchWideChar=32, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0295.761] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=".MY6Fw!(g_:#J>wK)h42d)>fFY`l+OS3", cchWideChar=32, lpMultiByteStr=0x250f7b8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".MY6Fw!(g_:#J>wK)h42d)>fFY`l+OS3", lpUsedDefaultChar=0x0) returned 32 [0295.761] GetCurrentThreadId () returned 0x1130 [0295.761] GetCurrentThreadId () returned 0x1130 [0295.761] GetCurrentThreadId () returned 0x1130 [0295.761] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\uk03nphsg.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.761] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.762] GetCurrentThreadId () returned 0x1130 [0295.762] GetCurrentThreadId () returned 0x1130 [0295.762] GetCurrentThreadId () returned 0x1130 [0295.762] GetCurrentThreadId () returned 0x1130 [0295.762] GetCurrentThreadId () returned 0x1130 [0295.762] GetCurrentThreadId () returned 0x1130 [0295.764] GetCurrentThreadId () returned 0x1130 [0295.764] GetCurrentThreadId () returned 0x1130 [0295.764] GetCurrentThreadId () returned 0x1130 [0295.764] GetCurrentThreadId () returned 0x1130 [0295.764] GetCurrentThreadId () returned 0x1130 [0295.764] GetCurrentThreadId () returned 0x1130 [0295.764] GetCurrentThreadId () returned 0x1130 [0295.764] malloc (_Size=0x64) returned 0x1d1338 [0295.764] GetCurrentThreadId () returned 0x1130 [0295.764] GetCurrentThreadId () returned 0x1130 [0295.764] GetCurrentThreadId () returned 0x1130 [0295.765] GetCurrentThreadId () returned 0x1130 [0295.765] GetCurrentThreadId () returned 0x1130 [0295.765] GetCurrentThreadId () returned 0x1130 [0295.765] free (_Block=0x1d1338) [0295.765] malloc (_Size=0x60) returned 0x1d1338 [0295.765] free (_Block=0x1d1338) [0295.765] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.765] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x142c2 [0295.765] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.765] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.765] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x142c2 [0295.765] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.765] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x142c2, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x142c2, lpOverlapped=0x0) returned 1 [0295.767] malloc (_Size=0x8c) returned 0x1d1338 [0295.767] malloc (_Size=0xfc) returned 0x31d77e0 [0295.767] malloc (_Size=0x40) returned 0x1d14e8 [0295.767] GetCurrentThreadId () returned 0x1130 [0295.767] GetCurrentThreadId () returned 0x1130 [0295.767] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.768] malloc (_Size=0x40) returned 0x1d7470 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] GetCurrentThreadId () returned 0x1130 [0295.768] malloc (_Size=0xc) returned 0x31e1e80 [0295.768] malloc (_Size=0x720) returned 0x31d2860 [0295.769] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.769] free (_Block=0x31d2860) [0295.769] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.769] free (_Block=0x1d9aa8) [0295.769] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.769] free (_Block=0x1da8f0) [0295.769] malloc (_Size=0x3274) returned 0x3a60048 [0295.769] free (_Block=0x1dbea8) [0295.770] malloc (_Size=0x4820) returned 0x1d9aa8 [0295.770] free (_Block=0x3a60048) [0295.770] malloc (_Size=0x64e4) returned 0x3a60048 [0295.770] free (_Block=0x1d9aa8) [0295.771] malloc (_Size=0x8920) returned 0x3a66538 [0295.771] free (_Block=0x3a60048) [0295.771] malloc (_Size=0xbb90) returned 0x3a6ee60 [0295.772] free (_Block=0x3a66538) [0295.772] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0295.773] free (_Block=0x3a6ee60) [0295.774] malloc (_Size=0x1533c) returned 0x3a60048 [0295.774] free (_Block=0x3a7a9f8) [0295.774] malloc (_Size=0x1c704) returned 0x3a75390 [0295.775] free (_Block=0x3a60048) [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.775] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] free (_Block=0x31e40b0) [0295.776] free (_Block=0x1d14e8) [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] GetCurrentThreadId () returned 0x1130 [0295.776] free (_Block=0x3a75390) [0295.776] free (_Block=0x31e1e80) [0295.776] free (_Block=0x1d7470) [0295.776] WriteFile (in: hFile=0x2b4, lpBuffer=0x39dee08*, nNumberOfBytesToWrite=0x1b53a, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39dee08*, lpNumberOfBytesWritten=0x19fbbc*=0x1b53a, lpOverlapped=0x0) returned 1 [0295.779] free (_Block=0x31d77e0) [0295.779] free (_Block=0x1d1338) [0295.780] CloseHandle (hObject=0x2b4) returned 1 [0295.780] CloseHandle (hObject=0x404) returned 1 [0295.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=8) returned 1 [0295.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=4) returned 1 [0295.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=8) returned 1 [0295.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=4) returned 1 [0295.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=8) returned 1 [0295.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=4) returned 1 [0295.780] SetLastError (dwErrCode=0x0) [0295.780] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", lpFilePart=0x19f9f8*="uk03nPHSG.xls") returned 0x2d [0295.780] GetLastError () returned 0x0 [0295.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=8) returned 1 [0295.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=4) returned 1 [0295.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=8) returned 1 [0295.780] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=4) returned 1 [0295.780] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.781] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\uk03nphsg.xls")) returned 1 [0295.784] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x2ec)) [0295.784] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.784] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.784] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.784] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.784] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.784] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.785] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.785] CloseHandle (hObject=0x404) returned 1 [0295.785] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[uk03nPHSG.xls]omgp:[.MY6Fw!(g_:#J>wK)h42d)>fFY`l+OS3]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0295.785] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[uk03nPHSG.xls]omgp:[.MY6Fw!(g_:#J>wK)h42d)>fFY`l+OS3]", cchWideChar=59, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0295.785] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[uk03nPHSG.xls]omgp:[.MY6Fw!(g_:#J>wK)h42d)>fFY`l+OS3]", cchWideChar=59, lpMultiByteStr=0x2516890, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[uk03nPHSG.xls]omgp:[.MY6Fw!(g_:#J>wK)h42d)>fFY`l+OS3]", lpUsedDefaultChar=0x0) returned 59 [0295.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.793] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x2434608, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY=") returned 172 [0295.793] GetCurrentThreadId () returned 0x1130 [0295.793] GetCurrentThreadId () returned 0x1130 [0295.793] GetCurrentThreadId () returned 0x1130 [0295.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.793] SetLastError (dwErrCode=0x0) [0295.793] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320") returned 0x6c [0295.793] GetLastError () returned 0x0 [0295.793] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.794] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.794] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.794] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.794] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.794] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].wannacash ncov v310320")) returned 0x20 [0295.794] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1229].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.794] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.795] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.795] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1b53a [0295.795] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.795] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.795] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.795] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.795] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.795] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.795] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3") returned 197 [0295.795] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.795] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3") returned 197 [0295.795] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1b53a [0295.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.795] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:A56HWqsPJ9sfAcFRN9D97KixcTz3cXnBVQKNmM5S26iAl9S+z7USuEOr7YdDZJ/ydbHJN3p1gBvpD5bMgaesvInukF9DsoMOOh8jLNW3TAhOHSEy+nSe+8X/Tn6u6H1wAFr52ConlotXuPmEpALLdPFXvAT2caCfqoQ/D+X++zY= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.796] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.796] CloseHandle (hObject=0x404) returned 1 [0295.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=8) returned 1 [0295.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=4) returned 1 [0295.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=8) returned 1 [0295.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=4) returned 1 [0295.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=8) returned 1 [0295.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=4) returned 1 [0295.796] SetLastError (dwErrCode=0x0) [0295.796] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", lpFilePart=0x19fa34*="uk03nPHSG.xls") returned 0x2d [0295.796] GetLastError () returned 0x0 [0295.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=8) returned 1 [0295.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=4) returned 1 [0295.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=8) returned 1 [0295.796] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls", cchCount2=4) returned 1 [0295.796] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.797] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\uk03nphsg.xls")) returned 0 [0295.797] GetLastError () returned 0x2 [0295.797] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uk03nPHSG.xls" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\uk03nphsg.xls")) returned 0xffffffff [0295.797] SetLastError (dwErrCode=0x2) [0295.797] GetLastError () returned 0x2 [0295.797] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.797] LocalFree (hMem=0x92fe20) returned 0x0 [0295.797] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.797] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.797] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\uqqie41fd7e0knafk.bmp")) returned 0x20 [0295.798] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39070371079) returned 1 [0295.798] GetCurrentThreadId () returned 0x1130 [0295.798] GetCurrentThreadId () returned 0x1130 [0295.798] GetCurrentThreadId () returned 0x1130 [0295.798] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Z..nhP^I5,LUr)Ib?kCoW/\"U)rPiQ@V\\pQT/$\"}8VXC:3v>2", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0295.798] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Z..nhP^I5,LUr)Ib?kCoW/\"U)rPiQ@V\\pQT/$\"}8VXC:3v>2", cchWideChar=48, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0295.798] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Z..nhP^I5,LUr)Ib?kCoW/\"U)rPiQ@V\\pQT/$\"}8VXC:3v>2", cchWideChar=48, lpMultiByteStr=0x2533798, cbMultiByte=48, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Z..nhP^I5,LUr)Ib?kCoW/\"U)rPiQ@V\\pQT/$\"}8VXC:3v>2", lpUsedDefaultChar=0x0) returned 48 [0295.798] GetCurrentThreadId () returned 0x1130 [0295.798] GetCurrentThreadId () returned 0x1130 [0295.798] GetCurrentThreadId () returned 0x1130 [0295.798] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\uqqie41fd7e0knafk.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.798] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.801] GetCurrentThreadId () returned 0x1130 [0295.801] GetCurrentThreadId () returned 0x1130 [0295.801] GetCurrentThreadId () returned 0x1130 [0295.801] GetCurrentThreadId () returned 0x1130 [0295.801] GetCurrentThreadId () returned 0x1130 [0295.801] GetCurrentThreadId () returned 0x1130 [0295.801] GetCurrentThreadId () returned 0x1130 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] malloc (_Size=0x64) returned 0x1d1338 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] GetCurrentThreadId () returned 0x1130 [0295.802] free (_Block=0x1d1338) [0295.802] malloc (_Size=0x60) returned 0x1d1338 [0295.802] free (_Block=0x1d1338) [0295.802] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.803] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x11aba [0295.803] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.803] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.803] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x11aba [0295.803] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.803] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x11aba, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x11aba, lpOverlapped=0x0) returned 1 [0295.804] malloc (_Size=0x8c) returned 0x1d1338 [0295.804] malloc (_Size=0xfc) returned 0x31d73c0 [0295.805] malloc (_Size=0x40) returned 0x1d14e8 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.805] malloc (_Size=0x40) returned 0x1d7470 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.805] GetCurrentThreadId () returned 0x1130 [0295.806] GetCurrentThreadId () returned 0x1130 [0295.806] GetCurrentThreadId () returned 0x1130 [0295.806] GetCurrentThreadId () returned 0x1130 [0295.806] GetCurrentThreadId () returned 0x1130 [0295.806] GetCurrentThreadId () returned 0x1130 [0295.806] GetCurrentThreadId () returned 0x1130 [0295.806] malloc (_Size=0xc) returned 0x31e1e20 [0295.806] malloc (_Size=0x720) returned 0x31d2860 [0295.806] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.806] free (_Block=0x31d2860) [0295.806] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.807] free (_Block=0x1d9aa8) [0295.807] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.807] free (_Block=0x1da8f0) [0295.807] malloc (_Size=0x3274) returned 0x3a60048 [0295.807] free (_Block=0x1dbea8) [0295.807] malloc (_Size=0x4820) returned 0x1d9aa8 [0295.808] free (_Block=0x3a60048) [0295.808] malloc (_Size=0x64e4) returned 0x3a60048 [0295.808] free (_Block=0x1d9aa8) [0295.808] malloc (_Size=0x8920) returned 0x3a66538 [0295.808] free (_Block=0x3a60048) [0295.808] malloc (_Size=0xbb90) returned 0x3a6ee60 [0295.809] free (_Block=0x3a66538) [0295.809] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0295.809] free (_Block=0x3a6ee60) [0295.809] malloc (_Size=0x1533c) returned 0x3a60048 [0295.809] free (_Block=0x3a7a9f8) [0295.809] malloc (_Size=0x1c704) returned 0x3a75390 [0295.809] free (_Block=0x3a60048) [0295.809] GetCurrentThreadId () returned 0x1130 [0295.809] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] free (_Block=0x31e40b0) [0295.810] free (_Block=0x1d14e8) [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.810] GetCurrentThreadId () returned 0x1130 [0295.811] GetCurrentThreadId () returned 0x1130 [0295.811] GetCurrentThreadId () returned 0x1130 [0295.811] GetCurrentThreadId () returned 0x1130 [0295.811] GetCurrentThreadId () returned 0x1130 [0295.811] GetCurrentThreadId () returned 0x1130 [0295.811] GetCurrentThreadId () returned 0x1130 [0295.811] GetCurrentThreadId () returned 0x1130 [0295.811] GetCurrentThreadId () returned 0x1130 [0295.811] free (_Block=0x3a75390) [0295.811] free (_Block=0x31e1e20) [0295.811] free (_Block=0x1d7470) [0295.812] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d9e08*, nNumberOfBytesToWrite=0x17efd, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d9e08*, lpNumberOfBytesWritten=0x19fbbc*=0x17efd, lpOverlapped=0x0) returned 1 [0295.813] free (_Block=0x31d73c0) [0295.814] free (_Block=0x1d1338) [0295.814] CloseHandle (hObject=0x2b4) returned 1 [0295.814] CloseHandle (hObject=0x404) returned 1 [0295.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=8) returned 1 [0295.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=4) returned 1 [0295.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=8) returned 1 [0295.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=4) returned 1 [0295.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=8) returned 1 [0295.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=4) returned 1 [0295.814] SetLastError (dwErrCode=0x0) [0295.814] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", lpFilePart=0x19f9f8*="uqQie41fd7E0KNafk.bmp") returned 0x35 [0295.814] GetLastError () returned 0x0 [0295.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=8) returned 1 [0295.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=4) returned 1 [0295.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=8) returned 1 [0295.814] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=4) returned 1 [0295.814] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.815] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\uqqie41fd7e0knafk.bmp")) returned 1 [0295.818] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x30c)) [0295.818] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.818] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.818] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.818] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.818] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.818] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.818] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.819] CloseHandle (hObject=0x404) returned 1 [0295.819] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[uqQie41fd7E0KNafk.bmp]omgp:[Z..nhP^I5,LUr)Ib?kCoW/\"U)rPiQ@V\\pQT/$\"}8VXC:3v>2]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0295.819] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[uqQie41fd7E0KNafk.bmp]omgp:[Z..nhP^I5,LUr)Ib?kCoW/\"U)rPiQ@V\\pQT/$\"}8VXC:3v>2]", cchWideChar=83, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 83 [0295.819] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[uqQie41fd7E0KNafk.bmp]omgp:[Z..nhP^I5,LUr)Ib?kCoW/\"U)rPiQ@V\\pQT/$\"}8VXC:3v>2]", cchWideChar=83, lpMultiByteStr=0x251e1a8, cbMultiByte=83, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[uqQie41fd7E0KNafk.bmp]omgp:[Z..nhP^I5,LUr)Ib?kCoW/\"U)rPiQ@V\\pQT/$\"}8VXC:3v>2]", lpUsedDefaultChar=0x0) returned 83 [0295.859] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.859] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8=") returned 172 [0295.859] GetCurrentThreadId () returned 0x1130 [0295.859] GetCurrentThreadId () returned 0x1130 [0295.859] GetCurrentThreadId () returned 0x1130 [0295.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.859] SetLastError (dwErrCode=0x0) [0295.859] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320") returned 0x6c [0295.859] GetLastError () returned 0x0 [0295.859] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.860] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.860] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.860] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].wannacash ncov v310320")) returned 0x20 [0295.860] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1230].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.860] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.860] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.860] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x17efd [0295.861] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.861] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.861] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.861] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.861] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.861] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.861] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.861] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.861] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.861] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3") returned 197 [0295.861] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.861] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3") returned 197 [0295.861] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x17efd [0295.861] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.861] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.861] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:RxDjmx9WG/e1r6ntJl57+YDjM+/UjgTjSGVdljeeVlglk21FwJT1DWxD7LoyIaTvd161QHbyptfvYeA3tI2h+OB3up+8OCoKS9qwG/kr0sPtnL7sGbvqOnF1DY24rko5/rdQxOrf+kj5EH/aAWvk5LTe4hUZ2Dzi9CFzOj3bVX8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.861] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.862] CloseHandle (hObject=0x404) returned 1 [0295.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=8) returned 1 [0295.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=4) returned 1 [0295.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=8) returned 1 [0295.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=4) returned 1 [0295.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=8) returned 1 [0295.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=4) returned 1 [0295.862] SetLastError (dwErrCode=0x0) [0295.862] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", lpFilePart=0x19fa34*="uqQie41fd7E0KNafk.bmp") returned 0x35 [0295.862] GetLastError () returned 0x0 [0295.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=8) returned 1 [0295.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=4) returned 1 [0295.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=8) returned 1 [0295.862] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp", cchCount2=4) returned 1 [0295.862] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.863] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\uqqie41fd7e0knafk.bmp")) returned 0 [0295.863] GetLastError () returned 0x2 [0295.863] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\uqQie41fd7E0KNafk.bmp" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\uqqie41fd7e0knafk.bmp")) returned 0xffffffff [0295.863] SetLastError (dwErrCode=0x2) [0295.863] GetLastError () returned 0x2 [0295.863] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.863] LocalFree (hMem=0x92fe20) returned 0x0 [0295.863] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.863] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.864] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\ytlj.png")) returned 0x20 [0295.864] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39076987236) returned 1 [0295.864] GetCurrentThreadId () returned 0x1130 [0295.864] GetCurrentThreadId () returned 0x1130 [0295.864] GetCurrentThreadId () returned 0x1130 [0295.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="aWqkE7/+Fby;w!zG}ds,№Fx;EdSB+4K&e6\\9+++s2Fe", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0295.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="aWqkE7/+Fby;w!zG}ds,№Fx;EdSB+4K&e6\\9+++s2Fe", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0295.864] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="aWqkE7/+Fby;w!zG}ds,№Fx;EdSB+4K&e6\\9+++s2Fe", cchWideChar=43, lpMultiByteStr=0x25337d8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aWqkE7/+Fby;w!zG}ds,â\x84\x96Fx;EdSB+4K&e6\\9+++s2Fe", lpUsedDefaultChar=0x0) returned 45 [0295.864] GetCurrentThreadId () returned 0x1130 [0295.864] GetCurrentThreadId () returned 0x1130 [0295.864] GetCurrentThreadId () returned 0x1130 [0295.864] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\ytlj.png"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.864] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.865] GetCurrentThreadId () returned 0x1130 [0295.865] GetCurrentThreadId () returned 0x1130 [0295.865] GetCurrentThreadId () returned 0x1130 [0295.865] GetCurrentThreadId () returned 0x1130 [0295.865] GetCurrentThreadId () returned 0x1130 [0295.865] GetCurrentThreadId () returned 0x1130 [0295.866] GetCurrentThreadId () returned 0x1130 [0295.866] GetCurrentThreadId () returned 0x1130 [0295.866] GetCurrentThreadId () returned 0x1130 [0295.866] GetCurrentThreadId () returned 0x1130 [0295.866] GetCurrentThreadId () returned 0x1130 [0295.866] GetCurrentThreadId () returned 0x1130 [0295.866] GetCurrentThreadId () returned 0x1130 [0295.866] malloc (_Size=0x64) returned 0x1d1338 [0295.866] GetCurrentThreadId () returned 0x1130 [0295.866] GetCurrentThreadId () returned 0x1130 [0295.866] GetCurrentThreadId () returned 0x1130 [0295.866] GetCurrentThreadId () returned 0x1130 [0295.867] GetCurrentThreadId () returned 0x1130 [0295.867] GetCurrentThreadId () returned 0x1130 [0295.867] free (_Block=0x1d1338) [0295.867] malloc (_Size=0x60) returned 0x1d1338 [0295.867] free (_Block=0x1d1338) [0295.867] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.867] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x18a70 [0295.867] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.867] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.867] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x18a70 [0295.867] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.868] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x18a70, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x18a70, lpOverlapped=0x0) returned 1 [0295.869] malloc (_Size=0x8c) returned 0x1d1338 [0295.869] malloc (_Size=0xfc) returned 0x31d71b0 [0295.870] malloc (_Size=0x40) returned 0x1d14e8 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.870] malloc (_Size=0x40) returned 0x1d7470 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.870] GetCurrentThreadId () returned 0x1130 [0295.871] GetCurrentThreadId () returned 0x1130 [0295.871] GetCurrentThreadId () returned 0x1130 [0295.871] GetCurrentThreadId () returned 0x1130 [0295.871] GetCurrentThreadId () returned 0x1130 [0295.871] GetCurrentThreadId () returned 0x1130 [0295.871] GetCurrentThreadId () returned 0x1130 [0295.871] GetCurrentThreadId () returned 0x1130 [0295.871] GetCurrentThreadId () returned 0x1130 [0295.871] GetCurrentThreadId () returned 0x1130 [0295.871] GetCurrentThreadId () returned 0x1130 [0295.871] malloc (_Size=0xc) returned 0x31e1ca0 [0295.871] malloc (_Size=0x720) returned 0x31d2860 [0295.871] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.880] free (_Block=0x31d2860) [0295.880] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.880] free (_Block=0x1d9aa8) [0295.880] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.880] free (_Block=0x1da8f0) [0295.880] malloc (_Size=0x3274) returned 0x3a60048 [0295.880] free (_Block=0x1dbea8) [0295.880] malloc (_Size=0x4820) returned 0x1d9aa8 [0295.880] free (_Block=0x3a60048) [0295.881] malloc (_Size=0x64e4) returned 0x3a60048 [0295.881] free (_Block=0x1d9aa8) [0295.881] malloc (_Size=0x8920) returned 0x3a66538 [0295.881] free (_Block=0x3a60048) [0295.881] malloc (_Size=0xbb90) returned 0x3a6ee60 [0295.882] free (_Block=0x3a66538) [0295.882] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0295.882] free (_Block=0x3a6ee60) [0295.883] malloc (_Size=0x1533c) returned 0x3a60048 [0295.883] free (_Block=0x3a7a9f8) [0295.883] malloc (_Size=0x1c704) returned 0x3a75390 [0295.883] free (_Block=0x3a60048) [0295.883] malloc (_Size=0x265c8) returned 0x3a91aa0 [0295.885] free (_Block=0x3a75390) [0295.885] GetCurrentThreadId () returned 0x1130 [0295.885] GetCurrentThreadId () returned 0x1130 [0295.885] GetCurrentThreadId () returned 0x1130 [0295.885] GetCurrentThreadId () returned 0x1130 [0295.885] GetCurrentThreadId () returned 0x1130 [0295.885] GetCurrentThreadId () returned 0x1130 [0295.885] GetCurrentThreadId () returned 0x1130 [0295.885] GetCurrentThreadId () returned 0x1130 [0295.885] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] free (_Block=0x31e40b0) [0295.886] free (_Block=0x1d14e8) [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.886] GetCurrentThreadId () returned 0x1130 [0295.887] GetCurrentThreadId () returned 0x1130 [0295.887] GetCurrentThreadId () returned 0x1130 [0295.887] free (_Block=0x3a91aa0) [0295.887] free (_Block=0x31e1ca0) [0295.888] free (_Block=0x1d7470) [0295.888] WriteFile (in: hFile=0x2b4, lpBuffer=0x39e7e08*, nNumberOfBytesToWrite=0x21651, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39e7e08*, lpNumberOfBytesWritten=0x19fbbc*=0x21651, lpOverlapped=0x0) returned 1 [0295.892] free (_Block=0x31d71b0) [0295.892] free (_Block=0x1d1338) [0295.892] CloseHandle (hObject=0x2b4) returned 1 [0295.892] CloseHandle (hObject=0x404) returned 1 [0295.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=8) returned 1 [0295.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=4) returned 1 [0295.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=8) returned 1 [0295.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=4) returned 1 [0295.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=8) returned 1 [0295.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=4) returned 1 [0295.892] SetLastError (dwErrCode=0x0) [0295.892] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", lpFilePart=0x19f9f8*="ytlj.png") returned 0x28 [0295.892] GetLastError () returned 0x0 [0295.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=8) returned 1 [0295.892] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=4) returned 1 [0295.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=8) returned 1 [0295.893] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=4) returned 1 [0295.893] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.893] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\ytlj.png")) returned 1 [0295.896] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x35c)) [0295.896] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0295.897] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.897] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0295.897] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.897] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0295.897] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0295.897] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0295.897] CloseHandle (hObject=0x404) returned 1 [0295.897] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ytlj.png]omgp:[aWqkE7/+Fby;w!zG}ds,№Fx;EdSB+4K&e6\\9+++s2Fe]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0295.897] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ytlj.png]omgp:[aWqkE7/+Fby;w!zG}ds,№Fx;EdSB+4K&e6\\9+++s2Fe]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0295.897] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[ytlj.png]omgp:[aWqkE7/+Fby;w!zG}ds,№Fx;EdSB+4K&e6\\9+++s2Fe]", cchWideChar=65, lpMultiByteStr=0x2541d28, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[ytlj.png]omgp:[aWqkE7/+Fby;w!zG}ds,?Fx;EdSB+4K&e6\\9+++s2Fe]", lpUsedDefaultChar=0x0) returned 65 [0295.956] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0295.956] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U=") returned 172 [0295.956] GetCurrentThreadId () returned 0x1130 [0295.956] GetCurrentThreadId () returned 0x1130 [0295.956] GetCurrentThreadId () returned 0x1130 [0295.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.956] SetLastError (dwErrCode=0x0) [0295.956] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320") returned 0x6c [0295.956] GetLastError () returned 0x0 [0295.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.956] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0295.957] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0295.957] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.957] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].wannacash ncov v310320")) returned 0x20 [0295.957] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1231].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.957] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0295.957] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.957] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x21651 [0295.957] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0295.958] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0295.958] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.958] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.958] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.958] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.958] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.958] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3") returned 197 [0295.958] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0295.958] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3") returned 197 [0295.958] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x21651 [0295.958] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.958] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0295.958] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:J0W4xQoljQKlP0k89VRJ2cIAlPpZL65qaMCgNJ7eZkrsuNs2Mrg1ZB6xtDw4Mix2ZofRoCJIyU/y3Gs3Utly6Cc5gbjLNIUYbuOaka5fvf79qLXs7kzqJsEwD+fnVTADXdzrrC9o3zab/TV/YCPMGqo/HsedWlxndyKgeCc/p0U= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0295.958] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0295.959] CloseHandle (hObject=0x404) returned 1 [0295.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=8) returned 1 [0295.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=4) returned 1 [0295.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=8) returned 1 [0295.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=4) returned 1 [0295.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=8) returned 1 [0295.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=4) returned 1 [0295.959] SetLastError (dwErrCode=0x0) [0295.959] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", lpFilePart=0x19fa34*="ytlj.png") returned 0x28 [0295.959] GetLastError () returned 0x0 [0295.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=8) returned 1 [0295.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=4) returned 1 [0295.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=8) returned 1 [0295.959] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png", cchCount2=4) returned 1 [0295.959] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.959] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\ytlj.png")) returned 0 [0295.960] GetLastError () returned 0x2 [0295.960] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\ytlj.png" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\ytlj.png")) returned 0xffffffff [0295.960] SetLastError (dwErrCode=0x2) [0295.960] GetLastError () returned 0x2 [0295.960] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0295.960] LocalFree (hMem=0x92fe20) returned 0x0 [0295.960] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0295.960] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0295.960] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\zc qppukjc6iy.doc")) returned 0x20 [0295.961] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39086679578) returned 1 [0295.961] GetCurrentThreadId () returned 0x1130 [0295.961] GetCurrentThreadId () returned 0x1130 [0295.961] GetCurrentThreadId () returned 0x1130 [0295.961] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`TNl2TW9feLt-1&>CnKLL8v{Bc`Dk{#@L-n|P^xE>RW", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0295.961] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`TNl2TW9feLt-1&>CnKLL8v{Bc`Dk{#@L-n|P^xE>RW", cchWideChar=43, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0295.961] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`TNl2TW9feLt-1&>CnKLL8v{Bc`Dk{#@L-n|P^xE>RW", cchWideChar=43, lpMultiByteStr=0x2524fd0, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="`TNl2TW9feLt-1&>CnKLL8v{Bc`Dk{#@L-n|P^xE>RW", lpUsedDefaultChar=0x0) returned 43 [0295.961] GetCurrentThreadId () returned 0x1130 [0295.961] GetCurrentThreadId () returned 0x1130 [0295.961] GetCurrentThreadId () returned 0x1130 [0295.961] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\zc qppukjc6iy.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0295.961] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0295.962] GetCurrentThreadId () returned 0x1130 [0295.962] GetCurrentThreadId () returned 0x1130 [0295.962] GetCurrentThreadId () returned 0x1130 [0295.962] GetCurrentThreadId () returned 0x1130 [0295.962] GetCurrentThreadId () returned 0x1130 [0295.962] GetCurrentThreadId () returned 0x1130 [0295.962] GetCurrentThreadId () returned 0x1130 [0295.962] GetCurrentThreadId () returned 0x1130 [0295.963] GetCurrentThreadId () returned 0x1130 [0295.963] GetCurrentThreadId () returned 0x1130 [0295.963] GetCurrentThreadId () returned 0x1130 [0295.963] GetCurrentThreadId () returned 0x1130 [0295.963] GetCurrentThreadId () returned 0x1130 [0295.963] malloc (_Size=0x64) returned 0x1d1338 [0295.963] GetCurrentThreadId () returned 0x1130 [0295.963] GetCurrentThreadId () returned 0x1130 [0295.963] GetCurrentThreadId () returned 0x1130 [0295.963] GetCurrentThreadId () returned 0x1130 [0295.963] GetCurrentThreadId () returned 0x1130 [0295.963] GetCurrentThreadId () returned 0x1130 [0295.963] free (_Block=0x1d1338) [0295.963] malloc (_Size=0x60) returned 0x1d1338 [0295.963] free (_Block=0x1d1338) [0295.964] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.964] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x18530 [0295.964] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.964] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.964] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x18530 [0295.964] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0295.964] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x18530, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x18530, lpOverlapped=0x0) returned 1 [0295.967] malloc (_Size=0x8c) returned 0x1d1338 [0295.967] malloc (_Size=0xfc) returned 0x31d73c0 [0295.968] malloc (_Size=0x40) returned 0x1d14e8 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] malloc (_Size=0xa5c) returned 0x31e40b0 [0295.968] malloc (_Size=0x40) returned 0x1d7470 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.968] GetCurrentThreadId () returned 0x1130 [0295.969] malloc (_Size=0xc) returned 0x31e1dc0 [0295.969] malloc (_Size=0x720) returned 0x31d2860 [0295.969] malloc (_Size=0xe3c) returned 0x1d9aa8 [0295.969] free (_Block=0x31d2860) [0295.969] malloc (_Size=0x15ac) returned 0x1da8f0 [0295.970] free (_Block=0x1d9aa8) [0295.970] malloc (_Size=0x23e4) returned 0x1dbea8 [0295.970] free (_Block=0x1da8f0) [0295.970] malloc (_Size=0x3274) returned 0x3a60048 [0295.970] free (_Block=0x1dbea8) [0295.971] malloc (_Size=0x4820) returned 0x1d9aa8 [0295.971] free (_Block=0x3a60048) [0295.971] malloc (_Size=0x64e4) returned 0x3a60048 [0295.971] free (_Block=0x1d9aa8) [0295.971] malloc (_Size=0x8920) returned 0x3a66538 [0295.971] free (_Block=0x3a60048) [0295.972] malloc (_Size=0xbb90) returned 0x3a6ee60 [0295.972] free (_Block=0x3a66538) [0295.973] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0295.974] free (_Block=0x3a6ee60) [0295.974] malloc (_Size=0x1533c) returned 0x3a60048 [0295.974] free (_Block=0x3a7a9f8) [0295.974] malloc (_Size=0x1c704) returned 0x3a75390 [0295.974] free (_Block=0x3a60048) [0295.975] malloc (_Size=0x265c8) returned 0x3a91aa0 [0295.976] free (_Block=0x3a75390) [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] free (_Block=0x31e40b0) [0295.977] free (_Block=0x1d14e8) [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.977] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] GetCurrentThreadId () returned 0x1130 [0295.978] free (_Block=0x3a91aa0) [0295.979] free (_Block=0x31e1dc0) [0295.979] free (_Block=0x1d7470) [0295.979] WriteFile (in: hFile=0x2b4, lpBuffer=0x39e7408*, nNumberOfBytesToWrite=0x20f35, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39e7408*, lpNumberOfBytesWritten=0x19fbbc*=0x20f35, lpOverlapped=0x0) returned 1 [0295.984] free (_Block=0x31d73c0) [0295.984] free (_Block=0x1d1338) [0295.984] CloseHandle (hObject=0x2b4) returned 1 [0295.984] CloseHandle (hObject=0x404) returned 1 [0295.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=8) returned 1 [0295.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=4) returned 1 [0295.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=8) returned 1 [0295.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=4) returned 1 [0295.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=8) returned 1 [0295.984] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=4) returned 1 [0295.984] SetLastError (dwErrCode=0x0) [0295.984] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", lpFilePart=0x19f9f8*="zC QPpukJC6Iy.doc") returned 0x31 [0295.984] GetLastError () returned 0x0 [0295.985] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=8) returned 1 [0295.985] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=4) returned 1 [0295.985] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=8) returned 1 [0295.985] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=4) returned 1 [0295.985] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0295.985] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\zc qppukjc6iy.doc")) returned 1 [0296.015] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xb, wMilliseconds=0x3ca)) [0296.015] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.015] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.015] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.015] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.015] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.015] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.016] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.016] CloseHandle (hObject=0x404) returned 1 [0296.016] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[zC QPpukJC6Iy.doc]omgp:[`TNl2TW9feLt-1&>CnKLL8v{Bc`Dk{#@L-n|P^xE>RW]", cchWideChar=74, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 74 [0296.016] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[zC QPpukJC6Iy.doc]omgp:[`TNl2TW9feLt-1&>CnKLL8v{Bc`Dk{#@L-n|P^xE>RW]", cchWideChar=74, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 74 [0296.016] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[zC QPpukJC6Iy.doc]omgp:[`TNl2TW9feLt-1&>CnKLL8v{Bc`Dk{#@L-n|P^xE>RW]", cchWideChar=74, lpMultiByteStr=0x252c6b0, cbMultiByte=74, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[zC QPpukJC6Iy.doc]omgp:[`TNl2TW9feLt-1&>CnKLL8v{Bc`Dk{#@L-n|P^xE>RW]", lpUsedDefaultChar=0x0) returned 74 [0296.024] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.025] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU=") returned 172 [0296.025] GetCurrentThreadId () returned 0x1130 [0296.025] GetCurrentThreadId () returned 0x1130 [0296.025] GetCurrentThreadId () returned 0x1130 [0296.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.025] SetLastError (dwErrCode=0x0) [0296.025] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320") returned 0x6c [0296.025] GetLastError () returned 0x0 [0296.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.025] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.025] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0296.026] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].wannacash ncov v310320")) returned 0x20 [0296.026] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1232].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.026] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.026] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.026] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x20f35 [0296.026] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.026] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.026] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.026] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.026] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.027] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.027] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.027] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3") returned 197 [0296.027] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.027] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3") returned 197 [0296.027] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x20f35 [0296.027] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.027] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.027] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:0ZDPw+gynxMl8E1Imo6DXlAOKRDgzrEF338Fy1GjTsIR3KCXjn6qiBQcViRl2qpBXX+7bKMbWze7jBPOdj3WGzVQ7eZXk5/cWX9Mtj9w17ZRC92LPuSJR57uR57YEdCF28oxdJWYcPw7TjI93PtegrE6SsM4x2jPZ5peBd6LrTU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.027] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.027] CloseHandle (hObject=0x404) returned 1 [0296.027] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=8) returned 1 [0296.027] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=4) returned 1 [0296.028] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=8) returned 1 [0296.028] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=4) returned 1 [0296.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=8) returned 1 [0296.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=4) returned 1 [0296.029] SetLastError (dwErrCode=0x0) [0296.029] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", lpFilePart=0x19fa34*="zC QPpukJC6Iy.doc") returned 0x31 [0296.029] GetLastError () returned 0x0 [0296.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=8) returned 1 [0296.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=4) returned 1 [0296.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=8) returned 1 [0296.029] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc", cchCount2=4) returned 1 [0296.029] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0296.030] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\zc qppukjc6iy.doc")) returned 0 [0296.030] GetLastError () returned 0x2 [0296.030] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zC QPpukJC6Iy.doc" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\zc qppukjc6iy.doc")) returned 0xffffffff [0296.030] SetLastError (dwErrCode=0x2) [0296.030] GetLastError () returned 0x2 [0296.030] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.030] LocalFree (hMem=0x92fe20) returned 0x0 [0296.030] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.030] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.031] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\zojeyp.doc")) returned 0x20 [0296.031] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39093681136) returned 1 [0296.031] GetCurrentThreadId () returned 0x1130 [0296.031] GetCurrentThreadId () returned 0x1130 [0296.031] GetCurrentThreadId () returned 0x1130 [0296.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&jX1cJ2tfY@6V1VZ{Fx\"~1;v=:e2g", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0296.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&jX1cJ2tfY@6V1VZ{Fx\"~1;v=:e2g", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0296.031] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="&jX1cJ2tfY@6V1VZ{Fx\"~1;v=:e2g", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="&jX1cJ2tfY@6V1VZ{Fx\"~1;v=:e2g", lpUsedDefaultChar=0x0) returned 29 [0296.031] GetCurrentThreadId () returned 0x1130 [0296.031] GetCurrentThreadId () returned 0x1130 [0296.031] GetCurrentThreadId () returned 0x1130 [0296.031] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\zojeyp.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.031] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] malloc (_Size=0x64) returned 0x1d1338 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.033] GetCurrentThreadId () returned 0x1130 [0296.034] GetCurrentThreadId () returned 0x1130 [0296.034] GetCurrentThreadId () returned 0x1130 [0296.034] GetCurrentThreadId () returned 0x1130 [0296.034] free (_Block=0x1d1338) [0296.034] malloc (_Size=0x60) returned 0x1d1338 [0296.034] free (_Block=0x1d1338) [0296.034] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.034] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x177c0 [0296.034] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.034] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.034] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x177c0 [0296.034] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.034] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x177c0, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x177c0, lpOverlapped=0x0) returned 1 [0296.036] malloc (_Size=0x8c) returned 0x1d1338 [0296.036] malloc (_Size=0xfc) returned 0x31d76d8 [0296.036] malloc (_Size=0x40) returned 0x1d14e8 [0296.036] GetCurrentThreadId () returned 0x1130 [0296.036] GetCurrentThreadId () returned 0x1130 [0296.036] GetCurrentThreadId () returned 0x1130 [0296.036] GetCurrentThreadId () returned 0x1130 [0296.036] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] malloc (_Size=0xa5c) returned 0x31e40b0 [0296.037] malloc (_Size=0x40) returned 0x1d7470 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] GetCurrentThreadId () returned 0x1130 [0296.037] malloc (_Size=0xc) returned 0x31e1ec8 [0296.037] malloc (_Size=0x720) returned 0x31d2860 [0296.037] malloc (_Size=0xe3c) returned 0x1d9aa8 [0296.038] free (_Block=0x31d2860) [0296.038] malloc (_Size=0x15ac) returned 0x1da8f0 [0296.038] free (_Block=0x1d9aa8) [0296.038] malloc (_Size=0x23e4) returned 0x1dbea8 [0296.038] free (_Block=0x1da8f0) [0296.039] malloc (_Size=0x3274) returned 0x3a60048 [0296.039] free (_Block=0x1dbea8) [0296.039] malloc (_Size=0x4820) returned 0x1d9aa8 [0296.039] free (_Block=0x3a60048) [0296.039] malloc (_Size=0x64e4) returned 0x3a60048 [0296.039] free (_Block=0x1d9aa8) [0296.040] malloc (_Size=0x8920) returned 0x3a66538 [0296.040] free (_Block=0x3a60048) [0296.040] malloc (_Size=0xbb90) returned 0x3a6ee60 [0296.041] free (_Block=0x3a66538) [0296.041] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0296.042] free (_Block=0x3a6ee60) [0296.042] malloc (_Size=0x1533c) returned 0x3a60048 [0296.042] free (_Block=0x3a7a9f8) [0296.042] malloc (_Size=0x1c704) returned 0x3a75390 [0296.042] free (_Block=0x3a60048) [0296.043] malloc (_Size=0x265c8) returned 0x3a91aa0 [0296.044] free (_Block=0x3a75390) [0296.044] GetCurrentThreadId () returned 0x1130 [0296.044] GetCurrentThreadId () returned 0x1130 [0296.044] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] free (_Block=0x31e40b0) [0296.045] free (_Block=0x1d14e8) [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.045] GetCurrentThreadId () returned 0x1130 [0296.046] GetCurrentThreadId () returned 0x1130 [0296.046] GetCurrentThreadId () returned 0x1130 [0296.046] GetCurrentThreadId () returned 0x1130 [0296.046] GetCurrentThreadId () returned 0x1130 [0296.046] GetCurrentThreadId () returned 0x1130 [0296.046] GetCurrentThreadId () returned 0x1130 [0296.046] GetCurrentThreadId () returned 0x1130 [0296.046] GetCurrentThreadId () returned 0x1130 [0296.046] free (_Block=0x3a91aa0) [0296.046] free (_Block=0x31e1ec8) [0296.046] free (_Block=0x1d7470) [0296.046] WriteFile (in: hFile=0x2b4, lpBuffer=0x39e5808*, nNumberOfBytesToWrite=0x1fd01, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39e5808*, lpNumberOfBytesWritten=0x19fbbc*=0x1fd01, lpOverlapped=0x0) returned 1 [0296.050] free (_Block=0x31d76d8) [0296.050] free (_Block=0x1d1338) [0296.050] CloseHandle (hObject=0x2b4) returned 1 [0296.050] CloseHandle (hObject=0x404) returned 1 [0296.050] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=8) returned 1 [0296.050] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=4) returned 1 [0296.050] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=8) returned 1 [0296.050] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=4) returned 1 [0296.050] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=8) returned 1 [0296.050] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=4) returned 1 [0296.050] SetLastError (dwErrCode=0x0) [0296.050] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", lpFilePart=0x19f9f8*="zojeYP.doc") returned 0x2a [0296.050] GetLastError () returned 0x0 [0296.050] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=8) returned 1 [0296.050] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=4) returned 1 [0296.050] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=8) returned 1 [0296.050] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=4) returned 1 [0296.051] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0296.051] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\zojeyp.doc")) returned 1 [0296.054] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0xe)) [0296.054] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.054] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.055] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.055] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.055] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.055] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.055] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.055] CloseHandle (hObject=0x404) returned 1 [0296.055] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[zojeYP.doc]omgp:[&jX1cJ2tfY@6V1VZ{Fx\"~1;v=:e2g]", cchWideChar=53, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0296.055] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[zojeYP.doc]omgp:[&jX1cJ2tfY@6V1VZ{Fx\"~1;v=:e2g]", cchWideChar=53, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0296.055] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[zojeYP.doc]omgp:[&jX1cJ2tfY@6V1VZ{Fx\"~1;v=:e2g]", cchWideChar=53, lpMultiByteStr=0x2516ad0, cbMultiByte=53, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[zojeYP.doc]omgp:[&jX1cJ2tfY@6V1VZ{Fx\"~1;v=:e2g]", lpUsedDefaultChar=0x0) returned 53 [0296.067] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.067] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0=") returned 172 [0296.067] GetCurrentThreadId () returned 0x1130 [0296.067] GetCurrentThreadId () returned 0x1130 [0296.067] GetCurrentThreadId () returned 0x1130 [0296.067] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.067] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.068] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.068] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.068] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.068] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.068] SetLastError (dwErrCode=0x0) [0296.068] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320") returned 0x6c [0296.068] GetLastError () returned 0x0 [0296.068] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.068] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.068] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.068] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.068] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0296.068] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].wannacash ncov v310320")) returned 0x20 [0296.068] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1233].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.069] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.069] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.069] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1fd01 [0296.069] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.069] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.069] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.069] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.069] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.069] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.069] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.069] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3") returned 197 [0296.070] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.070] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3") returned 197 [0296.070] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1fd01 [0296.070] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.070] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.070] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:S3QNqiSMGB3TUkvJ18mzH1RJgewM4phEcWfiglutL72RC63tNmjRTgSqwOMPVTZmlsMgMplHd1lTyMy21sqU0lg5h4SieU8E67vWSYo830ECOkNe6v6TsasxSUGDtUW6QQfTz6TPlnvmaosanLN93GkGk4l96df4okdoKkYr9T0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.070] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.070] CloseHandle (hObject=0x404) returned 1 [0296.071] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=8) returned 1 [0296.071] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=4) returned 1 [0296.071] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=8) returned 1 [0296.071] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=4) returned 1 [0296.071] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=8) returned 1 [0296.071] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=4) returned 1 [0296.071] SetLastError (dwErrCode=0x0) [0296.071] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", lpFilePart=0x19fa34*="zojeYP.doc") returned 0x2a [0296.071] GetLastError () returned 0x0 [0296.071] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=8) returned 1 [0296.071] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=4) returned 1 [0296.071] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=8) returned 1 [0296.071] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc", cchCount2=4) returned 1 [0296.071] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming")) returned 0x10 [0296.071] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\zojeyp.doc")) returned 0 [0296.071] GetLastError () returned 0x2 [0296.071] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Roaming\\zojeYP.doc" (normalized: "c:\\users\\fd1hvy\\appdata\\roaming\\zojeyp.doc")) returned 0xffffffff [0296.071] SetLastError (dwErrCode=0x2) [0296.072] GetLastError () returned 0x2 [0296.072] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.072] LocalFree (hMem=0x92fe20) returned 0x0 [0296.072] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.072] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.072] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\0pg-c0nz.jpg")) returned 0x20 [0296.072] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39097849570) returned 1 [0296.072] GetCurrentThreadId () returned 0x1130 [0296.072] GetCurrentThreadId () returned 0x1130 [0296.072] GetCurrentThreadId () returned 0x1130 [0296.073] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=",di44+DAm|*Nr*Xw|fV4XZ\\63%g", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0296.073] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=",di44+DAm|*Nr*Xw|fV4XZ\\63%g", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0296.073] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=",di44+DAm|*Nr*Xw|fV4XZ\\63%g", cchWideChar=27, lpMultiByteStr=0x2508420, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",di44+DAm|*Nr*Xw|fV4XZ\\63%g", lpUsedDefaultChar=0x0) returned 27 [0296.073] GetCurrentThreadId () returned 0x1130 [0296.073] GetCurrentThreadId () returned 0x1130 [0296.073] GetCurrentThreadId () returned 0x1130 [0296.073] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\0pg-c0nz.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.073] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.074] GetCurrentThreadId () returned 0x1130 [0296.074] GetCurrentThreadId () returned 0x1130 [0296.074] GetCurrentThreadId () returned 0x1130 [0296.074] GetCurrentThreadId () returned 0x1130 [0296.074] GetCurrentThreadId () returned 0x1130 [0296.074] GetCurrentThreadId () returned 0x1130 [0296.074] GetCurrentThreadId () returned 0x1130 [0296.074] GetCurrentThreadId () returned 0x1130 [0296.074] GetCurrentThreadId () returned 0x1130 [0296.074] GetCurrentThreadId () returned 0x1130 [0296.075] GetCurrentThreadId () returned 0x1130 [0296.075] GetCurrentThreadId () returned 0x1130 [0296.075] GetCurrentThreadId () returned 0x1130 [0296.075] malloc (_Size=0x64) returned 0x1d1338 [0296.075] GetCurrentThreadId () returned 0x1130 [0296.076] GetCurrentThreadId () returned 0x1130 [0296.076] GetCurrentThreadId () returned 0x1130 [0296.076] GetCurrentThreadId () returned 0x1130 [0296.076] GetCurrentThreadId () returned 0x1130 [0296.076] GetCurrentThreadId () returned 0x1130 [0296.076] free (_Block=0x1d1338) [0296.077] malloc (_Size=0x60) returned 0x1d1338 [0296.077] free (_Block=0x1d1338) [0296.077] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.077] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x63f5 [0296.077] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.077] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.077] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x63f5 [0296.077] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.077] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x63f5, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x63f5, lpOverlapped=0x0) returned 1 [0296.079] malloc (_Size=0x8c) returned 0x1d1338 [0296.079] malloc (_Size=0xfc) returned 0x31d77e0 [0296.079] malloc (_Size=0x40) returned 0x1d14e8 [0296.079] GetCurrentThreadId () returned 0x1130 [0296.079] GetCurrentThreadId () returned 0x1130 [0296.079] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] malloc (_Size=0xa5c) returned 0x31e40b0 [0296.080] malloc (_Size=0x40) returned 0x1d7470 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] GetCurrentThreadId () returned 0x1130 [0296.080] malloc (_Size=0xc) returned 0x31e1e98 [0296.081] malloc (_Size=0x720) returned 0x31d2860 [0296.081] malloc (_Size=0xe3c) returned 0x1d9aa8 [0296.081] free (_Block=0x31d2860) [0296.081] malloc (_Size=0x15ac) returned 0x1da8f0 [0296.083] free (_Block=0x1d9aa8) [0296.083] malloc (_Size=0x23e4) returned 0x1dbea8 [0296.083] free (_Block=0x1da8f0) [0296.083] malloc (_Size=0x3274) returned 0x3a60048 [0296.083] free (_Block=0x1dbea8) [0296.083] malloc (_Size=0x4820) returned 0x1d9aa8 [0296.083] free (_Block=0x3a60048) [0296.083] malloc (_Size=0x64e4) returned 0x3a60048 [0296.083] free (_Block=0x1d9aa8) [0296.083] malloc (_Size=0x8920) returned 0x3a66538 [0296.084] free (_Block=0x3a60048) [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.084] GetCurrentThreadId () returned 0x1130 [0296.088] free (_Block=0x31e40b0) [0296.088] free (_Block=0x1d14e8) [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.088] GetCurrentThreadId () returned 0x1130 [0296.089] GetCurrentThreadId () returned 0x1130 [0296.089] GetCurrentThreadId () returned 0x1130 [0296.089] GetCurrentThreadId () returned 0x1130 [0296.089] GetCurrentThreadId () returned 0x1130 [0296.089] GetCurrentThreadId () returned 0x1130 [0296.089] free (_Block=0x3a66538) [0296.089] free (_Block=0x31e1e98) [0296.089] free (_Block=0x1d7470) [0296.089] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c3008*, nNumberOfBytesToWrite=0x8782, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c3008*, lpNumberOfBytesWritten=0x19fbbc*=0x8782, lpOverlapped=0x0) returned 1 [0296.091] free (_Block=0x31d77e0) [0296.091] free (_Block=0x1d1338) [0296.091] CloseHandle (hObject=0x2b4) returned 1 [0296.091] CloseHandle (hObject=0x404) returned 1 [0296.092] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=8) returned 1 [0296.092] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=4) returned 1 [0296.092] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=8) returned 1 [0296.092] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=4) returned 1 [0296.092] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=8) returned 1 [0296.092] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=4) returned 1 [0296.092] SetLastError (dwErrCode=0x0) [0296.092] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", lpFilePart=0x19f9f8*="0pg-C0nz.jpg") returned 0x24 [0296.092] GetLastError () returned 0x0 [0296.092] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=8) returned 1 [0296.092] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=4) returned 1 [0296.092] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=8) returned 1 [0296.092] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=4) returned 1 [0296.092] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.092] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\0pg-c0nz.jpg")) returned 1 [0296.095] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0x3e)) [0296.095] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.095] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.096] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.096] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.096] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.096] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.096] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.096] CloseHandle (hObject=0x404) returned 1 [0296.096] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0pg-C0nz.jpg]omgp:[,di44+DAm|*Nr*Xw|fV4XZ\\63%g]", cchWideChar=53, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0296.096] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0pg-C0nz.jpg]omgp:[,di44+DAm|*Nr*Xw|fV4XZ\\63%g]", cchWideChar=53, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0296.096] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[0pg-C0nz.jpg]omgp:[,di44+DAm|*Nr*Xw|fV4XZ\\63%g]", cchWideChar=53, lpMultiByteStr=0x2516ad0, cbMultiByte=53, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[0pg-C0nz.jpg]omgp:[,di44+DAm|*Nr*Xw|fV4XZ\\63%g]", lpUsedDefaultChar=0x0) returned 53 [0296.104] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.104] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8=") returned 172 [0296.104] GetCurrentThreadId () returned 0x1130 [0296.104] GetCurrentThreadId () returned 0x1130 [0296.104] GetCurrentThreadId () returned 0x1130 [0296.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.104] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.104] SetLastError (dwErrCode=0x0) [0296.104] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320") returned 0x64 [0296.104] GetLastError () returned 0x0 [0296.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.105] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.105] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.105] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].wannacash ncov v310320")) returned 0x20 [0296.105] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1234].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.105] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.105] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.105] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x8782 [0296.105] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.105] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.106] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.106] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.106] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.106] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.106] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3") returned 197 [0296.106] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.106] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3") returned 197 [0296.106] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x8782 [0296.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.106] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:NBtXMAkQRLZbacD5ay4WE5RMqIi2oRyv3GHl0hs2Miz+GzUDG7bmUPxrtCgKTOq2e5qubQb2Z9xPafoTyOVIHx4/7ufXwFwdmXwEWV7HvQ0zF/6QirFcJI2HajpEwDAdEFmbW0FHWJVcEVd/RZ8lRXF/KwfX1L1Av9KUIb/9iS8= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.106] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.106] CloseHandle (hObject=0x404) returned 1 [0296.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=8) returned 1 [0296.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=4) returned 1 [0296.107] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=8) returned 1 [0296.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=4) returned 1 [0296.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=8) returned 1 [0296.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=4) returned 1 [0296.112] SetLastError (dwErrCode=0x0) [0296.112] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", lpFilePart=0x19fa34*="0pg-C0nz.jpg") returned 0x24 [0296.112] GetLastError () returned 0x0 [0296.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=8) returned 1 [0296.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=4) returned 1 [0296.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=8) returned 1 [0296.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg", cchCount2=4) returned 1 [0296.112] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.112] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\0pg-c0nz.jpg")) returned 0 [0296.113] GetLastError () returned 0x2 [0296.113] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\0pg-C0nz.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\0pg-c0nz.jpg")) returned 0xffffffff [0296.113] SetLastError (dwErrCode=0x2) [0296.113] GetLastError () returned 0x2 [0296.113] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.113] LocalFree (hMem=0x92fe20) returned 0x0 [0296.113] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.113] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.113] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\4ygmbudd-liwqikghker.bmp")) returned 0x20 [0296.114] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39101974054) returned 1 [0296.114] GetCurrentThreadId () returned 0x1130 [0296.114] GetCurrentThreadId () returned 0x1130 [0296.114] GetCurrentThreadId () returned 0x1130 [0296.114] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KFZ.<_t>h_!-U(dDHJ&gg_TCwRW", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0296.114] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KFZ.<_t>h_!-U(dDHJ&gg_TCwRW", cchWideChar=27, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 27 [0296.114] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="KFZ.<_t>h_!-U(dDHJ&gg_TCwRW", cchWideChar=27, lpMultiByteStr=0x2508f10, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="KFZ.<_t>h_!-U(dDHJ&gg_TCwRW", lpUsedDefaultChar=0x0) returned 27 [0296.114] GetCurrentThreadId () returned 0x1130 [0296.114] GetCurrentThreadId () returned 0x1130 [0296.114] GetCurrentThreadId () returned 0x1130 [0296.114] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\4ygmbudd-liwqikghker.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.114] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.115] GetCurrentThreadId () returned 0x1130 [0296.116] malloc (_Size=0x64) returned 0x1d1338 [0296.116] GetCurrentThreadId () returned 0x1130 [0296.116] GetCurrentThreadId () returned 0x1130 [0296.116] GetCurrentThreadId () returned 0x1130 [0296.116] GetCurrentThreadId () returned 0x1130 [0296.116] GetCurrentThreadId () returned 0x1130 [0296.116] GetCurrentThreadId () returned 0x1130 [0296.116] free (_Block=0x1d1338) [0296.116] malloc (_Size=0x60) returned 0x1d1338 [0296.116] free (_Block=0x1d1338) [0296.116] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xb446 [0296.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xb446 [0296.117] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.117] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0xb446, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0xb446, lpOverlapped=0x0) returned 1 [0296.118] malloc (_Size=0x8c) returned 0x1d1338 [0296.118] malloc (_Size=0xfc) returned 0x31d76d8 [0296.119] malloc (_Size=0x40) returned 0x1d14e8 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] malloc (_Size=0xa5c) returned 0x31e40b0 [0296.119] malloc (_Size=0x40) returned 0x1d7470 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.119] GetCurrentThreadId () returned 0x1130 [0296.120] GetCurrentThreadId () returned 0x1130 [0296.120] GetCurrentThreadId () returned 0x1130 [0296.120] GetCurrentThreadId () returned 0x1130 [0296.120] GetCurrentThreadId () returned 0x1130 [0296.120] GetCurrentThreadId () returned 0x1130 [0296.120] GetCurrentThreadId () returned 0x1130 [0296.120] GetCurrentThreadId () returned 0x1130 [0296.120] GetCurrentThreadId () returned 0x1130 [0296.120] GetCurrentThreadId () returned 0x1130 [0296.120] GetCurrentThreadId () returned 0x1130 [0296.120] malloc (_Size=0xc) returned 0x31e1df0 [0296.120] malloc (_Size=0x720) returned 0x31d2860 [0296.120] malloc (_Size=0xe3c) returned 0x1d9aa8 [0296.120] free (_Block=0x31d2860) [0296.120] malloc (_Size=0x15ac) returned 0x1da8f0 [0296.121] free (_Block=0x1d9aa8) [0296.121] malloc (_Size=0x23e4) returned 0x1dbea8 [0296.121] free (_Block=0x1da8f0) [0296.121] malloc (_Size=0x3274) returned 0x3a60048 [0296.121] free (_Block=0x1dbea8) [0296.121] malloc (_Size=0x4820) returned 0x1d9aa8 [0296.121] free (_Block=0x3a60048) [0296.121] malloc (_Size=0x64e4) returned 0x3a60048 [0296.121] free (_Block=0x1d9aa8) [0296.121] malloc (_Size=0x8920) returned 0x3a66538 [0296.121] free (_Block=0x3a60048) [0296.122] malloc (_Size=0xbb90) returned 0x3a6ee60 [0296.122] free (_Block=0x3a66538) [0296.122] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0296.122] free (_Block=0x3a6ee60) [0296.122] GetCurrentThreadId () returned 0x1130 [0296.122] GetCurrentThreadId () returned 0x1130 [0296.122] GetCurrentThreadId () returned 0x1130 [0296.122] GetCurrentThreadId () returned 0x1130 [0296.122] GetCurrentThreadId () returned 0x1130 [0296.122] GetCurrentThreadId () returned 0x1130 [0296.122] GetCurrentThreadId () returned 0x1130 [0296.122] GetCurrentThreadId () returned 0x1130 [0296.122] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] free (_Block=0x31e40b0) [0296.123] free (_Block=0x1d14e8) [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.123] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] GetCurrentThreadId () returned 0x1130 [0296.125] free (_Block=0x3a7a9f8) [0296.126] free (_Block=0x31e1df0) [0296.126] free (_Block=0x1d7470) [0296.126] WriteFile (in: hFile=0x2b4, lpBuffer=0x39cd208*, nNumberOfBytesToWrite=0xf442, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39cd208*, lpNumberOfBytesWritten=0x19fbbc*=0xf442, lpOverlapped=0x0) returned 1 [0296.128] free (_Block=0x31d76d8) [0296.128] free (_Block=0x1d1338) [0296.128] CloseHandle (hObject=0x2b4) returned 1 [0296.129] CloseHandle (hObject=0x404) returned 1 [0296.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=8) returned 1 [0296.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=4) returned 1 [0296.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=8) returned 1 [0296.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=4) returned 1 [0296.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=8) returned 1 [0296.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=4) returned 1 [0296.129] SetLastError (dwErrCode=0x0) [0296.129] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", lpFilePart=0x19f9f8*="4YgMbUDD-LIWQiKgHKER.bmp") returned 0x30 [0296.129] GetLastError () returned 0x0 [0296.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=8) returned 1 [0296.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=4) returned 1 [0296.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=8) returned 1 [0296.129] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=4) returned 1 [0296.130] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.130] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\4ygmbudd-liwqikghker.bmp")) returned 1 [0296.137] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0x5e)) [0296.137] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.137] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.137] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.137] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.137] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.137] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.137] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.138] CloseHandle (hObject=0x404) returned 1 [0296.138] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[4YgMbUDD-LIWQiKgHKER.bmp]omgp:[KFZ.<_t>h_!-U(dDHJ&gg_TCwRW]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0296.138] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[4YgMbUDD-LIWQiKgHKER.bmp]omgp:[KFZ.<_t>h_!-U(dDHJ&gg_TCwRW]", cchWideChar=65, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0296.138] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[4YgMbUDD-LIWQiKgHKER.bmp]omgp:[KFZ.<_t>h_!-U(dDHJ&gg_TCwRW]", cchWideChar=65, lpMultiByteStr=0x2541cd8, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[4YgMbUDD-LIWQiKgHKER.bmp]omgp:[KFZ.<_t>h_!-U(dDHJ&gg_TCwRW]", lpUsedDefaultChar=0x0) returned 65 [0296.148] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.148] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc=") returned 172 [0296.148] GetCurrentThreadId () returned 0x1130 [0296.148] GetCurrentThreadId () returned 0x1130 [0296.148] GetCurrentThreadId () returned 0x1130 [0296.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.148] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.148] SetLastError (dwErrCode=0x0) [0296.148] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320") returned 0x64 [0296.148] GetLastError () returned 0x0 [0296.149] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.149] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.149] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.149] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.149] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.149] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].wannacash ncov v310320")) returned 0x20 [0296.149] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1235].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.149] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.149] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.150] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xf442 [0296.150] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.150] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.150] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.150] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.150] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.150] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.150] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.150] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3") returned 197 [0296.150] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.150] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3") returned 197 [0296.150] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xf442 [0296.150] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.150] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.151] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:svQhwnA3ZXZ8J2Cz9sOh1mIVIhseYDJssjqsklejnsA33SXzA/hF/D25HAVnsKrKZCD0YuCGiJvbIl8FrLEY+JSiiW/ajhZK9oDUwam5yzC8t8bSsm/B0GH5dQiaK0jyd6vQTpQ3Pdb2lTn35jB/SvLozQXQkQWOpiQnJmr4VAc= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.151] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.151] CloseHandle (hObject=0x404) returned 1 [0296.151] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=8) returned 1 [0296.151] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=4) returned 1 [0296.151] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=8) returned 1 [0296.151] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=4) returned 1 [0296.151] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=8) returned 1 [0296.151] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=4) returned 1 [0296.151] SetLastError (dwErrCode=0x0) [0296.151] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", lpFilePart=0x19fa34*="4YgMbUDD-LIWQiKgHKER.bmp") returned 0x30 [0296.151] GetLastError () returned 0x0 [0296.151] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=8) returned 1 [0296.151] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=4) returned 1 [0296.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=8) returned 1 [0296.152] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp", cchCount2=4) returned 1 [0296.152] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.152] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\4ygmbudd-liwqikghker.bmp")) returned 0 [0296.152] GetLastError () returned 0x2 [0296.152] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\4YgMbUDD-LIWQiKgHKER.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\4ygmbudd-liwqikghker.bmp")) returned 0xffffffff [0296.152] SetLastError (dwErrCode=0x2) [0296.152] GetLastError () returned 0x2 [0296.152] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.152] LocalFree (hMem=0x92fe20) returned 0x0 [0296.152] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.153] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.153] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\6rjk_a8.flv")) returned 0x20 [0296.153] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39105914549) returned 1 [0296.153] GetCurrentThreadId () returned 0x1130 [0296.153] GetCurrentThreadId () returned 0x1130 [0296.153] GetCurrentThreadId () returned 0x1130 [0296.153] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(pQg4@№9ZID:N\"5|lO%}3$jcJZ.~%GLd@^^WU:3", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0296.153] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(pQg4@№9ZID:N\"5|lO%}3$jcJZ.~%GLd@^^WU:3", cchWideChar=39, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0296.153] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="(pQg4@№9ZID:N\"5|lO%}3$jcJZ.~%GLd@^^WU:3", cchWideChar=39, lpMultiByteStr=0x2524fd0, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="(pQg4@â\x84\x969ZID:N\"5|lO%}3$jcJZ.~%GLd@^^WU:3", lpUsedDefaultChar=0x0) returned 41 [0296.153] GetCurrentThreadId () returned 0x1130 [0296.153] GetCurrentThreadId () returned 0x1130 [0296.153] GetCurrentThreadId () returned 0x1130 [0296.153] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\6rjk_a8.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.154] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.158] GetCurrentThreadId () returned 0x1130 [0296.183] malloc (_Size=0x64) returned 0x1d1338 [0296.184] GetCurrentThreadId () returned 0x1130 [0296.184] GetCurrentThreadId () returned 0x1130 [0296.184] GetCurrentThreadId () returned 0x1130 [0296.184] GetCurrentThreadId () returned 0x1130 [0296.184] GetCurrentThreadId () returned 0x1130 [0296.184] GetCurrentThreadId () returned 0x1130 [0296.184] free (_Block=0x1d1338) [0296.184] malloc (_Size=0x60) returned 0x1d1338 [0296.184] free (_Block=0x1d1338) [0296.184] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.184] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xe184 [0296.184] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.184] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.184] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xe184 [0296.184] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.185] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0xe184, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0xe184, lpOverlapped=0x0) returned 1 [0296.187] malloc (_Size=0x8c) returned 0x1d1338 [0296.187] malloc (_Size=0xfc) returned 0x31d71b0 [0296.187] malloc (_Size=0x40) returned 0x1d14e8 [0296.187] GetCurrentThreadId () returned 0x1130 [0296.187] GetCurrentThreadId () returned 0x1130 [0296.187] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] malloc (_Size=0xa5c) returned 0x31e40b0 [0296.188] malloc (_Size=0x40) returned 0x1d7470 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] GetCurrentThreadId () returned 0x1130 [0296.188] malloc (_Size=0xc) returned 0x31e1eb0 [0296.188] malloc (_Size=0x720) returned 0x31d2860 [0296.189] malloc (_Size=0xe3c) returned 0x1d9aa8 [0296.189] free (_Block=0x31d2860) [0296.189] malloc (_Size=0x15ac) returned 0x1da8f0 [0296.189] free (_Block=0x1d9aa8) [0296.189] malloc (_Size=0x23e4) returned 0x1dbea8 [0296.189] free (_Block=0x1da8f0) [0296.189] malloc (_Size=0x3274) returned 0x3a60048 [0296.189] free (_Block=0x1dbea8) [0296.189] malloc (_Size=0x4820) returned 0x1d9aa8 [0296.189] free (_Block=0x3a60048) [0296.189] malloc (_Size=0x64e4) returned 0x3a60048 [0296.189] free (_Block=0x1d9aa8) [0296.189] malloc (_Size=0x8920) returned 0x3a66538 [0296.189] free (_Block=0x3a60048) [0296.190] malloc (_Size=0xbb90) returned 0x3a6ee60 [0296.190] free (_Block=0x3a66538) [0296.190] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0296.190] free (_Block=0x3a6ee60) [0296.190] malloc (_Size=0x1533c) returned 0x3a60048 [0296.190] free (_Block=0x3a7a9f8) [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.190] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] free (_Block=0x31e40b0) [0296.191] free (_Block=0x1d14e8) [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] GetCurrentThreadId () returned 0x1130 [0296.191] free (_Block=0x3a60048) [0296.192] free (_Block=0x31e1eb0) [0296.192] free (_Block=0x1d7470) [0296.192] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d2c08*, nNumberOfBytesToWrite=0x1318c, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d2c08*, lpNumberOfBytesWritten=0x19fbbc*=0x1318c, lpOverlapped=0x0) returned 1 [0296.321] free (_Block=0x31d71b0) [0296.321] free (_Block=0x1d1338) [0296.322] CloseHandle (hObject=0x2b4) returned 1 [0296.322] CloseHandle (hObject=0x404) returned 1 [0296.322] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=8) returned 1 [0296.322] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=4) returned 1 [0296.322] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=8) returned 1 [0296.322] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=4) returned 1 [0296.322] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=8) returned 1 [0296.322] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=4) returned 1 [0296.322] SetLastError (dwErrCode=0x0) [0296.322] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", lpFilePart=0x19f9f8*="6rjK_A8.flv") returned 0x23 [0296.322] GetLastError () returned 0x0 [0296.322] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=8) returned 1 [0296.322] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=4) returned 1 [0296.322] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=8) returned 1 [0296.322] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=4) returned 1 [0296.322] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.322] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\6rjk_a8.flv")) returned 1 [0296.373] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0x157)) [0296.373] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.374] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.374] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.374] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.374] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.374] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.374] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.375] CloseHandle (hObject=0x404) returned 1 [0296.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[6rjK_A8.flv]omgp:[(pQg4@№9ZID:N\"5|lO%}3$jcJZ.~%GLd@^^WU:3]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0296.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[6rjK_A8.flv]omgp:[(pQg4@№9ZID:N\"5|lO%}3$jcJZ.~%GLd@^^WU:3]", cchWideChar=64, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0296.375] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[6rjK_A8.flv]omgp:[(pQg4@№9ZID:N\"5|lO%}3$jcJZ.~%GLd@^^WU:3]", cchWideChar=64, lpMultiByteStr=0x2541d28, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[6rjK_A8.flv]omgp:[(pQg4@?9ZID:N\"5|lO%}3$jcJZ.~%GLd@^^WU:3]", lpUsedDefaultChar=0x0) returned 64 [0296.383] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.383] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE=") returned 172 [0296.383] GetCurrentThreadId () returned 0x1130 [0296.383] GetCurrentThreadId () returned 0x1130 [0296.383] GetCurrentThreadId () returned 0x1130 [0296.383] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.383] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.383] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.383] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.384] SetLastError (dwErrCode=0x0) [0296.384] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320") returned 0x64 [0296.384] GetLastError () returned 0x0 [0296.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.384] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.384] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.384] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].wannacash ncov v310320")) returned 0x20 [0296.384] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1236].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.384] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.384] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.384] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1318c [0296.385] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.385] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.385] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.385] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.385] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.385] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.385] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3") returned 197 [0296.385] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.385] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3") returned 197 [0296.385] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1318c [0296.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.385] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:VSxAKrhEnbOisK4BzgCW9OsLpFQqYvndpP8UNe0rA4T6HLnR1orlIcHlmm/ou/09ngr6OILEXtQWi56i56kexO4e87DtulfJDc51tl67shVtFt0gwUvrgD/OZZKEca0W3PiMXazOXhZ1cuMWX+WzyDUdjYQZjgZ5vq0WJIpevAE= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.385] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.386] CloseHandle (hObject=0x404) returned 1 [0296.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=8) returned 1 [0296.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=4) returned 1 [0296.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=8) returned 1 [0296.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=4) returned 1 [0296.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=8) returned 1 [0296.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=4) returned 1 [0296.386] SetLastError (dwErrCode=0x0) [0296.386] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", lpFilePart=0x19fa34*="6rjK_A8.flv") returned 0x23 [0296.386] GetLastError () returned 0x0 [0296.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=8) returned 1 [0296.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=4) returned 1 [0296.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=8) returned 1 [0296.386] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv", cchCount2=4) returned 1 [0296.386] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.386] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\6rjk_a8.flv")) returned 0 [0296.387] GetLastError () returned 0x2 [0296.387] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6rjK_A8.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\6rjk_a8.flv")) returned 0xffffffff [0296.387] SetLastError (dwErrCode=0x2) [0296.387] GetLastError () returned 0x2 [0296.387] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.387] LocalFree (hMem=0x92fe20) returned 0x0 [0296.387] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.388] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.388] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\6sk3y0tc-ha 9wor.bmp")) returned 0x20 [0296.388] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39129409203) returned 1 [0296.388] GetCurrentThreadId () returned 0x1130 [0296.388] GetCurrentThreadId () returned 0x1130 [0296.388] GetCurrentThreadId () returned 0x1130 [0296.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":-8QN,uN&u.m9!I?2O3feh6\"_(&{V8H+;Y|p", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0296.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":-8QN,uN&u.m9!I?2O3feh6\"_(&{V8H+;Y|p", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0296.388] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr=":-8QN,uN&u.m9!I?2O3feh6\"_(&{V8H+;Y|p", cchWideChar=36, lpMultiByteStr=0x250f7b8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=":-8QN,uN&u.m9!I?2O3feh6\"_(&{V8H+;Y|p\x11øP\x02\x01", lpUsedDefaultChar=0x0) returned 36 [0296.388] GetCurrentThreadId () returned 0x1130 [0296.389] GetCurrentThreadId () returned 0x1130 [0296.389] GetCurrentThreadId () returned 0x1130 [0296.389] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\6sk3y0tc-ha 9wor.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.389] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.389] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] malloc (_Size=0x64) returned 0x1d1338 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] GetCurrentThreadId () returned 0x1130 [0296.390] free (_Block=0x1d1338) [0296.390] malloc (_Size=0x60) returned 0x1d1338 [0296.391] free (_Block=0x1d1338) [0296.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8f63 [0296.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x8f63 [0296.391] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.391] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x8f63, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x8f63, lpOverlapped=0x0) returned 1 [0296.392] malloc (_Size=0x8c) returned 0x1d1338 [0296.392] malloc (_Size=0xfc) returned 0x31d77e0 [0296.392] malloc (_Size=0x40) returned 0x1d14e8 [0296.392] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] malloc (_Size=0xa5c) returned 0x31e40b0 [0296.393] malloc (_Size=0x40) returned 0x1d7470 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] GetCurrentThreadId () returned 0x1130 [0296.393] malloc (_Size=0xc) returned 0x31e1ca0 [0296.393] malloc (_Size=0x720) returned 0x31d2860 [0296.394] malloc (_Size=0xe3c) returned 0x1d9aa8 [0296.394] free (_Block=0x31d2860) [0296.394] malloc (_Size=0x15ac) returned 0x1da8f0 [0296.394] free (_Block=0x1d9aa8) [0296.394] malloc (_Size=0x23e4) returned 0x1dbea8 [0296.394] free (_Block=0x1da8f0) [0296.394] malloc (_Size=0x3274) returned 0x3a60048 [0296.394] free (_Block=0x1dbea8) [0296.394] malloc (_Size=0x4820) returned 0x1d9aa8 [0296.394] free (_Block=0x3a60048) [0296.394] malloc (_Size=0x64e4) returned 0x3a60048 [0296.394] free (_Block=0x1d9aa8) [0296.394] malloc (_Size=0x8920) returned 0x3a66538 [0296.394] free (_Block=0x3a60048) [0296.395] malloc (_Size=0xbb90) returned 0x3a6ee60 [0296.395] free (_Block=0x3a66538) [0296.395] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0296.395] free (_Block=0x3a6ee60) [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] GetCurrentThreadId () returned 0x1130 [0296.395] free (_Block=0x31e40b0) [0296.396] free (_Block=0x1d14e8) [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] GetCurrentThreadId () returned 0x1130 [0296.396] free (_Block=0x3a7a9f8) [0296.396] free (_Block=0x31e1ca0) [0296.396] free (_Block=0x1d7470) [0296.396] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c8808*, nNumberOfBytesToWrite=0xc256, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c8808*, lpNumberOfBytesWritten=0x19fbbc*=0xc256, lpOverlapped=0x0) returned 1 [0296.398] free (_Block=0x31d77e0) [0296.398] free (_Block=0x1d1338) [0296.398] CloseHandle (hObject=0x2b4) returned 1 [0296.399] CloseHandle (hObject=0x404) returned 1 [0296.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=8) returned 1 [0296.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=4) returned 1 [0296.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=8) returned 1 [0296.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=4) returned 1 [0296.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=8) returned 1 [0296.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=4) returned 1 [0296.399] SetLastError (dwErrCode=0x0) [0296.399] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", lpFilePart=0x19f9f8*="6sk3Y0Tc-Ha 9wor.bmp") returned 0x2c [0296.399] GetLastError () returned 0x0 [0296.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=8) returned 1 [0296.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=4) returned 1 [0296.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=8) returned 1 [0296.399] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=4) returned 1 [0296.399] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.399] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\6sk3y0tc-ha 9wor.bmp")) returned 1 [0296.406] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0x176)) [0296.406] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.406] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.407] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.407] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.407] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.407] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.407] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.407] CloseHandle (hObject=0x404) returned 1 [0296.407] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[6sk3Y0Tc-Ha 9wor.bmp]omgp:[:-8QN,uN&u.m9!I?2O3feh6\"_(&{V8H+;Y|p]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0296.407] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[6sk3Y0Tc-Ha 9wor.bmp]omgp:[:-8QN,uN&u.m9!I?2O3feh6\"_(&{V8H+;Y|p]", cchWideChar=70, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 70 [0296.407] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[6sk3Y0Tc-Ha 9wor.bmp]omgp:[:-8QN,uN&u.m9!I?2O3feh6\"_(&{V8H+;Y|p]", cchWideChar=70, lpMultiByteStr=0x252c6b0, cbMultiByte=70, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[6sk3Y0Tc-Ha 9wor.bmp]omgp:[:-8QN,uN&u.m9!I?2O3feh6\"_(&{V8H+;Y|p]l", lpUsedDefaultChar=0x0) returned 70 [0296.415] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.415] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0=") returned 172 [0296.415] GetCurrentThreadId () returned 0x1130 [0296.415] GetCurrentThreadId () returned 0x1130 [0296.415] GetCurrentThreadId () returned 0x1130 [0296.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.416] SetLastError (dwErrCode=0x0) [0296.416] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320") returned 0x64 [0296.416] GetLastError () returned 0x0 [0296.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.416] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.416] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.416] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].wannacash ncov v310320")) returned 0x20 [0296.416] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1237].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.416] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.417] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.417] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xc256 [0296.417] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.417] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.417] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.417] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.417] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3") returned 197 [0296.417] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.417] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3") returned 197 [0296.417] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xc256 [0296.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.417] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:wRvVBqbL80C76ZJ2umjRwat28y+oQz4vOonyhCEMw/CSwBOuHHcw+0ZAxZOg9hHU25XqZc2v7sAaP8D/GxVU314QVLkO+q2oSr0EuaQn2S01wW32x7D3eTcRlNW4gsaCeHSJp7rgTM/bGUJrnd2/Uaw/HWhTLqoKHgmDKaigMA0= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.418] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.418] CloseHandle (hObject=0x404) returned 1 [0296.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=8) returned 1 [0296.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=4) returned 1 [0296.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=8) returned 1 [0296.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=4) returned 1 [0296.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=8) returned 1 [0296.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=4) returned 1 [0296.418] SetLastError (dwErrCode=0x0) [0296.418] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", lpFilePart=0x19fa34*="6sk3Y0Tc-Ha 9wor.bmp") returned 0x2c [0296.418] GetLastError () returned 0x0 [0296.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=8) returned 1 [0296.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=4) returned 1 [0296.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=8) returned 1 [0296.418] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp", cchCount2=4) returned 1 [0296.418] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.418] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\6sk3y0tc-ha 9wor.bmp")) returned 0 [0296.419] GetLastError () returned 0x2 [0296.419] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\6sk3Y0Tc-Ha 9wor.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\6sk3y0tc-ha 9wor.bmp")) returned 0xffffffff [0296.419] SetLastError (dwErrCode=0x2) [0296.419] GetLastError () returned 0x2 [0296.419] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.419] LocalFree (hMem=0x92fe20) returned 0x0 [0296.419] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.419] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.420] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\aolggstvwjkc.bmp")) returned 0x20 [0296.420] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39132597375) returned 1 [0296.420] GetCurrentThreadId () returned 0x1130 [0296.420] GetCurrentThreadId () returned 0x1130 [0296.420] GetCurrentThreadId () returned 0x1130 [0296.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="t\"im|i5>!YXv?Qfss}Ul4nQ8798.=~~A4aKKb18V^zwT)!g", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0296.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="t\"im|i5>!YXv?Qfss}Ul4nQ8798.=~~A4aKKb18V^zwT)!g", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0296.420] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="t\"im|i5>!YXv?Qfss}Ul4nQ8798.=~~A4aKKb18V^zwT)!g", cchWideChar=47, lpMultiByteStr=0x25337d8, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="t\"im|i5>!YXv?Qfss}Ul4nQ8798.=~~A4aKKb18V^zwT)!g", lpUsedDefaultChar=0x0) returned 47 [0296.420] GetCurrentThreadId () returned 0x1130 [0296.420] GetCurrentThreadId () returned 0x1130 [0296.420] GetCurrentThreadId () returned 0x1130 [0296.420] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\aolggstvwjkc.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.420] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.421] GetCurrentThreadId () returned 0x1130 [0296.421] GetCurrentThreadId () returned 0x1130 [0296.421] GetCurrentThreadId () returned 0x1130 [0296.421] GetCurrentThreadId () returned 0x1130 [0296.421] GetCurrentThreadId () returned 0x1130 [0296.421] GetCurrentThreadId () returned 0x1130 [0296.421] GetCurrentThreadId () returned 0x1130 [0296.421] GetCurrentThreadId () returned 0x1130 [0296.421] GetCurrentThreadId () returned 0x1130 [0296.421] GetCurrentThreadId () returned 0x1130 [0296.422] GetCurrentThreadId () returned 0x1130 [0296.422] GetCurrentThreadId () returned 0x1130 [0296.422] GetCurrentThreadId () returned 0x1130 [0296.422] malloc (_Size=0x64) returned 0x1d1338 [0296.422] GetCurrentThreadId () returned 0x1130 [0296.422] GetCurrentThreadId () returned 0x1130 [0296.422] GetCurrentThreadId () returned 0x1130 [0296.422] GetCurrentThreadId () returned 0x1130 [0296.422] GetCurrentThreadId () returned 0x1130 [0296.422] GetCurrentThreadId () returned 0x1130 [0296.422] free (_Block=0x1d1338) [0296.422] malloc (_Size=0x60) returned 0x1d1338 [0296.422] free (_Block=0x1d1338) [0296.422] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.422] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3e16 [0296.422] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.422] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.423] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x3e16 [0296.423] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.423] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x3e16, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x3e16, lpOverlapped=0x0) returned 1 [0296.424] malloc (_Size=0x8c) returned 0x1d1338 [0296.424] malloc (_Size=0xfc) returned 0x31d70a8 [0296.424] malloc (_Size=0x40) returned 0x1d14e8 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.424] malloc (_Size=0xa5c) returned 0x31e40b0 [0296.424] malloc (_Size=0x40) returned 0x1d7470 [0296.424] GetCurrentThreadId () returned 0x1130 [0296.425] GetCurrentThreadId () returned 0x1130 [0296.425] GetCurrentThreadId () returned 0x1130 [0296.425] GetCurrentThreadId () returned 0x1130 [0296.425] GetCurrentThreadId () returned 0x1130 [0296.425] GetCurrentThreadId () returned 0x1130 [0296.425] GetCurrentThreadId () returned 0x1130 [0296.425] GetCurrentThreadId () returned 0x1130 [0296.425] GetCurrentThreadId () returned 0x1130 [0296.425] GetCurrentThreadId () returned 0x1130 [0296.425] GetCurrentThreadId () returned 0x1130 [0296.425] GetCurrentThreadId () returned 0x1130 [0296.425] malloc (_Size=0xc) returned 0x31e1e20 [0296.425] malloc (_Size=0x720) returned 0x31d2860 [0296.425] malloc (_Size=0xe3c) returned 0x1d9aa8 [0296.425] free (_Block=0x31d2860) [0296.425] malloc (_Size=0x15ac) returned 0x1da8f0 [0296.425] free (_Block=0x1d9aa8) [0296.425] malloc (_Size=0x23e4) returned 0x1dbea8 [0296.425] free (_Block=0x1da8f0) [0296.425] malloc (_Size=0x3274) returned 0x3a60048 [0296.426] free (_Block=0x1dbea8) [0296.426] malloc (_Size=0x4820) returned 0x1d9aa8 [0296.426] free (_Block=0x3a60048) [0296.426] malloc (_Size=0x64e4) returned 0x3a60048 [0296.426] free (_Block=0x1d9aa8) [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.426] GetCurrentThreadId () returned 0x1130 [0296.427] free (_Block=0x31e40b0) [0296.427] free (_Block=0x1d14e8) [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] GetCurrentThreadId () returned 0x1130 [0296.427] free (_Block=0x3a60048) [0296.427] free (_Block=0x31e1e20) [0296.427] free (_Block=0x1d7470) [0296.427] WriteFile (in: hFile=0x2b4, lpBuffer=0x39be508*, nNumberOfBytesToWrite=0x5438, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39be508*, lpNumberOfBytesWritten=0x19fbbc*=0x5438, lpOverlapped=0x0) returned 1 [0296.429] free (_Block=0x31d70a8) [0296.429] free (_Block=0x1d1338) [0296.429] CloseHandle (hObject=0x2b4) returned 1 [0296.429] CloseHandle (hObject=0x404) returned 1 [0296.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=8) returned 1 [0296.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=4) returned 1 [0296.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=8) returned 1 [0296.429] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=4) returned 1 [0296.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=8) returned 1 [0296.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=4) returned 1 [0296.430] SetLastError (dwErrCode=0x0) [0296.430] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", lpFilePart=0x19f9f8*="aoLgGstVwjKc.bmp") returned 0x28 [0296.430] GetLastError () returned 0x0 [0296.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=8) returned 1 [0296.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=4) returned 1 [0296.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=8) returned 1 [0296.430] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=4) returned 1 [0296.430] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.430] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\aolggstvwjkc.bmp")) returned 1 [0296.434] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0x186)) [0296.434] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.434] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.434] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.434] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.434] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.434] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.434] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.434] CloseHandle (hObject=0x404) returned 1 [0296.434] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[aoLgGstVwjKc.bmp]omgp:[t\"im|i5>!YXv?Qfss}Ul4nQ8798.=~~A4aKKb18V^zwT)!g]", cchWideChar=77, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0296.434] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[aoLgGstVwjKc.bmp]omgp:[t\"im|i5>!YXv?Qfss}Ul4nQ8798.=~~A4aKKb18V^zwT)!g]", cchWideChar=77, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 77 [0296.434] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[aoLgGstVwjKc.bmp]omgp:[t\"im|i5>!YXv?Qfss}Ul4nQ8798.=~~A4aKKb18V^zwT)!g]", cchWideChar=77, lpMultiByteStr=0x251e1a8, cbMultiByte=77, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[aoLgGstVwjKc.bmp]omgp:[t\"im|i5>!YXv?Qfss}Ul4nQ8798.=~~A4aKKb18V^zwT)!g]", lpUsedDefaultChar=0x0) returned 77 [0296.443] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.443] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms=") returned 172 [0296.443] GetCurrentThreadId () returned 0x1130 [0296.443] GetCurrentThreadId () returned 0x1130 [0296.443] GetCurrentThreadId () returned 0x1130 [0296.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.443] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.443] SetLastError (dwErrCode=0x0) [0296.443] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320") returned 0x64 [0296.443] GetLastError () returned 0x0 [0296.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.444] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.444] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.444] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].wannacash ncov v310320")) returned 0x20 [0296.444] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1238].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x5438 [0296.444] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.444] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.445] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3") returned 197 [0296.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.445] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3") returned 197 [0296.445] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x5438 [0296.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.445] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:yJMyaeUMuGodnKSoY/+lXe989lR/Pb1TpWJ0U2lI8Vki5mX6yRS6EpEbBE0qMUKbxiqY/pbpzkEn24TnY5c8LTKc3o8LR+vp5jjiFXDdgA89WPSI6q5iZcv4kWIpPbW/qJayQDLPLjbjPCLCLkSNVCOQUeMJcp0h09qWJTbr6ms= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.445] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.445] CloseHandle (hObject=0x404) returned 1 [0296.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=8) returned 1 [0296.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=4) returned 1 [0296.445] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=8) returned 1 [0296.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=4) returned 1 [0296.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=8) returned 1 [0296.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=4) returned 1 [0296.446] SetLastError (dwErrCode=0x0) [0296.446] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", lpFilePart=0x19fa34*="aoLgGstVwjKc.bmp") returned 0x28 [0296.446] GetLastError () returned 0x0 [0296.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=8) returned 1 [0296.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=4) returned 1 [0296.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=8) returned 1 [0296.446] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp", cchCount2=4) returned 1 [0296.446] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.446] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\aolggstvwjkc.bmp")) returned 0 [0296.446] GetLastError () returned 0x2 [0296.446] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\aoLgGstVwjKc.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\aolggstvwjkc.bmp")) returned 0xffffffff [0296.446] SetLastError (dwErrCode=0x2) [0296.446] GetLastError () returned 0x2 [0296.446] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.446] LocalFree (hMem=0x92fe20) returned 0x0 [0296.446] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.447] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.447] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\bqvxnpn8eoyhe9.flv")) returned 0x20 [0296.447] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39135312338) returned 1 [0296.447] GetCurrentThreadId () returned 0x1130 [0296.447] GetCurrentThreadId () returned 0x1130 [0296.447] GetCurrentThreadId () returned 0x1130 [0296.447] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kl?.2r~\"GW*uCC?Y9oB!T:Z-PICFJ", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0296.447] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kl?.2r~\"GW*uCC?Y9oB!T:Z-PICFJ", cchWideChar=29, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0296.447] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="kl?.2r~\"GW*uCC?Y9oB!T:Z-PICFJ", cchWideChar=29, lpMultiByteStr=0x250f7b8, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kl?.2r~\"GW*uCC?Y9oB!T:Z-PICFJ", lpUsedDefaultChar=0x0) returned 29 [0296.447] GetCurrentThreadId () returned 0x1130 [0296.447] GetCurrentThreadId () returned 0x1130 [0296.447] GetCurrentThreadId () returned 0x1130 [0296.447] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\bqvxnpn8eoyhe9.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.447] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.448] GetCurrentThreadId () returned 0x1130 [0296.448] GetCurrentThreadId () returned 0x1130 [0296.448] GetCurrentThreadId () returned 0x1130 [0296.448] GetCurrentThreadId () returned 0x1130 [0296.448] GetCurrentThreadId () returned 0x1130 [0296.448] GetCurrentThreadId () returned 0x1130 [0296.448] GetCurrentThreadId () returned 0x1130 [0296.448] GetCurrentThreadId () returned 0x1130 [0296.449] GetCurrentThreadId () returned 0x1130 [0296.449] GetCurrentThreadId () returned 0x1130 [0296.449] GetCurrentThreadId () returned 0x1130 [0296.449] GetCurrentThreadId () returned 0x1130 [0296.449] GetCurrentThreadId () returned 0x1130 [0296.449] malloc (_Size=0x64) returned 0x1d1338 [0296.449] GetCurrentThreadId () returned 0x1130 [0296.449] GetCurrentThreadId () returned 0x1130 [0296.449] GetCurrentThreadId () returned 0x1130 [0296.449] GetCurrentThreadId () returned 0x1130 [0296.449] GetCurrentThreadId () returned 0x1130 [0296.449] GetCurrentThreadId () returned 0x1130 [0296.449] free (_Block=0x1d1338) [0296.449] malloc (_Size=0x60) returned 0x1d1338 [0296.449] free (_Block=0x1d1338) [0296.449] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.449] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x6a2f [0296.449] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.450] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.450] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x6a2f [0296.450] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.450] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x6a2f, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x6a2f, lpOverlapped=0x0) returned 1 [0296.452] malloc (_Size=0x8c) returned 0x1d1338 [0296.452] malloc (_Size=0xfc) returned 0x31d71b0 [0296.452] malloc (_Size=0x40) returned 0x1d14e8 [0296.452] GetCurrentThreadId () returned 0x1130 [0296.452] GetCurrentThreadId () returned 0x1130 [0296.452] GetCurrentThreadId () returned 0x1130 [0296.452] GetCurrentThreadId () returned 0x1130 [0296.452] GetCurrentThreadId () returned 0x1130 [0296.452] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] malloc (_Size=0xa5c) returned 0x31e40b0 [0296.453] malloc (_Size=0x40) returned 0x1d7470 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] GetCurrentThreadId () returned 0x1130 [0296.453] malloc (_Size=0xc) returned 0x31e1df0 [0296.453] malloc (_Size=0x720) returned 0x31d2860 [0296.453] malloc (_Size=0xe3c) returned 0x1d9aa8 [0296.453] free (_Block=0x31d2860) [0296.454] malloc (_Size=0x15ac) returned 0x1da8f0 [0296.454] free (_Block=0x1d9aa8) [0296.454] malloc (_Size=0x23e4) returned 0x1dbea8 [0296.454] free (_Block=0x1da8f0) [0296.454] malloc (_Size=0x3274) returned 0x3a60048 [0296.454] free (_Block=0x1dbea8) [0296.454] malloc (_Size=0x4820) returned 0x1d9aa8 [0296.454] free (_Block=0x3a60048) [0296.454] malloc (_Size=0x64e4) returned 0x3a60048 [0296.454] free (_Block=0x1d9aa8) [0296.454] malloc (_Size=0x8920) returned 0x3a66538 [0296.454] free (_Block=0x3a60048) [0296.454] malloc (_Size=0xbb90) returned 0x3a6ee60 [0296.455] free (_Block=0x3a66538) [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] free (_Block=0x31e40b0) [0296.455] free (_Block=0x1d14e8) [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.455] GetCurrentThreadId () returned 0x1130 [0296.456] GetCurrentThreadId () returned 0x1130 [0296.456] GetCurrentThreadId () returned 0x1130 [0296.456] GetCurrentThreadId () returned 0x1130 [0296.456] GetCurrentThreadId () returned 0x1130 [0296.456] GetCurrentThreadId () returned 0x1130 [0296.456] GetCurrentThreadId () returned 0x1130 [0296.456] GetCurrentThreadId () returned 0x1130 [0296.456] GetCurrentThreadId () returned 0x1130 [0296.456] GetCurrentThreadId () returned 0x1130 [0296.456] GetCurrentThreadId () returned 0x1130 [0296.456] free (_Block=0x3a6ee60) [0296.457] free (_Block=0x31e1df0) [0296.457] free (_Block=0x1d7470) [0296.457] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c3e08*, nNumberOfBytesToWrite=0x8fe3, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c3e08*, lpNumberOfBytesWritten=0x19fbbc*=0x8fe3, lpOverlapped=0x0) returned 1 [0296.458] free (_Block=0x31d71b0) [0296.459] free (_Block=0x1d1338) [0296.459] CloseHandle (hObject=0x2b4) returned 1 [0296.459] CloseHandle (hObject=0x404) returned 1 [0296.459] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=8) returned 1 [0296.459] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=4) returned 1 [0296.459] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=8) returned 1 [0296.459] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=4) returned 1 [0296.459] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=8) returned 1 [0296.459] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=4) returned 1 [0296.459] SetLastError (dwErrCode=0x0) [0296.459] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", lpFilePart=0x19f9f8*="BqVxnpn8eoYhe9.flv") returned 0x2a [0296.459] GetLastError () returned 0x0 [0296.459] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=8) returned 1 [0296.459] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=4) returned 1 [0296.459] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=8) returned 1 [0296.459] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=4) returned 1 [0296.459] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.459] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\bqvxnpn8eoyhe9.flv")) returned 1 [0296.463] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0x1a5)) [0296.463] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.463] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.463] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.463] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.463] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.463] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.463] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.463] CloseHandle (hObject=0x404) returned 1 [0296.463] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[BqVxnpn8eoYhe9.flv]omgp:[kl?.2r~\"GW*uCC?Y9oB!T:Z-PICFJ]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0296.463] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[BqVxnpn8eoYhe9.flv]omgp:[kl?.2r~\"GW*uCC?Y9oB!T:Z-PICFJ]", cchWideChar=61, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0296.463] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[BqVxnpn8eoYhe9.flv]omgp:[kl?.2r~\"GW*uCC?Y9oB!T:Z-PICFJ]", cchWideChar=61, lpMultiByteStr=0x2541cd8, cbMultiByte=61, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[BqVxnpn8eoYhe9.flv]omgp:[kl?.2r~\"GW*uCC?Y9oB!T:Z-PICFJ]", lpUsedDefaultChar=0x0) returned 61 [0296.472] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.472] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg=") returned 172 [0296.472] GetCurrentThreadId () returned 0x1130 [0296.472] GetCurrentThreadId () returned 0x1130 [0296.472] GetCurrentThreadId () returned 0x1130 [0296.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.472] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.473] SetLastError (dwErrCode=0x0) [0296.473] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320") returned 0x64 [0296.473] GetLastError () returned 0x0 [0296.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.473] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.473] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.473] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].wannacash ncov v310320")) returned 0x20 [0296.473] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1239].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.473] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.473] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.474] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x8fe3 [0296.474] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.474] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.474] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.474] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.474] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.474] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.475] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.475] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3") returned 197 [0296.475] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.475] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3") returned 197 [0296.475] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x8fe3 [0296.476] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.476] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.476] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:WDeKzRNnhZg/VP2dzD7SpUViyqUnGBKhP8nL6KWtngJAri404ptcxz8B412U2tLhe6NH7t2nxVObIGHzRQBf1np8sKcrkDrwUsC54rHFZ5qR0jqoPuP5S2RMcZenmuflaz+vB3Ai7zArHBqYFSoXQntZaikYIfrSWrM3dqb8gDg= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.476] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.476] CloseHandle (hObject=0x404) returned 1 [0296.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=8) returned 1 [0296.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=4) returned 1 [0296.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=8) returned 1 [0296.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=4) returned 1 [0296.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=8) returned 1 [0296.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=4) returned 1 [0296.476] SetLastError (dwErrCode=0x0) [0296.476] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", lpFilePart=0x19fa34*="BqVxnpn8eoYhe9.flv") returned 0x2a [0296.476] GetLastError () returned 0x0 [0296.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=8) returned 1 [0296.476] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=4) returned 1 [0296.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=8) returned 1 [0296.477] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv", cchCount2=4) returned 1 [0296.477] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.477] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\bqvxnpn8eoyhe9.flv")) returned 0 [0296.477] GetLastError () returned 0x2 [0296.477] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\BqVxnpn8eoYhe9.flv" (normalized: "c:\\users\\fd1hvy\\desktop\\bqvxnpn8eoyhe9.flv")) returned 0xffffffff [0296.477] SetLastError (dwErrCode=0x2) [0296.477] GetLastError () returned 0x2 [0296.477] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.477] LocalFree (hMem=0x92fe20) returned 0x0 [0296.477] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.477] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.478] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\c4x5vkqjpzsqb.gif")) returned 0x20 [0296.478] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39138391435) returned 1 [0296.478] GetCurrentThreadId () returned 0x1130 [0296.478] GetCurrentThreadId () returned 0x1130 [0296.478] GetCurrentThreadId () returned 0x1130 [0296.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RYWP-iKp2KH№`w/MAdsiHq7b:~74y~_sHvY9P#r5gz!%W", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0296.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RYWP-iKp2KH№`w/MAdsiHq7b:~74y~_sHvY9P#r5gz!%W", cchWideChar=45, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0296.478] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="RYWP-iKp2KH№`w/MAdsiHq7b:~74y~_sHvY9P#r5gz!%W", cchWideChar=45, lpMultiByteStr=0x2533798, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RYWP-iKp2KHâ\x84\x96`w/MAdsiHq7b:~74y~_sHvY9P#r5gz!%W", lpUsedDefaultChar=0x0) returned 47 [0296.478] GetCurrentThreadId () returned 0x1130 [0296.478] GetCurrentThreadId () returned 0x1130 [0296.478] GetCurrentThreadId () returned 0x1130 [0296.478] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\c4x5vkqjpzsqb.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.478] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.558] GetCurrentThreadId () returned 0x1130 [0296.558] GetCurrentThreadId () returned 0x1130 [0296.558] GetCurrentThreadId () returned 0x1130 [0296.558] GetCurrentThreadId () returned 0x1130 [0296.558] GetCurrentThreadId () returned 0x1130 [0296.558] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] malloc (_Size=0x64) returned 0x1d1338 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] GetCurrentThreadId () returned 0x1130 [0296.559] free (_Block=0x1d1338) [0296.559] malloc (_Size=0x60) returned 0x1d1338 [0296.559] free (_Block=0x1d1338) [0296.559] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xf0c1 [0296.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.560] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.562] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xf0c1 [0296.562] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.562] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0xf0c1, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0xf0c1, lpOverlapped=0x0) returned 1 [0296.564] malloc (_Size=0x8c) returned 0x1d1338 [0296.564] malloc (_Size=0xfc) returned 0x31d7e10 [0296.564] malloc (_Size=0x40) returned 0x1d14e8 [0296.564] GetCurrentThreadId () returned 0x1130 [0296.564] GetCurrentThreadId () returned 0x1130 [0296.564] GetCurrentThreadId () returned 0x1130 [0296.564] GetCurrentThreadId () returned 0x1130 [0296.564] GetCurrentThreadId () returned 0x1130 [0296.564] GetCurrentThreadId () returned 0x1130 [0296.564] GetCurrentThreadId () returned 0x1130 [0296.564] GetCurrentThreadId () returned 0x1130 [0296.564] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] malloc (_Size=0xa5c) returned 0x31e40b0 [0296.565] malloc (_Size=0x40) returned 0x1d7470 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.565] GetCurrentThreadId () returned 0x1130 [0296.566] malloc (_Size=0xc) returned 0x31e1e80 [0296.566] malloc (_Size=0x720) returned 0x31d2860 [0296.566] malloc (_Size=0xe3c) returned 0x1d9aa8 [0296.566] free (_Block=0x31d2860) [0296.566] malloc (_Size=0x15ac) returned 0x1da8f0 [0296.566] free (_Block=0x1d9aa8) [0296.567] malloc (_Size=0x23e4) returned 0x1dbea8 [0296.567] free (_Block=0x1da8f0) [0296.567] malloc (_Size=0x3274) returned 0x3a60048 [0296.567] free (_Block=0x1dbea8) [0296.567] malloc (_Size=0x4820) returned 0x1d9aa8 [0296.567] free (_Block=0x3a60048) [0296.568] malloc (_Size=0x64e4) returned 0x3a60048 [0296.568] free (_Block=0x1d9aa8) [0296.568] malloc (_Size=0x8920) returned 0x3a66538 [0296.568] free (_Block=0x3a60048) [0296.568] malloc (_Size=0xbb90) returned 0x3a6ee60 [0296.568] free (_Block=0x3a66538) [0296.569] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0296.569] free (_Block=0x3a6ee60) [0296.569] malloc (_Size=0x1533c) returned 0x3a60048 [0296.569] free (_Block=0x3a7a9f8) [0296.569] GetCurrentThreadId () returned 0x1130 [0296.569] GetCurrentThreadId () returned 0x1130 [0296.569] GetCurrentThreadId () returned 0x1130 [0296.569] GetCurrentThreadId () returned 0x1130 [0296.569] GetCurrentThreadId () returned 0x1130 [0296.569] GetCurrentThreadId () returned 0x1130 [0296.569] GetCurrentThreadId () returned 0x1130 [0296.569] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] free (_Block=0x31e40b0) [0296.570] free (_Block=0x1d14e8) [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.570] GetCurrentThreadId () returned 0x1130 [0296.571] GetCurrentThreadId () returned 0x1130 [0296.571] GetCurrentThreadId () returned 0x1130 [0296.571] GetCurrentThreadId () returned 0x1130 [0296.571] free (_Block=0x3a60048) [0296.572] free (_Block=0x31e1e80) [0296.572] free (_Block=0x1d7470) [0296.572] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d4a08*, nNumberOfBytesToWrite=0x14631, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d4a08*, lpNumberOfBytesWritten=0x19fbbc*=0x14631, lpOverlapped=0x0) returned 1 [0296.573] free (_Block=0x31d7e10) [0296.574] free (_Block=0x1d1338) [0296.574] CloseHandle (hObject=0x2b4) returned 1 [0296.574] CloseHandle (hObject=0x404) returned 1 [0296.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=8) returned 1 [0296.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=4) returned 1 [0296.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=8) returned 1 [0296.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=4) returned 1 [0296.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=8) returned 1 [0296.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=4) returned 1 [0296.574] SetLastError (dwErrCode=0x0) [0296.574] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", lpFilePart=0x19f9f8*="c4X5vkqJpZsQb.gif") returned 0x29 [0296.574] GetLastError () returned 0x0 [0296.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=8) returned 1 [0296.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=4) returned 1 [0296.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=8) returned 1 [0296.574] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=4) returned 1 [0296.574] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.575] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\c4x5vkqjpzsqb.gif")) returned 1 [0296.577] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0x222)) [0296.577] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.577] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.577] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.577] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.577] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.578] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.578] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.578] CloseHandle (hObject=0x404) returned 1 [0296.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[c4X5vkqJpZsQb.gif]omgp:[RYWP-iKp2KH№`w/MAdsiHq7b:~74y~_sHvY9P#r5gz!%W]", cchWideChar=76, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 76 [0296.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[c4X5vkqJpZsQb.gif]omgp:[RYWP-iKp2KH№`w/MAdsiHq7b:~74y~_sHvY9P#r5gz!%W]", cchWideChar=76, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 76 [0296.578] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[c4X5vkqJpZsQb.gif]omgp:[RYWP-iKp2KH№`w/MAdsiHq7b:~74y~_sHvY9P#r5gz!%W]", cchWideChar=76, lpMultiByteStr=0x252c6b0, cbMultiByte=76, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[c4X5vkqJpZsQb.gif]omgp:[RYWP-iKp2KH?`w/MAdsiHq7b:~74y~_sHvY9P#r5gz!%W]YÇR\x02\x01", lpUsedDefaultChar=0x0) returned 76 [0296.586] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.586] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo=") returned 172 [0296.586] GetCurrentThreadId () returned 0x1130 [0296.586] GetCurrentThreadId () returned 0x1130 [0296.586] GetCurrentThreadId () returned 0x1130 [0296.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.586] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.587] SetLastError (dwErrCode=0x0) [0296.587] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320") returned 0x64 [0296.587] GetLastError () returned 0x0 [0296.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.587] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.587] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.587] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].wannacash ncov v310320")) returned 0x20 [0296.587] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1240].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.587] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.588] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.588] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x14631 [0296.588] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.588] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.588] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.588] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.588] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.588] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.588] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3") returned 197 [0296.588] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.588] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3") returned 197 [0296.588] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x14631 [0296.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.588] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:k7PFU7jNfnc4Sv93yzxrSnzlrEXtI72rgVdnxgwnqDkLClYAb6YmLkrXR9VpuENL/tEzFoX0i/WLQ2XdoUMfQ8ogIpY30h6uSXF+9kP7n+mF1PvnItg1JAupqDJgmpUnBvkCtTPzzVuz8k2z6LRUTCe4nJE7KpSiyN//+DtGjEo= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.588] WriteFile (in: hFile=0x404, lpBuffer=0x246cf98*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cf98*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.589] CloseHandle (hObject=0x404) returned 1 [0296.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=8) returned 1 [0296.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=4) returned 1 [0296.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=8) returned 1 [0296.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=4) returned 1 [0296.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=8) returned 1 [0296.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=4) returned 1 [0296.589] SetLastError (dwErrCode=0x0) [0296.589] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", lpFilePart=0x19fa34*="c4X5vkqJpZsQb.gif") returned 0x29 [0296.589] GetLastError () returned 0x0 [0296.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=8) returned 1 [0296.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=4) returned 1 [0296.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=8) returned 1 [0296.589] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif", cchCount2=4) returned 1 [0296.589] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.590] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\c4x5vkqjpzsqb.gif")) returned 0 [0296.590] GetLastError () returned 0x2 [0296.590] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\c4X5vkqJpZsQb.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\c4x5vkqjpzsqb.gif")) returned 0xffffffff [0296.590] SetLastError (dwErrCode=0x2) [0296.590] GetLastError () returned 0x2 [0296.590] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.590] LocalFree (hMem=0x92fe20) returned 0x0 [0296.590] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.590] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.590] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\e4si8fiarp6jkp.avi")) returned 0x20 [0296.591] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39149674605) returned 1 [0296.591] GetCurrentThreadId () returned 0x1130 [0296.591] GetCurrentThreadId () returned 0x1130 [0296.591] GetCurrentThreadId () returned 0x1130 [0296.591] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="<,G4dAZs,k5+1gb%O}#Y;B2j/z_a43sd&`;79Z\"*", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0296.591] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="<,G4dAZs,k5+1gb%O}#Y;B2j/z_a43sd&`;79Z\"*", cchWideChar=40, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0296.591] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="<,G4dAZs,k5+1gb%O}#Y;B2j/z_a43sd&`;79Z\"*", cchWideChar=40, lpMultiByteStr=0x2525040, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="<,G4dAZs,k5+1gb%O}#Y;B2j/z_a43sd&`;79Z\"*", lpUsedDefaultChar=0x0) returned 40 [0296.591] GetCurrentThreadId () returned 0x1130 [0296.591] GetCurrentThreadId () returned 0x1130 [0296.591] GetCurrentThreadId () returned 0x1130 [0296.591] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\e4si8fiarp6jkp.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.591] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.607] GetCurrentThreadId () returned 0x1130 [0296.607] GetCurrentThreadId () returned 0x1130 [0296.607] GetCurrentThreadId () returned 0x1130 [0296.607] GetCurrentThreadId () returned 0x1130 [0296.607] GetCurrentThreadId () returned 0x1130 [0296.607] GetCurrentThreadId () returned 0x1130 [0296.607] GetCurrentThreadId () returned 0x1130 [0296.607] GetCurrentThreadId () returned 0x1130 [0296.607] GetCurrentThreadId () returned 0x1130 [0296.607] GetCurrentThreadId () returned 0x1130 [0296.607] GetCurrentThreadId () returned 0x1130 [0296.608] GetCurrentThreadId () returned 0x1130 [0296.608] GetCurrentThreadId () returned 0x1130 [0296.608] malloc (_Size=0x64) returned 0x1d1338 [0296.608] GetCurrentThreadId () returned 0x1130 [0296.608] GetCurrentThreadId () returned 0x1130 [0296.608] GetCurrentThreadId () returned 0x1130 [0296.608] GetCurrentThreadId () returned 0x1130 [0296.608] GetCurrentThreadId () returned 0x1130 [0296.608] GetCurrentThreadId () returned 0x1130 [0296.608] free (_Block=0x1d1338) [0296.608] malloc (_Size=0x60) returned 0x1d1338 [0296.608] free (_Block=0x1d1338) [0296.608] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.608] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xebea [0296.608] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0xebea [0296.609] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.609] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0xebea, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0xebea, lpOverlapped=0x0) returned 1 [0296.610] malloc (_Size=0x8c) returned 0x1d1338 [0296.610] malloc (_Size=0xfc) returned 0x31d74c8 [0296.610] malloc (_Size=0x40) returned 0x1d14e8 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] malloc (_Size=0xa5c) returned 0x31e40b0 [0296.611] malloc (_Size=0x40) returned 0x1d7470 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.611] GetCurrentThreadId () returned 0x1130 [0296.612] malloc (_Size=0xc) returned 0x31e1ec8 [0296.612] malloc (_Size=0x720) returned 0x31d2860 [0296.612] malloc (_Size=0xe3c) returned 0x1d9aa8 [0296.612] free (_Block=0x31d2860) [0296.612] malloc (_Size=0x15ac) returned 0x1da8f0 [0296.612] free (_Block=0x1d9aa8) [0296.612] malloc (_Size=0x23e4) returned 0x1dbea8 [0296.612] free (_Block=0x1da8f0) [0296.612] malloc (_Size=0x3274) returned 0x3a60048 [0296.613] free (_Block=0x1dbea8) [0296.613] malloc (_Size=0x4820) returned 0x1d9aa8 [0296.613] free (_Block=0x3a60048) [0296.613] malloc (_Size=0x64e4) returned 0x3a60048 [0296.613] free (_Block=0x1d9aa8) [0296.613] malloc (_Size=0x8920) returned 0x3a66538 [0296.614] free (_Block=0x3a60048) [0296.614] malloc (_Size=0xbb90) returned 0x3a6ee60 [0296.614] free (_Block=0x3a66538) [0296.614] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0296.614] free (_Block=0x3a6ee60) [0296.615] malloc (_Size=0x1533c) returned 0x3a60048 [0296.615] free (_Block=0x3a7a9f8) [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] GetCurrentThreadId () returned 0x1130 [0296.615] free (_Block=0x31e40b0) [0296.616] free (_Block=0x1d14e8) [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] GetCurrentThreadId () returned 0x1130 [0296.616] free (_Block=0x3a60048) [0296.617] free (_Block=0x31e1ec8) [0296.617] free (_Block=0x1d7470) [0296.617] WriteFile (in: hFile=0x2b4, lpBuffer=0x39d4008*, nNumberOfBytesToWrite=0x13f97, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39d4008*, lpNumberOfBytesWritten=0x19fbbc*=0x13f97, lpOverlapped=0x0) returned 1 [0296.619] free (_Block=0x31d74c8) [0296.620] free (_Block=0x1d1338) [0296.620] CloseHandle (hObject=0x2b4) returned 1 [0296.620] CloseHandle (hObject=0x404) returned 1 [0296.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=8) returned 1 [0296.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=4) returned 1 [0296.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=8) returned 1 [0296.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=4) returned 1 [0296.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=8) returned 1 [0296.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=4) returned 1 [0296.620] SetLastError (dwErrCode=0x0) [0296.620] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", lpFilePart=0x19f9f8*="e4SI8Fiarp6jkp.avi") returned 0x2a [0296.620] GetLastError () returned 0x0 [0296.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=8) returned 1 [0296.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=4) returned 1 [0296.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=8) returned 1 [0296.620] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=4) returned 1 [0296.620] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.621] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\e4si8fiarp6jkp.avi")) returned 1 [0296.625] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0x253)) [0296.625] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.625] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.626] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.626] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.626] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.626] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.626] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.626] CloseHandle (hObject=0x404) returned 1 [0296.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[e4SI8Fiarp6jkp.avi]omgp:[<,G4dAZs,k5+1gb%O}#Y;B2j/z_a43sd&`;79Z\"*]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0296.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[e4SI8Fiarp6jkp.avi]omgp:[<,G4dAZs,k5+1gb%O}#Y;B2j/z_a43sd&`;79Z\"*]", cchWideChar=72, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 72 [0296.626] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[e4SI8Fiarp6jkp.avi]omgp:[<,G4dAZs,k5+1gb%O}#Y;B2j/z_a43sd&`;79Z\"*]", cchWideChar=72, lpMultiByteStr=0x252c6b0, cbMultiByte=72, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[e4SI8Fiarp6jkp.avi]omgp:[<,G4dAZs,k5+1gb%O}#Y;B2j/z_a43sd&`;79Z\"*]!%W]YÇR\x02\x01", lpUsedDefaultChar=0x0) returned 72 [0296.635] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.635] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik=") returned 172 [0296.635] GetCurrentThreadId () returned 0x1130 [0296.635] GetCurrentThreadId () returned 0x1130 [0296.635] GetCurrentThreadId () returned 0x1130 [0296.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.636] SetLastError (dwErrCode=0x0) [0296.636] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320") returned 0x64 [0296.636] GetLastError () returned 0x0 [0296.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.636] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.636] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.636] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].wannacash ncov v310320")) returned 0x20 [0296.636] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1241].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x13f97 [0296.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.637] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.637] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.637] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.637] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.637] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3") returned 197 [0296.637] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.637] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3") returned 197 [0296.637] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x13f97 [0296.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.638] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:mQ8CWoKjDltOhhgxnEEi/KOlp+mHBdvXFv2sWioBnaFOqM5xg/N+drDaU0cBfSqMLC5pU/1UJ12cFcAtgac0/OjkSo7y/oRZ2YD5s1U1wNEqDFwuyf5Pgo1sKkm9YMONpouh/tvF1+2FYKdPLkUBsCzATCkoG4sGJ8N62BoXDik= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.638] WriteFile (in: hFile=0x404, lpBuffer=0x246d078*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246d078*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.639] CloseHandle (hObject=0x404) returned 1 [0296.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=8) returned 1 [0296.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=4) returned 1 [0296.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=8) returned 1 [0296.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=4) returned 1 [0296.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=8) returned 1 [0296.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=4) returned 1 [0296.639] SetLastError (dwErrCode=0x0) [0296.639] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", lpFilePart=0x19fa34*="e4SI8Fiarp6jkp.avi") returned 0x2a [0296.639] GetLastError () returned 0x0 [0296.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=8) returned 1 [0296.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=4) returned 1 [0296.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=8) returned 1 [0296.639] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi", cchCount2=4) returned 1 [0296.640] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.640] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\e4si8fiarp6jkp.avi")) returned 0 [0296.640] GetLastError () returned 0x2 [0296.640] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\e4SI8Fiarp6jkp.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\e4si8fiarp6jkp.avi")) returned 0xffffffff [0296.640] SetLastError (dwErrCode=0x2) [0296.640] GetLastError () returned 0x2 [0296.640] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.640] LocalFree (hMem=0x92fe20) returned 0x0 [0296.640] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.640] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.641] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\g8g1y46ies9f0.bmp")) returned 0x20 [0296.641] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39154687238) returned 1 [0296.641] GetCurrentThreadId () returned 0x1130 [0296.641] GetCurrentThreadId () returned 0x1130 [0296.641] GetCurrentThreadId () returned 0x1130 [0296.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`F.qLo@J2R^KURzL`._VL}6ls;$4Lh<8f+ESfRI)#MwM~n8", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0296.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`F.qLo@J2R^KURzL`._VL}6ls;$4Lh<8f+ESfRI)#MwM~n8", cchWideChar=47, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0296.641] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="`F.qLo@J2R^KURzL`._VL}6ls;$4Lh<8f+ESfRI)#MwM~n8", cchWideChar=47, lpMultiByteStr=0x2533798, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="`F.qLo@J2R^KURzL`._VL}6ls;$4Lh<8f+ESfRI)#MwM~n8", lpUsedDefaultChar=0x0) returned 47 [0296.641] GetCurrentThreadId () returned 0x1130 [0296.641] GetCurrentThreadId () returned 0x1130 [0296.641] GetCurrentThreadId () returned 0x1130 [0296.641] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\g8g1y46ies9f0.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.641] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.642] GetCurrentThreadId () returned 0x1130 [0296.642] GetCurrentThreadId () returned 0x1130 [0296.642] GetCurrentThreadId () returned 0x1130 [0296.642] GetCurrentThreadId () returned 0x1130 [0296.642] GetCurrentThreadId () returned 0x1130 [0296.642] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] malloc (_Size=0x64) returned 0x1d1338 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] GetCurrentThreadId () returned 0x1130 [0296.643] free (_Block=0x1d1338) [0296.643] malloc (_Size=0x60) returned 0x1d1338 [0296.643] free (_Block=0x1d1338) [0296.643] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.644] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x14dcc [0296.644] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.644] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.644] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x14dcc [0296.644] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.644] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x14dcc, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x14dcc, lpOverlapped=0x0) returned 1 [0296.646] malloc (_Size=0x8c) returned 0x1d1338 [0296.646] malloc (_Size=0xfc) returned 0x31d79f0 [0296.646] malloc (_Size=0x40) returned 0x1d14e8 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] GetCurrentThreadId () returned 0x1130 [0296.646] malloc (_Size=0xa5c) returned 0x31e40b0 [0296.646] malloc (_Size=0x40) returned 0x1d7470 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] GetCurrentThreadId () returned 0x1130 [0296.647] malloc (_Size=0xc) returned 0x31e1ca0 [0296.647] malloc (_Size=0x720) returned 0x31d2860 [0296.647] malloc (_Size=0xe3c) returned 0x1d9aa8 [0296.648] free (_Block=0x31d2860) [0296.648] malloc (_Size=0x15ac) returned 0x1da8f0 [0296.648] free (_Block=0x1d9aa8) [0296.648] malloc (_Size=0x23e4) returned 0x1dbea8 [0296.648] free (_Block=0x1da8f0) [0296.648] malloc (_Size=0x3274) returned 0x3a60048 [0296.649] free (_Block=0x1dbea8) [0296.649] malloc (_Size=0x4820) returned 0x1d9aa8 [0296.649] free (_Block=0x3a60048) [0296.649] malloc (_Size=0x64e4) returned 0x3a60048 [0296.649] free (_Block=0x1d9aa8) [0296.649] malloc (_Size=0x8920) returned 0x3a66538 [0296.650] free (_Block=0x3a60048) [0296.650] malloc (_Size=0xbb90) returned 0x3a6ee60 [0296.650] free (_Block=0x3a66538) [0296.651] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0296.651] free (_Block=0x3a6ee60) [0296.651] malloc (_Size=0x1533c) returned 0x3a60048 [0296.652] free (_Block=0x3a7a9f8) [0296.652] malloc (_Size=0x1c704) returned 0x3a75390 [0296.652] free (_Block=0x3a60048) [0296.652] GetCurrentThreadId () returned 0x1130 [0296.652] GetCurrentThreadId () returned 0x1130 [0296.652] GetCurrentThreadId () returned 0x1130 [0296.652] GetCurrentThreadId () returned 0x1130 [0296.652] GetCurrentThreadId () returned 0x1130 [0296.652] GetCurrentThreadId () returned 0x1130 [0296.652] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] free (_Block=0x31e40b0) [0296.653] free (_Block=0x1d14e8) [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.653] GetCurrentThreadId () returned 0x1130 [0296.654] GetCurrentThreadId () returned 0x1130 [0296.654] GetCurrentThreadId () returned 0x1130 [0296.654] GetCurrentThreadId () returned 0x1130 [0296.654] GetCurrentThreadId () returned 0x1130 [0296.654] GetCurrentThreadId () returned 0x1130 [0296.654] GetCurrentThreadId () returned 0x1130 [0296.654] free (_Block=0x3a75390) [0296.654] free (_Block=0x31e1ca0) [0296.654] free (_Block=0x1d7470) [0296.655] WriteFile (in: hFile=0x2b4, lpBuffer=0x39e0408*, nNumberOfBytesToWrite=0x1c421, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39e0408*, lpNumberOfBytesWritten=0x19fbbc*=0x1c421, lpOverlapped=0x0) returned 1 [0296.659] free (_Block=0x31d79f0) [0296.659] free (_Block=0x1d1338) [0296.660] CloseHandle (hObject=0x2b4) returned 1 [0296.660] CloseHandle (hObject=0x404) returned 1 [0296.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=8) returned 1 [0296.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=4) returned 1 [0296.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=8) returned 1 [0296.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=4) returned 1 [0296.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=8) returned 1 [0296.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=4) returned 1 [0296.660] SetLastError (dwErrCode=0x0) [0296.660] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", lpFilePart=0x19f9f8*="G8g1y46IES9F0.bmp") returned 0x29 [0296.660] GetLastError () returned 0x0 [0296.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=8) returned 1 [0296.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=4) returned 1 [0296.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=8) returned 1 [0296.660] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=4) returned 1 [0296.660] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.661] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\g8g1y46ies9f0.bmp")) returned 1 [0296.665] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0x272)) [0296.665] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.665] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.666] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.666] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.666] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.666] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.666] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.666] CloseHandle (hObject=0x404) returned 1 [0296.666] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[G8g1y46IES9F0.bmp]omgp:[`F.qLo@J2R^KURzL`._VL}6ls;$4Lh<8f+ESfRI)#MwM~n8]", cchWideChar=78, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 78 [0296.666] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[G8g1y46IES9F0.bmp]omgp:[`F.qLo@J2R^KURzL`._VL}6ls;$4Lh<8f+ESfRI)#MwM~n8]", cchWideChar=78, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 78 [0296.666] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[G8g1y46IES9F0.bmp]omgp:[`F.qLo@J2R^KURzL`._VL}6ls;$4Lh<8f+ESfRI)#MwM~n8]", cchWideChar=78, lpMultiByteStr=0x251e1a8, cbMultiByte=78, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[G8g1y46IES9F0.bmp]omgp:[`F.qLo@J2R^KURzL`._VL}6ls;$4Lh<8f+ESfRI)#MwM~n8]3", lpUsedDefaultChar=0x0) returned 78 [0296.675] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.675] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24340c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk=") returned 172 [0296.675] GetCurrentThreadId () returned 0x1130 [0296.675] GetCurrentThreadId () returned 0x1130 [0296.675] GetCurrentThreadId () returned 0x1130 [0296.675] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.675] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.675] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.675] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.676] SetLastError (dwErrCode=0x0) [0296.676] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320") returned 0x64 [0296.676] GetLastError () returned 0x0 [0296.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.676] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.676] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.676] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].wannacash ncov v310320")) returned 0x20 [0296.676] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1242].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.676] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x1c421 [0296.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.677] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.677] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.677] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.677] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.677] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3") returned 197 [0296.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.677] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3") returned 197 [0296.677] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x1c421 [0296.677] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.677] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.678] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:Bcj3PeGufIyC/KA7bR84UN4cyZEChHt3c063NkdpWmoZ5KyRBCqW48TLTdAMMo1Q/VbMRVOml85JJA+l+0hnYdrpshxAZbIaDoBdeA6s7r36q4JZFJnKj5rXqRECc4mWoqNEkHIP1EhFPNr14vWh2PTJANDohIYeMbmiTxX50hk= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.678] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.678] CloseHandle (hObject=0x404) returned 1 [0296.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=8) returned 1 [0296.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=4) returned 1 [0296.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=8) returned 1 [0296.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=4) returned 1 [0296.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=8) returned 1 [0296.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=4) returned 1 [0296.678] SetLastError (dwErrCode=0x0) [0296.678] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", lpFilePart=0x19fa34*="G8g1y46IES9F0.bmp") returned 0x29 [0296.678] GetLastError () returned 0x0 [0296.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=8) returned 1 [0296.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=4) returned 1 [0296.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=8) returned 1 [0296.678] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp", cchCount2=4) returned 1 [0296.678] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.679] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\g8g1y46ies9f0.bmp")) returned 0 [0296.679] GetLastError () returned 0x2 [0296.679] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\G8g1y46IES9F0.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\g8g1y46ies9f0.bmp")) returned 0xffffffff [0296.679] SetLastError (dwErrCode=0x2) [0296.679] GetLastError () returned 0x2 [0296.679] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.679] LocalFree (hMem=0x92fe20) returned 0x0 [0296.679] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.679] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.679] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\ik-p48_9ob0 btsyt.gif")) returned 0x20 [0296.680] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39158583267) returned 1 [0296.680] GetCurrentThreadId () returned 0x1130 [0296.680] GetCurrentThreadId () returned 0x1130 [0296.680] GetCurrentThreadId () returned 0x1130 [0296.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="R|oJWRRqi4_oGI?Qhc;?%Sm`%V_!", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0296.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="R|oJWRRqi4_oGI?Qhc;?%Sm`%V_!", cchWideChar=28, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0296.680] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="R|oJWRRqi4_oGI?Qhc;?%Sm`%V_!", cchWideChar=28, lpMultiByteStr=0x2508420, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="R|oJWRRqi4_oGI?Qhc;?%Sm`%V_!\x10\x80P\x02¸\x88O", lpUsedDefaultChar=0x0) returned 28 [0296.680] GetCurrentThreadId () returned 0x1130 [0296.680] GetCurrentThreadId () returned 0x1130 [0296.680] GetCurrentThreadId () returned 0x1130 [0296.680] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\ik-p48_9ob0 btsyt.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.680] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] GetCurrentThreadId () returned 0x1130 [0296.681] malloc (_Size=0x64) returned 0x1d1338 [0296.682] GetCurrentThreadId () returned 0x1130 [0296.682] GetCurrentThreadId () returned 0x1130 [0296.682] GetCurrentThreadId () returned 0x1130 [0296.682] GetCurrentThreadId () returned 0x1130 [0296.682] GetCurrentThreadId () returned 0x1130 [0296.682] GetCurrentThreadId () returned 0x1130 [0296.682] free (_Block=0x1d1338) [0296.682] malloc (_Size=0x60) returned 0x1d1338 [0296.682] free (_Block=0x1d1338) [0296.682] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.682] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x9a64 [0296.682] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.682] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.682] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x9a64 [0296.682] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0296.683] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x9a64, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x9a64, lpOverlapped=0x0) returned 1 [0296.684] malloc (_Size=0x8c) returned 0x1d1338 [0296.684] malloc (_Size=0xfc) returned 0x31d71b0 [0296.684] malloc (_Size=0x40) returned 0x1d14e8 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] GetCurrentThreadId () returned 0x1130 [0296.684] malloc (_Size=0xa5c) returned 0x31e40b0 [0296.685] malloc (_Size=0x40) returned 0x1d7470 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] GetCurrentThreadId () returned 0x1130 [0296.685] malloc (_Size=0xc) returned 0x31e1e50 [0296.685] malloc (_Size=0x720) returned 0x31d2860 [0296.685] malloc (_Size=0xe3c) returned 0x1d9aa8 [0296.686] free (_Block=0x31d2860) [0296.686] malloc (_Size=0x15ac) returned 0x1da8f0 [0296.686] free (_Block=0x1d9aa8) [0296.686] malloc (_Size=0x23e4) returned 0x1dbea8 [0296.686] free (_Block=0x1da8f0) [0296.686] malloc (_Size=0x3274) returned 0x3a60048 [0296.690] free (_Block=0x1dbea8) [0296.690] malloc (_Size=0x4820) returned 0x1d9aa8 [0296.690] free (_Block=0x3a60048) [0296.690] malloc (_Size=0x64e4) returned 0x3a60048 [0296.690] free (_Block=0x1d9aa8) [0296.691] malloc (_Size=0x8920) returned 0x3a66538 [0296.691] free (_Block=0x3a60048) [0296.691] malloc (_Size=0xbb90) returned 0x3a6ee60 [0296.692] free (_Block=0x3a66538) [0296.692] malloc (_Size=0xfc90) returned 0x3a7a9f8 [0296.693] free (_Block=0x3a6ee60) [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] free (_Block=0x31e40b0) [0296.693] free (_Block=0x1d14e8) [0296.693] GetCurrentThreadId () returned 0x1130 [0296.693] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] GetCurrentThreadId () returned 0x1130 [0296.694] free (_Block=0x3a7a9f8) [0296.695] free (_Block=0x31e1e50) [0296.695] free (_Block=0x1d7470) [0296.695] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c9e08*, nNumberOfBytesToWrite=0xd138, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c9e08*, lpNumberOfBytesWritten=0x19fbbc*=0xd138, lpOverlapped=0x0) returned 1 [0296.697] free (_Block=0x31d71b0) [0296.697] free (_Block=0x1d1338) [0296.697] CloseHandle (hObject=0x2b4) returned 1 [0296.697] CloseHandle (hObject=0x404) returned 1 [0296.697] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=8) returned 1 [0296.697] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=4) returned 1 [0296.698] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=8) returned 1 [0296.698] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=4) returned 1 [0296.698] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=8) returned 1 [0296.698] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=4) returned 1 [0296.698] SetLastError (dwErrCode=0x0) [0296.698] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", lpFilePart=0x19f9f8*="IK-p48_9ob0 btSyt.gif") returned 0x2d [0296.698] GetLastError () returned 0x0 [0296.698] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=8) returned 1 [0296.698] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=4) returned 1 [0296.698] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=8) returned 1 [0296.698] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=4) returned 1 [0296.698] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.698] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\ik-p48_9ob0 btsyt.gif")) returned 1 [0296.700] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0x292)) [0296.700] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0296.700] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.700] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0296.700] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.700] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0296.700] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0296.722] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0296.722] CloseHandle (hObject=0x404) returned 1 [0296.722] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[IK-p48_9ob0 btSyt.gif]omgp:[R|oJWRRqi4_oGI?Qhc;?%Sm`%V_!]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0296.722] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[IK-p48_9ob0 btSyt.gif]omgp:[R|oJWRRqi4_oGI?Qhc;?%Sm`%V_!]", cchWideChar=63, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 63 [0296.722] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[IK-p48_9ob0 btSyt.gif]omgp:[R|oJWRRqi4_oGI?Qhc;?%Sm`%V_!]", cchWideChar=63, lpMultiByteStr=0x2541cd8, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[IK-p48_9ob0 btSyt.gif]omgp:[R|oJWRRqi4_oGI?Qhc;?%Sm`%V_!]", lpUsedDefaultChar=0x0) returned 63 [0296.732] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0296.732] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e5bc, cchWideChar=172 | out: lpWideCharStr="ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ=") returned 172 [0296.732] GetCurrentThreadId () returned 0x1130 [0296.734] GetCurrentThreadId () returned 0x1130 [0296.734] GetCurrentThreadId () returned 0x1130 [0296.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.734] SetLastError (dwErrCode=0x0) [0296.734] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320") returned 0x64 [0296.734] GetLastError () returned 0x0 [0296.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.734] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0296.735] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0296.735] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.735] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].wannacash ncov v310320")) returned 0x20 [0296.735] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1243].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.736] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0296.736] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.736] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0xd138 [0296.736] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0296.736] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0296.736] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.736] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.736] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.736] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.736] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.736] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.736] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.737] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x2455edc, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3") returned 197 [0296.737] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0296.737] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3") returned 197 [0296.737] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0xd138 [0296.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0296.737] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cdd8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:ZIb4r4CSZ7Vjfj+Tv/17llMsyZ7RbyslKbU/pTVw87LWtlx1G8hNtqK00tiIcGKkQ178Pj1CIw6BVWn5ZUxyDwKht2DuhyUmo0LH61PGTIZga/OIv4OHdLQMrg2LwdDxOpAykMHqkCEXm3SnNz6l0Nekdq9Ta3bu8JpNShG+8BQ= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0296.737] WriteFile (in: hFile=0x404, lpBuffer=0x246cdd8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246cdd8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0296.737] CloseHandle (hObject=0x404) returned 1 [0296.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=8) returned 1 [0296.737] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=4) returned 1 [0296.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=8) returned 1 [0296.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=4) returned 1 [0296.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=8) returned 1 [0296.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=4) returned 1 [0296.738] SetLastError (dwErrCode=0x0) [0296.738] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", lpFilePart=0x19fa34*="IK-p48_9ob0 btSyt.gif") returned 0x2d [0296.738] GetLastError () returned 0x0 [0296.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=8) returned 1 [0296.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=4) returned 1 [0296.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=8) returned 1 [0296.738] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif", cchCount2=4) returned 1 [0296.738] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 0x11 [0296.738] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\ik-p48_9ob0 btsyt.gif")) returned 0 [0296.738] GetLastError () returned 0x2 [0296.738] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\IK-p48_9ob0 btSyt.gif" (normalized: "c:\\users\\fd1hvy\\desktop\\ik-p48_9ob0 btsyt.gif")) returned 0xffffffff [0296.738] SetLastError (dwErrCode=0x2) [0296.738] GetLastError () returned 0x2 [0296.738] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0296.739] LocalFree (hMem=0x92fe20) returned 0x0 [0296.739] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0296.739] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0296.740] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\kbukw_pa9s_.png" (normalized: "c:\\users\\fd1hvy\\desktop\\kbukw_pa9s_.png")) returned 0x20 [0296.740] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39164598009) returned 1 [0296.740] GetCurrentThreadId () returned 0x1130 [0296.740] GetCurrentThreadId () returned 0x1130 [0296.740] GetCurrentThreadId () returned 0x1130 [0296.740] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Z--ii9^snDJwj`fg`b-.!W^", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0296.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K%iGX&^&!58P$`O3,n-D`(Mp_rt-s#Z\"O>W^", cchWideChar=36, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0296.997] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="K%iGX&^&!58P$`O3,n-D`(Mp_rt-s#Z\"O>W^", cchWideChar=36, lpMultiByteStr=0x250f7e8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="K%iGX&^&!58P$`O3,n-D`(Mp_rt-s#Z\"O>W^AøP\x02\x01", lpUsedDefaultChar=0x0) returned 36 [0296.998] GetCurrentThreadId () returned 0x1130 [0296.998] GetCurrentThreadId () returned 0x1130 [0296.998] GetCurrentThreadId () returned 0x1130 [0296.998] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\oqxmeu6dmv\\8exrr_coy pxl.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0296.998] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\oqxmeu6dmv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] malloc (_Size=0x64) returned 0x31d2e38 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] GetCurrentThreadId () returned 0x1130 [0296.999] free (_Block=0x31d2e38) [0297.000] malloc (_Size=0x60) returned 0x1d1338 [0297.000] free (_Block=0x1d1338) [0297.000] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0297.000] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x6db1 [0297.000] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0297.000] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0297.000] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x6db1 [0297.000] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbb4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbb4*=0) returned 0x0 [0297.000] ReadFile (in: hFile=0x404, lpBuffer=0x39b67a8, nNumberOfBytesToRead=0x6db1, lpNumberOfBytesRead=0x19fbc8, lpOverlapped=0x0 | out: lpBuffer=0x39b67a8*, lpNumberOfBytesRead=0x19fbc8*=0x6db1, lpOverlapped=0x0) returned 1 [0297.001] malloc (_Size=0x8c) returned 0x1d1338 [0297.001] malloc (_Size=0xfc) returned 0x31d7c00 [0297.001] malloc (_Size=0x40) returned 0x1d14e8 [0297.001] GetCurrentThreadId () returned 0x1130 [0297.001] GetCurrentThreadId () returned 0x1130 [0297.001] GetCurrentThreadId () returned 0x1130 [0297.001] GetCurrentThreadId () returned 0x1130 [0297.001] GetCurrentThreadId () returned 0x1130 [0297.001] GetCurrentThreadId () returned 0x1130 [0297.001] GetCurrentThreadId () returned 0x1130 [0297.001] GetCurrentThreadId () returned 0x1130 [0297.001] GetCurrentThreadId () returned 0x1130 [0297.001] GetCurrentThreadId () returned 0x1130 [0297.001] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] malloc (_Size=0xa5c) returned 0x31e40b0 [0297.002] malloc (_Size=0x40) returned 0x1d7470 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] GetCurrentThreadId () returned 0x1130 [0297.002] malloc (_Size=0xc) returned 0x31e1dc0 [0297.002] malloc (_Size=0x720) returned 0x1d9aa8 [0297.002] malloc (_Size=0xe3c) returned 0x1da1d0 [0297.002] free (_Block=0x1d9aa8) [0297.003] malloc (_Size=0x15ac) returned 0x1db018 [0297.003] free (_Block=0x1da1d0) [0297.003] malloc (_Size=0x23e4) returned 0x1dc5d0 [0297.003] free (_Block=0x1db018) [0297.003] malloc (_Size=0x3274) returned 0x3a60048 [0297.003] free (_Block=0x1dc5d0) [0297.003] malloc (_Size=0x4820) returned 0x1d9aa8 [0297.003] free (_Block=0x3a60048) [0297.003] malloc (_Size=0x64e4) returned 0x3a60048 [0297.003] free (_Block=0x1d9aa8) [0297.003] malloc (_Size=0x8920) returned 0x3a66538 [0297.004] free (_Block=0x3a60048) [0297.004] malloc (_Size=0xbb90) returned 0x3a6ee60 [0297.004] free (_Block=0x3a66538) [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] GetCurrentThreadId () returned 0x1130 [0297.004] free (_Block=0x31e40b0) [0297.004] free (_Block=0x1d14e8) [0297.004] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] GetCurrentThreadId () returned 0x1130 [0297.005] free (_Block=0x3a6ee60) [0297.006] free (_Block=0x31e1dc0) [0297.006] free (_Block=0x1d7470) [0297.006] WriteFile (in: hFile=0x2b4, lpBuffer=0x39c4408*, nNumberOfBytesToWrite=0x94b6, lpNumberOfBytesWritten=0x19fbbc, lpOverlapped=0x0 | out: lpBuffer=0x39c4408*, lpNumberOfBytesWritten=0x19fbbc*=0x94b6, lpOverlapped=0x0) returned 1 [0297.007] free (_Block=0x31d7c00) [0297.007] free (_Block=0x1d1338) [0297.007] CloseHandle (hObject=0x2b4) returned 1 [0297.008] CloseHandle (hObject=0x404) returned 1 [0297.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=8) returned 1 [0297.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=4) returned 1 [0297.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=8) returned 1 [0297.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=4) returned 1 [0297.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=8) returned 1 [0297.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=4) returned 1 [0297.008] SetLastError (dwErrCode=0x0) [0297.008] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", nBufferLength=0x104, lpBuffer=0x19f9fc, lpFilePart=0x19f9f8 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", lpFilePart=0x19f9f8*="8exrR_cOy PxL.swf") returned 0x34 [0297.008] GetLastError () returned 0x0 [0297.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=8) returned 1 [0297.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=4) returned 1 [0297.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=8) returned 1 [0297.008] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=4) returned 1 [0297.008] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv" (normalized: "c:\\users\\fd1hvy\\desktop\\oqxmeu6dmv")) returned 0x10 [0297.008] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\oqxmeu6dmv\\8exrr_coy pxl.swf")) returned 1 [0297.010] GetLocalTime (in: lpSystemTime=0x19fc90 | out: lpSystemTime=0x19fc90*(wYear=0x7e4, wMonth=0x4, wDayOfWeek=0x3, wDay=0x1, wHour=0x13, wMinute=0x2b, wSecond=0xc, wMilliseconds=0x3c8)) [0297.010] GetEnvironmentVariableW (in: lpName="TEMP", lpBuffer=0x19f48c, nSize=0x400 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0297.011] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\pb3" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\pb3"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0297.011] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebd4*=0) returned 0x0 [0297.011] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0297.011] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x8a [0297.011] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19ebcc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ebcc*=0) returned 0x0 [0297.011] ReadFile (in: hFile=0x404, lpBuffer=0x19ec2f, nNumberOfBytesToRead=0x8a, lpNumberOfBytesRead=0x19ebf8, lpOverlapped=0x0 | out: lpBuffer=0x19ec2f*, lpNumberOfBytesRead=0x19ebf8*=0x8a, lpOverlapped=0x0) returned 1 [0297.011] CloseHandle (hObject=0x404) returned 1 [0297.011] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8exrR_cOy PxL.swf]omgp:[K%iGX&^&!58P$`O3,n-D`(Mp_rt-s#Z\"O>W^]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0297.011] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8exrR_cOy PxL.swf]omgp:[K%iGX&^&!58P$`O3,n-D`(Mp_rt-s#Z\"O>W^]", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0297.011] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="omgf:[8exrR_cOy PxL.swf]omgp:[K%iGX&^&!58P$`O3,n-D`(Mp_rt-s#Z\"O>W^]", cchWideChar=67, lpMultiByteStr=0x2541d28, cbMultiByte=67, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omgf:[8exrR_cOy PxL.swf]omgp:[K%iGX&^&!58P$`O3,n-D`(Mp_rt-s#Z\"O>W^]", lpUsedDefaultChar=0x0) returned 67 [0297.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 172 [0297.112] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x0, lpMultiByteStr=0x24346c8, cbMultiByte=172, lpWideCharStr=0x248e2bc, cchWideChar=172 | out: lpWideCharStr="NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU=") returned 172 [0297.112] GetCurrentThreadId () returned 0x1130 [0297.112] GetCurrentThreadId () returned 0x1130 [0297.112] GetCurrentThreadId () returned 0x1130 [0297.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0297.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0297.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0297.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0297.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0297.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0297.112] SetLastError (dwErrCode=0x0) [0297.112] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", nBufferLength=0x104, lpBuffer=0x19f9f0, lpFilePart=0x19f9ec | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", lpFilePart=0x19f9ec*="Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320") returned 0x6f [0297.112] GetLastError () returned 0x0 [0297.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0297.112] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0297.113] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", cchCount2=8) returned 1 [0297.113] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320", cchCount2=4) returned 1 [0297.113] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv" (normalized: "c:\\users\\fd1hvy\\desktop\\oqxmeu6dmv")) returned 0x10 [0297.113] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\oqxmeu6dmv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].wannacash ncov v310320")) returned 0x20 [0297.113] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].WANNACASH NCOV v310320" (normalized: "c:\\users\\fd1hvy\\desktop\\oqxmeu6dmv\\Файл зашифрован. Пиши. Почта clubnika@elude.in [1248].wannacash ncov v310320"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0297.113] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbec*=0) returned 0x0 [0297.113] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0297.113] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x94b6 [0297.113] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fbd4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19fbd4*=0) returned 0x0 [0297.113] ReadFile (in: hFile=0x404, lpBuffer=0x24f8938, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x19fbc0, lpOverlapped=0x0 | out: lpBuffer=0x24f8938*, lpNumberOfBytesRead=0x19fbc0*=0x4, lpOverlapped=0x0) returned 1 [0297.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0297.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0297.113] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0297.113] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0297.113] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0297.114] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246d078, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0297.114] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0297.114] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246cf98, cbMultiByte=197, lpWideCharStr=0x245607c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3") returned 197 [0297.114] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 197 [0297.114] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x8, lpMultiByteStr=0x246d078, cbMultiByte=197, lpWideCharStr=0x245621c, cchWideChar=197 | out: lpWideCharStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3") returned 197 [0297.114] SetFilePointer (in: hFile=0x404, lDistanceToMove=0, lpDistanceToMoveHigh=0x19fc1c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x19fc1c*=0) returned 0x94b6 [0297.114] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0297.114] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", cchWideChar=197, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 197 [0297.114] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", cchWideChar=197, lpMultiByteStr=0x246ceb8, cbMultiByte=197, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="4/8/2020 RSA1024:NFNOcL8RWH6hfFxw+hVxR/Kv7IAwjAaqjRaUIi78i2520MfrgN/vBLleakS/G7SRlE8scPgmSq+ZTG6wsZOvGUrJ3/4n781zNcNjXI3QKE7NzC2rYr+xdnbRmeSnf+wg05AoFXtF6O2/BAgWMBGAM6W+oK4siRhDFhq3x1vsZEU= key:pb3", lpUsedDefaultChar=0x0) returned 197 [0297.114] WriteFile (in: hFile=0x404, lpBuffer=0x246ceb8*, nNumberOfBytesToWrite=0xc5, lpNumberOfBytesWritten=0x19fc04, lpOverlapped=0x0 | out: lpBuffer=0x246ceb8*, lpNumberOfBytesWritten=0x19fc04*=0xc5, lpOverlapped=0x0) returned 1 [0297.114] CloseHandle (hObject=0x404) returned 1 [0297.114] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=8) returned 1 [0297.114] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=4) returned 1 [0297.114] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=8) returned 1 [0297.114] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=4) returned 1 [0297.114] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=8) returned 1 [0297.114] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=4) returned 1 [0297.114] SetLastError (dwErrCode=0x0) [0297.114] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", nBufferLength=0x104, lpBuffer=0x19fa38, lpFilePart=0x19fa34 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", lpFilePart=0x19fa34*="8exrR_cOy PxL.swf") returned 0x34 [0297.114] GetLastError () returned 0x0 [0297.115] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=8) returned 1 [0297.115] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=4) returned 1 [0297.115] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\UNC\\", cchCount1=8, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=8) returned 1 [0297.115] CompareStringW (Locale=0x409, dwCmpFlags=0x0, lpString1="\\\\?\\", cchCount1=4, lpString2="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf", cchCount2=4) returned 1 [0297.115] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv" (normalized: "c:\\users\\fd1hvy\\desktop\\oqxmeu6dmv")) returned 0x10 [0297.115] DeleteFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\oqxmeu6dmv\\8exrr_coy pxl.swf")) returned 0 [0297.115] GetLastError () returned 0x2 [0297.115] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\8exrR_cOy PxL.swf" (normalized: "c:\\users\\fd1hvy\\desktop\\oqxmeu6dmv\\8exrr_coy pxl.swf")) returned 0xffffffff [0297.115] SetLastError (dwErrCode=0x2) [0297.115] GetLastError () returned 0x2 [0297.115] FormatMessageW (in: dwFlags=0x3300, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x19fc90, nSize=0x0, Arguments=0x0 | out: lpBuffer="︠\x92ﲰ\x19充Oﲸ\x19兯Oﲰ\x19H") returned 0x2c [0297.115] LocalFree (hMem=0x92fe20) returned 0x0 [0297.115] RaiseException (dwExceptionCode=0xeedfade, dwExceptionFlags=0x1, nNumberOfArguments=0x7, lpArguments=0x19fc80) [0297.116] RtlUnwind (TargetFrame=0x19fcb8, TargetIp=0x4099d0, ExceptionRecord=0x19f0a0, ReturnValue=0x0) [0297.116] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oQXMeu6DMv\\ej5tQxxAJw0z8GQzwvsO.doc" (normalized: "c:\\users\\fd1hvy\\desktop\\oqxmeu6dmv\\ej5tqxxajw0z8gqzwvso.doc")) returned 0x20 [0297.116] QueryPerformanceCounter (in: lpPerformanceCount=0x19fc90 | out: lpPerformanceCount=0x19fc90*=39202206668) returned 1 [0297.116] GetCurrentThreadId () returned 0x1130 [0297.116] GetCurrentThreadId () returned 0x1130 [0297.116] GetCurrentThreadId () returned 0x1130 [0297.116] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="Be#t2№)W8_W-l%-jLl!tFJlsoM$G\\Dc.№DF\"